---
date: 2026-01-04T18:40:30-03:00
git_commit: N/A (not a git repository)
branch: N/A
repository: normogen
topic: "Normogen MVP Definition - Auth + Basic Health Tracking"
tags: [research, mvp, planning, requirements, open-questions]
status: complete
---

# Research: Normogen MVP Definition

## Research Question
Define the MVP (Minimum Viable Product) scope for Normogen based on stakeholder decision: basic health tracking + authentication.

## Summary

**MVP Scope:** Authentication system + Basic health tracking features

**Critical Decisions Made:**
- MVP will include user authentication and basic health tracking
- All other technical choices remain as open research questions

---

## MVP Requirements

### 1. Authentication System

#### Core Features
- User registration and login
- Secure password storage (hashing + salting)
- Session management
- Password reset flow
- Basic API authentication (JWT tokens)

#### User Model
```
User
- id: UUID
- email: string (unique)
- password_hash: string
- created_at: timestamp
- updated_at: timestamp
```

#### Security Requirements
- HTTPS only for production
- Password requirements enforcement
- Rate limiting on auth endpoints
- Secure session management

---

### 2. Basic Health Tracking

#### Core Health Metrics
Based on introduction.md and mobile health framework research (see `2026-01-05-mobile-health-frameworks-data.md`):

**Phase 1 - Manual Entry (MVP):**
**Tracked Metrics:**
- Weight (with timestamp)
- Height (with timestamp)
- Age (calculated from birthdate)

**Phase 2 - Mobile Integration (Post-MVP):**
Additional metrics available from Apple HealthKit and Google Health Connect:
- **Vitals:** Heart rate, blood pressure, body temperature, respiratory rate, SpO2
- **Activity:** Steps, distance, active energy/calories
- **Sleep:** Sleep duration and basic stages
- **Body Composition:** Body fat percentage, BMI

See research document for complete list of 50+ available data types.

**Data Model (MVP - Phase 1):**
```
Person
- id: UUID
- user_id: UUID (foreign key to User)
- name: string
- birthdate: date
- created_at: timestamp

HealthMetric
- id: UUID
- person_id: UUID (foreign key to Person)
- metric_type: enum (weight, height)
- value: decimal
- unit: string (kg, cm, etc.)
- recorded_at: timestamp
- created_at: timestamp
```

**Data Model (Phase 2 - Mobile Integration):**
```
-- Additional columns for mobile health framework integration
HealthMetric
- metric_source: enum (manual, healthkit, healthconnect, device)
- source_device_id: string (e.g., "com.apple.health.Health")
- accuracy: decimal (sensor accuracy 0.0-1.0)
- metadata: JSONB (platform-specific data)

-- New tables for sync tracking
health_metric_sources (platform, device_name, sync timestamps)
sync_history (import records, conflicts, errors)
```

#### Features (Phase 1 - MVP)
- Manual entry of weight and height
- View health metric history
- Basic chart/visualization of metrics over time
- Multiple person profiles (e.g., tracking children's data)

#### Features (Phase 2 - Mobile Integration)
- Automatic sync from Apple HealthKit (iOS)
- Automatic sync from Google Health Connect (Android)
- Background sync every 15-30 minutes
- Historical data import (last 30 days)
- Support for 50+ health data types
- Conflict resolution when same metric from multiple sources

---

## Out of Scope for MVP

Features from introduction.md that are **NOT** in MVP:

### Not Included (Future Phases)
- Lab results storage
- Medication tracking and reminders
- Medical appointments
- Period tracking
- Pregnancy tracking
- Dental information
- Illness records
- Phone app features (pill reminders, QR scanner, sensors)
- Plugin system
- Data sharing with external users
- Advanced encryption for partial access
- Mobile apps (MVP will be web-only)

---

## Technical Architecture for MVP

### Backend (Rust)
**Still needs research:**
- Web framework choice (Actix, Axum, Rocket)
- Database selection (PostgreSQL, MongoDB, SQLite)
- ORM/database library choice
- Authentication library selection

### Frontend (Node.js Web)
**Still needs research:**
- Frontend framework (React, Vue, Svelte, plain JS)
- UI component library
- State management approach
- Build tool choice

### Database Schema (MVP)
```sql
-- Users table
CREATE TABLE users (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    email VARCHAR(255) UNIQUE NOT NULL,
    password_hash VARCHAR(255) NOT NULL,
    created_at TIMESTAMP DEFAULT NOW(),
    updated_at TIMESTAMP DEFAULT NOW()
);

-- Persons table (for multi-person tracking)
CREATE TABLE persons (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
    name VARCHAR(255) NOT NULL,
    birthdate DATE,
    created_at TIMESTAMP DEFAULT NOW()
);

-- Health metrics table
CREATE TABLE health_metrics (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    person_id UUID NOT NULL REFERENCES persons(id) ON DELETE CASCADE,
    metric_type VARCHAR(50) NOT NULL, -- 'weight', 'height'
    value DECIMAL(10, 2) NOT NULL,
    unit VARCHAR(20) NOT NULL, -- 'kg', 'cm', 'lbs', 'in'
    recorded_at TIMESTAMP NOT NULL,
    created_at TIMESTAMP DEFAULT NOW()
);

-- Indexes for performance
CREATE INDEX idx_health_metrics_person ON health_metrics(person_id);
CREATE INDEX idx_health_metrics_type ON health_metrics(metric_type);
CREATE INDEX idx_health_metrics_recorded ON health_metrics(recorded_at DESC);
```

