unbroker finds where a consenting person's info is exposed across data
brokers and people-search sites and files the removals, running as far as
each site allows and handing only genuinely human-only steps (hard CAPTCHA,
gov-ID, phone, fax) back as an end-of-run digest.
- Deterministic stdlib CLI (scripts/pdd.py) owns config, dossiers+consent,
the broker DB, tier planning, the ledger, email, and the autonomous
action queue; the agent scans/submits with native tools (web_extract,
browser_*, delegate_task, cronjob, terminal).
- Verify-before-disclose, least-disclosure (never volunteers SSN), consent
gate, opaque ids, optional age-at-rest encryption, file-locked ledger.
- Jurisdiction-aware (CCPA/CPRA, GDPR, generic); CA DROP one-shot covers
the state registry (~545) in a single request; BADBOOL + curated
people-search coverage; scheduled re-scan for re-listing.
- No CAPTCHA-solving services or anti-bot bypass; browser email mode needs
no stored password.
- 85 hermetic tests (tests/skills/test_unbroker_skill.py; SMTP/IMAP via
injected fakes, registry via CSV fixtures). Ships placeholder data only.
Broker dataset adapted from BADBOOL (Yael Grauer, CC BY-NC-SA 4.0).