# Technology Stack Decisions **Last Updated**: 2026-02-14 --- ## Decisions Made ### 1. Rust Web Framework: Axum **Decision**: Axum 0.7.x **Rationale**: - Superior I/O performance for encrypted data transfer - Better streaming support for large encrypted responses - Lower memory usage for concurrent connections - Tower middleware ecosystem - Excellent async patterns for lazy loading **Reference**: [2026-02-14-performance-findings.md](./2026-02-14-performance-findings.md) --- ### 2. Mobile Framework: React Native **Decision**: React Native 0.73+ for iOS + Android **Platform Strategy**: - **Primary**: Mobile apps (iOS + Android) - Daily health tracking, sensor integration - **Secondary**: Web browser - Extensive reporting, visualization, profile management **Rationale**: - **70-80% code sharing** between mobile and web (single language: TypeScript) - **Health sensor integration**: react-native-health (HealthKit), react-native-google-fit (Health Connect) - **QR code scanning**: react-native-camera - **Encryption**: react-native-quick-crypto (AES-256-GCM, PBKDF2) - **Web charts**: Recharts for React (beautiful visualizations) - **Team skills**: Single language (JavaScript/TypeScript) reduces development cost - **Time to market**: Faster than native or Flutter **Reference**: [2026-02-14-frontend-mobile-research.md](./2026-02-14-frontend-mobile-research.md) --- ### 3. Web Framework: React **Decision**: React 18+ for web companion app **Rationale**: - **70-80% code sharing** with React Native (business logic, state, API, encryption) - **Charts**: Recharts for beautiful health data visualizations - **Ecosystem**: Largest npm ecosystem - **Team skills**: Single language (TypeScript) --- ### 4. State Management: Redux Toolkit **Decision**: Redux Toolkit 2.x for React Native + React **Score**: 9.2/10 **Rationale**: - **Best for complex state**: Family structure, multi-person profiles, permissions - **Built-in normalization**: createEntityAdapter for efficient data management - **Best for offline sync**: RTK Query for server state, optimistic updates, background sync - **Largest ecosystem**: Most resources, tutorials, examples, production deployments - **Best developer experience**: Time-travel debugging, predictable state updates - **TypeScript**: Excellent support, full type safety - **Code sharing**: 100% between React Native and React **Trade-offs**: - More boilerplate: More code, but clearer structure - Steeper learning curve: More concepts, but better patterns - Larger bundle: 60KB vs 3KB (negligible impact on 50-100MB app) **Reference**: [2026-02-14-state-management-research.md](./2026-02-14-state-management-research.md) --- ### 5. Authentication: JWT with Refresh Tokens **Decision**: JWT (JSON Web Tokens) with Refresh Tokens + Recovery Phrases **Score**: 9.5/10 **Rationale**: - **Stateless design**: Scales to 1000+ concurrent connections (no session storage) - **Mobile-friendly**: Works perfectly with React Native (AsyncStorage) - **Zero-knowledge compatible**: Integrates with recovery phrases from encryption.md - **Token revocation**: Refresh token blacklist (MongoDB) + token versioning - **Token rotation**: Prevents reuse of stolen refresh tokens - **Family access control**: Permissions in JWT claims (parent, child, elderly) - **Security best practices**: Short-lived access tokens (15 min), long-lived refresh tokens (30 days) **Trade-offs**: - Revocation requires storage (MongoDB for refresh tokens, optional Redis for access tokens) - More complex than sessions (but better for scaling) **Reference**: [2026-02-14-jwt-authentication-research.md](./2026-02-14-jwt-authentication-research.md) --- ## Technology Stack Summary ### Backend - **Framework**: Axum 0.7.x - **Runtime**: Tokio 1.x - **Middleware**: Tower, Tower-HTTP - **Authentication**: JWT with refresh tokens - **Database**: MongoDB (with zero-knowledge encryption) - **Language**: Rust ### Mobile (iOS + Android) - **Framework**: React Native 0.73+ - **Language**: TypeScript - **State Management**: Redux Toolkit 2.x - **Data Fetching**: RTK Query 2.x - **Authentication**: JWT with AsyncStorage - **Navigation**: React Navigation - **Health Sensors**: - react-native-health (iOS HealthKit) - react-native-google-fit (Android Health Connect) - **QR Scanning**: react-native-camera - **Encryption**: react-native-quick-crypto - **Persistence**: Redux Persist 6.x (AsyncStorage) - **HTTP**: Axios ### Web - **Framework**: React 18+ - **Language**: TypeScript - **State Management**: Redux Toolkit 2.x - **Data Fetching**: RTK Query 2.x - **Authentication**: JWT with localStorage (or httpOnly cookies) - **Routing**: React Router - **Charts**: Recharts - **Persistence**: Redux Persist 6.x (localStorage) - **HTTP**: Axios ### Shared (Monorepo) - **Language**: TypeScript - **State Management**: Redux Toolkit 2.x - **Reducers**: Shared reducers (user, family, encryption) - **Selectors**: Shared selectors (Reselect 5.x) - **API**: Axios - **Encryption**: AES-256-GCM, PBKDF2 - **Validation**: Zod - **Date**: date-fns - **Utilities**: Shared package --- ## Still To Be Decided ### 1. Database Schema (Priority: High) **Collections to Design**: - Users (authentication, profiles) - Families (family structure) - Health Data (encrypted health records) - Lab Results (encrypted lab data) - Medications (encrypted medication data) - Appointments (encrypted appointment data) - Shared Links (time-limited access tokens) - Refresh Tokens (JWT refresh token storage) --- ### 2. API Architecture (Priority: Medium) **Options**: - REST (current plan) - GraphQL (alternative) - gRPC (for microservices) --- ## Recommended Order 1. Rust Framework: Axum (COMPLETED) 2. Mobile/Web Framework: React Native + React (COMPLETED) 3. State Management: Redux Toolkit 2.x (COMPLETED) 4. Authentication: JWT with refresh tokens (COMPLETED) 5. Database Schema: Design MongoDB collections (NEXT) 6. Create POC: Health sensor integration test 7. Implement Core Features: Authentication, encryption, CRUD --- ## Next Research Priority **Research Question**: What should the MongoDB schema look like for Normogen's encrypted health data platform? **Considerations**: - Zero-knowledge encryption (all sensitive data encrypted) - Family structure (parents, children, elderly) - Health data types (lab results, medications, appointments) - Refresh tokens (JWT storage) - Shared links (time-limited access) - Permissions (family member access control) **Estimated Research Time**: 3-4 hours