---

## API Endpoints (MVP)

### Authentication
```
POST   /api/auth/register       - Register new user
POST   /api/auth/login          - Login user
POST   /api/auth/logout         - Logout user
POST   /api/auth/refresh        - Refresh JWT token
POST   /api/auth/forgot-password - Initiate password reset
POST   /api/auth/reset-password  - Complete password reset
```

### Persons
```
GET    /api/persons             - List all persons for current user
POST   /api/persons             - Create new person profile
GET    /api/persons/:id         - Get person details
PUT    /api/persons/:id         - Update person details
DELETE /api/persons/:id         - Delete person profile
```

### Health Metrics
```
GET    /api/persons/:id/metrics           - Get all metrics for a person
POST   /api/persons/:id/metrics           - Add new metric
GET    /api/persons/:id/metrics/:type     - Get metrics by type (weight/height)
DELETE /api/persons/:id/metrics/:metricId - Delete a metric entry
```

---

## User Stories (MVP)

### Authentication
1. As a new user, I can register with email and password
2. As a registered user, I can login with my credentials
3. As a logged-in user, I can logout securely
4. As a user who forgot their password, I can reset it via email

### Health Tracking
5. As a user, I can create profiles for myself and family members
6. As a user, I can record weight for any person in my account
7. As a user, I can record height for any person in my account
8. As a user, I can view a history of weight/height changes over time
9. As a user, I can see a simple chart showing weight trends

---

## MVP Success Criteria

### Functional Requirements
- [ ] User can register and login
- [ ] User can create multiple person profiles
- [ ] User can add weight and height measurements
- [ ] User can view historical data in a list
- [ ] User can see basic trend visualization
- [ ] Data persists across sessions
- [ ] User can delete their own data

### Non-Functional Requirements
- [ ] All passwords are hashed (never stored plaintext)
- [ ] API is secured with authentication on all endpoints
- [ ] Responsive web interface works on mobile browsers
- [ ] Application can handle 1000+ users
- [ ] Database queries complete in <100ms
- [ ] API response time <200ms for 95% of requests

### Security Requirements
- [ ] HTTPS in production
- [ ] SQL injection prevention
- [ ] XSS protection
- [ ] CSRF protection
- [ ] Input validation on all endpoints
- [ ] Rate limiting on auth endpoints

---

## Open Questions Requiring Further Research

### Priority 1 (Blocking for MVP)
1. **Rust Web Framework**
   - Options: Actix, Axum, Rocket
   - Criteria: Performance, ecosystem, learning curve, async support
   - Research needed: Benchmark comparison, community adoption

2. **Database Selection**
   - Options: PostgreSQL, MongoDB, SQLite
   - Criteria: Query complexity, scaling needs, deployment simplicity
   - Research needed: Data modeling comparison, hosting costs

3. **Authentication Library**
   - Options: Custom JWT implementation, existing auth crates
   - Criteria: Security audit history, maintenance status
   - Research needed: Available crate reviews

4. **Frontend Framework**
   - Options: React, Vue, Svelte, plain JavaScript
   - Criteria: Bundle size, learning curve, ecosystem
   - Research needed: Performance comparison for simple apps

### Priority 2 (Important but Not Blocking)
5. **ORM vs Raw SQL**
   - Options: Diesel, SeaORM, sqlx, raw SQL
   - Research needed: Type safety vs flexibility tradeoff

6. **Testing Framework**
   - Unit tests, integration tests, E2E tests
   - Research needed: Best practices for Rust + web testing

7. **Deployment Strategy**
   - Docker setup, hosting provider (AWS, DigitalOcean, Railway?)
   - Research needed: Cost comparison, ease of deployment

8. **UI Component Library**
   - Material UI, Tailwind, Chakra UI, custom CSS
   - Research needed: Speed of development for MVP

### Priority 3 (Nice to Have)
9. **Monitoring & Logging**
   - Application performance monitoring
   - Error tracking (Sentry, etc.)

10. **CI/CD Pipeline**
    - GitHub Actions, GitLab CI, etc.
    - Automated testing, deployment automation

---

## Next Steps

1. **Research Priority 1 questions** (Rust framework, database, auth library, frontend)
2. **Initialize Git repository**
3. **Create project structure** with chosen tech stack
4. **Implement authentication system** (register, login, JWT)
5. **Design and implement database schema** for users, persons, health metrics
6. **Build basic CRUD API** for persons and metrics
7. **Create simple web frontend** for auth and health tracking
8. **Add basic chart visualization** for trends
9. **Test end-to-end user flows**
10. **Deploy MVP**

---

## File References

**Design Document:**
- `/home/asoliver/desarrollo/normogen/introduction.md:1-82` - Complete project vision

**Research Document:**
- `/home/asoliver/desarrollo/normogen/thoughts/research/2026-01-04-1739-normogen-codebase-documentation.md` - Initial codebase assessment

**This Document:**
- `/home/asoliver/desarrollo/normogen/thoughts/research/2026-01-04-1840-normogen-mvp-definition.md`

---

## Notes

- MVP is intentionally simple to validate core concepts
- Future phases will add features from introduction.md
- Plugin system and advanced encryption deferred to post-MVP
- Mobile apps deferred to post-MVP (web-only for now)
- Focus on getting working code into users' hands quickly