← All examples
CustomerDataRequest
examples/CustomerDataRequest.intent
CustomerDataRequest.intent
1mission CustomerDataRequest2use product34title "Handle a data-subject access request (DSAR) under GDPR / CCPA"5for PrivacyOfficer67goal8 Verify the requester, gather only the data they are entitled to, and respond in time.910guarantee a request is fulfilled or refused within the statutory window11 because a missed DSAR deadline is a reportable compliance failure12 verify sla-timer test1314never disclose one customer's data to another person15 verify identity-verification test1617# Governed data elements: each names why it is held, how long, and on what lawful basis,18# so the compiler can enforce purpose limitation (see the IL-DATA-* diagnostics).19data customer.email20 classification pii21 purpose "contact the requester and confirm their identity"22 retention until account closure plus 30 days23 basis contract2425data customer.ssn26 classification sensitive27 purpose "verify identity for a data-subject access request"28 retention 30 days29 basis legal_obligation3031data customer.orderHistory32 classification confidential33 purpose "include the customer's own records in the response"34 retention 7 years35 basis legal_obligation3637# Whether the request can be fulfilled as filed. Run it:38# intent run CustomerDataRequest.intent39# --inputs '{"identityVerified":true,"withinWindow":true,"requestType":"access"}'40decision CanFulfil41 inputs42 identityVerified43 withinWindow44 requestType45 rule unverified46 when identityVerified == false47 return RefuseUnverified48 rule expired49 when withinWindow == false50 return RefuseOutOfWindow51 rule erasure52 when requestType == "erasure"53 return QueueErasure54 default55 return Fulfil5657# The life of a request. Walk it: intent simulate CustomerDataRequest.intent58# --events verify,gather,respond59lifecycle RequestLifecycle60 state Received61 state Verified62 state Gathering63 state Responded64 state Refused65 transition verify66 from Received67 to Verified68 transition refuse69 from Received70 to Refused71 transition gather72 from Verified73 to Gathering74 transition respond75 from Gathering76 to Responded77 terminal Responded, Refused7879# The spec proves itself: intent test CustomerDataRequest.intent80test CanFulfil81 case verified in window is fulfilled82 given identityVerified true, withinWindow true, requestType "access"83 expect Fulfil84 case unverified is refused85 given identityVerified false, withinWindow true, requestType "access"86 expect RefuseUnverified87 case out of window is refused88 given identityVerified true, withinWindow false, requestType "access"89 expect RefuseOutOfWindow90 case erasure is queued91 given identityVerified true, withinWindow true, requestType "erasure"92 expect QueueErasure9394test RequestLifecycle95 scenario verified and answered96 events verify, gather, respond97 expect Responded98 valid99 scenario refused up front100 events refuse101 expect Refused102 valid103 scenario cannot gather before verifying104 events gather105 invalidDraft syntax. This file is illustrative and does not run yet.