normogen/thoughts/research/2026-02-14-tech-stack-decision.md

Technology Stack Decisions

Last Updated: 2026-02-14

---

Decisions Made

1. Rust Web Framework: Axum

Decision: Axum 0.7.x

Rationale:

• Superior I/O performance for encrypted data transfer
• Better streaming support for large encrypted responses
• Lower memory usage for concurrent connections
• Tower middleware ecosystem
• Excellent async patterns for lazy loading

Reference: 2026-02-14-performance-findings.md

---

2. Mobile Framework: React Native

Decision: React Native 0.73+ for iOS + Android

Platform Strategy:

• Primary: Mobile apps (iOS + Android) - Daily health tracking, sensor integration
• Secondary: Web browser - Extensive reporting, visualization, profile management

Rationale:

• 70-80% code sharing between mobile and web (single language: TypeScript)
• Health sensor integration: react-native-health (HealthKit), react-native-google-fit (Health Connect)
• QR code scanning: react-native-camera
• Encryption: react-native-quick-crypto (AES-256-GCM, PBKDF2)
• Web charts: Recharts for React (beautiful visualizations)
• Team skills: Single language (JavaScript/TypeScript) reduces development cost
• Time to market: Faster than native or Flutter

Reference: 2026-02-14-frontend-mobile-research.md

---

3. Web Framework: React

Decision: React 18+ for web companion app

Rationale:

• 70-80% code sharing with React Native (business logic, state, API, encryption)
• Charts: Recharts for beautiful health data visualizations
• Ecosystem: Largest npm ecosystem
• Team skills: Single language (TypeScript)

---

4. State Management: Redux Toolkit

Decision: Redux Toolkit 2.x for React Native + React

Score: 9.2/10

Rationale:

• Best for complex state: Family structure, multi-person profiles, permissions
• Built-in normalization: createEntityAdapter for efficient data management
• Best for offline sync: RTK Query for server state, optimistic updates, background sync
• Largest ecosystem: Most resources, tutorials, examples, production deployments
• Best developer experience: Time-travel debugging, predictable state updates
• TypeScript: Excellent support, full type safety
• Code sharing: 100% between React Native and React

Trade-offs:

• More boilerplate: More code, but clearer structure
• Steeper learning curve: More concepts, but better patterns
• Larger bundle: 60KB vs 3KB (negligible impact on 50-100MB app)

Reference: 2026-02-14-state-management-research.md

---

5. Authentication: JWT with Refresh Tokens

Decision: JWT (JSON Web Tokens) with Refresh Tokens + Recovery Phrases

Score: 9.5/10

Rationale:

• Stateless design: Scales to 1000+ concurrent connections (no session storage)
• Mobile-friendly: Works perfectly with React Native (AsyncStorage)
• Zero-knowledge compatible: Integrates with recovery phrases from encryption.md
• Token revocation: Refresh token blacklist (MongoDB) + token versioning
• Token rotation: Prevents reuse of stolen refresh tokens
• Family access control: Permissions in JWT claims (parent, child, elderly)
• Security best practices: Short-lived access tokens (15 min), long-lived refresh tokens (30 days)

Trade-offs:

• Revocation requires storage (MongoDB for refresh tokens, optional Redis for access tokens)
• More complex than sessions (but better for scaling)

Reference: 2026-02-14-jwt-authentication-research.md

---

Technology Stack Summary

Backend

• Framework: Axum 0.7.x
• Runtime: Tokio 1.x
• Middleware: Tower, Tower-HTTP
• Authentication: JWT with refresh tokens
• Database: MongoDB (with zero-knowledge encryption)
• Language: Rust

Mobile (iOS + Android)

• Framework: React Native 0.73+
• Language: TypeScript
• State Management: Redux Toolkit 2.x
• Data Fetching: RTK Query 2.x
• Authentication: JWT with AsyncStorage
• Navigation: React Navigation
• Health Sensors:
  • react-native-health (iOS HealthKit)
  • react-native-google-fit (Android Health Connect)
• QR Scanning: react-native-camera
• Encryption: react-native-quick-crypto
• Persistence: Redux Persist 6.x (AsyncStorage)
• HTTP: Axios

Web

• Framework: React 18+
• Language: TypeScript
• State Management: Redux Toolkit 2.x
• Data Fetching: RTK Query 2.x
• Authentication: JWT with localStorage (or httpOnly cookies)
• Routing: React Router
• Charts: Recharts
• Persistence: Redux Persist 6.x (localStorage)
• HTTP: Axios

Shared (Monorepo)

• Language: TypeScript
• State Management: Redux Toolkit 2.x
• Reducers: Shared reducers (user, family, encryption)
• Selectors: Shared selectors (Reselect 5.x)
• API: Axios
• Encryption: AES-256-GCM, PBKDF2
• Validation: Zod
• Date: date-fns
• Utilities: Shared package

---

Still To Be Decided

1. Database Schema (Priority: High)

Collections to Design:

• Users (authentication, profiles)
• Families (family structure)
• Health Data (encrypted health records)
• Lab Results (encrypted lab data)
• Medications (encrypted medication data)
• Appointments (encrypted appointment data)
• Shared Links (time-limited access tokens)
• Refresh Tokens (JWT refresh token storage)

---

2. API Architecture (Priority: Medium)

Options:

• REST (current plan)
• GraphQL (alternative)
• gRPC (for microservices)

---

Recommended Order

1. Rust Framework: Axum (COMPLETED)
2. Mobile/Web Framework: React Native + React (COMPLETED)
3. State Management: Redux Toolkit 2.x (COMPLETED)
4. Authentication: JWT with refresh tokens (COMPLETED)
5. Database Schema: Design MongoDB collections (NEXT)
6. Create POC: Health sensor integration test
7. Implement Core Features: Authentication, encryption, CRUD

---

Next Research Priority

Research Question: What should the MongoDB schema look like for Normogen's encrypted health data platform?

Considerations:

• Zero-knowledge encryption (all sensitive data encrypted)
• Family structure (parents, children, elderly)
• Health data types (lab results, medications, appointments)
• Refresh tokens (JWT storage)
• Shared links (time-limited access)
• Permissions (family member access control)

Estimated Research Time: 3-4 hours