normogen/thoughts/research/2026-02-14-tech-stack-decision.md

# Technology Stack Decisions

**Last Updated**: 2026-02-14

---

## Decisions Made

### 1. Rust Web Framework: Axum
**Decision**: Axum 0.7.x

**Rationale**:
- Superior I/O performance for encrypted data transfer
- Better streaming support for large encrypted responses
- Lower memory usage for concurrent connections
- Tower middleware ecosystem
- Excellent async patterns for lazy loading

**Reference**: [2026-02-14-performance-findings.md](./2026-02-14-performance-findings.md)

---

### 2. Mobile Framework: React Native
**Decision**: React Native 0.73+ for iOS + Android

**Platform Strategy**:
- **Primary**: Mobile apps (iOS + Android) - Daily health tracking, sensor integration
- **Secondary**: Web browser - Extensive reporting, visualization, profile management

**Rationale**:
- **70-80% code sharing** between mobile and web (single language: TypeScript)
- **Health sensor integration**: react-native-health (HealthKit), react-native-google-fit (Health Connect)
- **QR code scanning**: react-native-camera
- **Encryption**: react-native-quick-crypto (AES-256-GCM, PBKDF2)
- **Web charts**: Recharts for React (beautiful visualizations)
- **Team skills**: Single language (JavaScript/TypeScript) reduces development cost
- **Time to market**: Faster than native or Flutter

**Reference**: [2026-02-14-frontend-mobile-research.md](./2026-02-14-frontend-mobile-research.md)

---

### 3. Web Framework: React
**Decision**: React 18+ for web companion app

**Rationale**:
- **70-80% code sharing** with React Native (business logic, state, API, encryption)
- **Charts**: Recharts for beautiful health data visualizations
- **Ecosystem**: Largest npm ecosystem
- **Team skills**: Single language (TypeScript)

---

### 4. State Management: Redux Toolkit
**Decision**: Redux Toolkit 2.x for React Native + React

**Score**: 9.2/10

**Rationale**:
- **Best for complex state**: Family structure, multi-person profiles, permissions
- **Built-in normalization**: createEntityAdapter for efficient data management
- **Best for offline sync**: RTK Query for server state, optimistic updates, background sync
- **Largest ecosystem**: Most resources, tutorials, examples, production deployments
- **Best developer experience**: Time-travel debugging, predictable state updates
- **TypeScript**: Excellent support, full type safety
- **Code sharing**: 100% between React Native and React

**Trade-offs**:
- More boilerplate: More code, but clearer structure
- Steeper learning curve: More concepts, but better patterns
- Larger bundle: 60KB vs 3KB (negligible impact on 50-100MB app)

**Reference**: [2026-02-14-state-management-research.md](./2026-02-14-state-management-research.md)

---

## Technology Stack Summary

### Backend
- **Framework**: Axum 0.7.x
- **Runtime**: Tokio 1.x
- **Middleware**: Tower, Tower-HTTP
- **Database**: MongoDB (with zero-knowledge encryption)
- **Language**: Rust

### Mobile (iOS + Android)
- **Framework**: React Native 0.73+
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Data Fetching**: RTK Query 2.x
- **Navigation**: React Navigation
- **Health Sensors**: 
  - react-native-health (iOS HealthKit)
  - react-native-google-fit (Android Health Connect)
- **QR Scanning**: react-native-camera
- **Encryption**: react-native-quick-crypto
- **Persistence**: Redux Persist 6.x (AsyncStorage)
- **HTTP**: Axios

### Web
- **Framework**: React 18+
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Data Fetching**: RTK Query 2.x
- **Routing**: React Router
- **Charts**: Recharts
- **Persistence**: Redux Persist 6.x (localStorage)
- **HTTP**: Axios

### Shared (Monorepo)
- **Language**: TypeScript
- **State Management**: Redux Toolkit 2.x
- **Reducers**: Shared reducers (user, family, encryption)
- **Selectors**: Shared selectors (Reselect 5.x)
- **API**: Axios
- **Encryption**: AES-256-GCM, PBKDF2
- **Validation**: Zod
- **Date**: date-fns
- **Utilities**: Shared package

---

## Still To Be Decided

### 1. Authentication Strategy (Priority: High)

**Options**:
- JWT (stateless, scalable)
- Session-based (traditional, easier revocation)
- Passkey/WebAuthn (passwordless, modern)

**Considerations for Normogen**:
- Zero-knowledge password recovery (from encryption.md)
- Token revocation strategy
- Multi-factor authentication (future)
- Integration with client-side encryption keys
- Family member access control

---

### 2. Database Schema (Priority: High)

**Collections to Design**:
- Users (authentication, profiles)
- Families (family structure)
- Health Data (encrypted health records)
- Lab Results (encrypted lab data)
- Medications (encrypted medication data)
- Appointments (encrypted appointment data)
- Shared Links (time-limited access tokens)

---

## Recommended Order

1. Rust Framework: Axum (COMPLETED)
2. Mobile/Web Framework: React Native + React (COMPLETED)
3. State Management: Redux Toolkit 2.x (COMPLETED)
4. Authentication: JWT with recovery phrase
5. Database Schema: Design MongoDB collections
6. Create POC: Health sensor integration test
7. Implement Core Features: Authentication, encryption, CRUD

---

## Next Research Priority

**Research Question**: How to implement zero-knowledge authentication with JWT and recovery phrase support?

**Considerations**:
- Zero-knowledge password recovery (from encryption.md)
- Token revocation strategy
- Multi-factor authentication (future)
- Integration with client-side encryption keys
- Family member access control

**Estimated Research Time**: 2-3 hours