locker-backend 0.1.1

Self-hosted digital encrypted vault with immutable consent receipts for personal documents.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

[![Sponsor](https://img.shields.io/badge/Sponsor-đź’–-orange)](https://github.com/sponsors/sumanjangili)

## Regulatory‑First Design Demo Suite
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
[![Rust](https://img.shields.io/badge/Rust-1.78+-red.svg)](Rust)
[![Node](https://img.shields.io/badge/Node-20+-green.svg)](Node)

*Build privacy‑by‑law systems from day 1. Start with the law, end with trust.*
> In a world where data‑protection regulations such as GDPR, CCPA, HIPAA and DPDPA dictate how personal information may be collected, stored, and processed, the safest way to launch a product is to make those rules the starting point of the architecture—not an after‑thought. 

---

### Table of Contents
1. [What is Regulatory‑First?](#what-is-regulatory‑first)
2. [Demo Projects](#demo-projects)
3. [Getting Started](#getting-started)
- Prerequisites
- Installation & Build
4. [Why These Demos Matter](#why-these-demos-matter)
5. [Roadmap](#roadmap)
6. [Contributing](#contributing)
7. [License](#license)

### What is Regulatory‑First?
- **Start with the law** – Every component (database schema, API contract, UI) is engineered to satisfy the relevant legal obligations out of the box.
- **Privacy‑by‑Design & Privacy‑by‑Default** – Data‑minimisation, purpose limitation, consent, right‑to‑access, right‑to‑erasure, breach‑notification, and retention policies are enforced automatically.
- **Safety & Trust** – Launching a product this way reduces costly retro‑fits, lowers regulatory risk, and gives users confidence that their personal information is protected from the start.

---

### Demo Projects

| Demo                | Goal              | Core Privacy Controls                    | Legal Touch‑Points         |
| ------------------- | ----------------- | ---------------------------------------- | -------------------------- |
| **Personal‑Data‑Vault ("My Privacy Locker")** | Self-hosted digital encrypted vault with immutable consent receipts for personal documents. | • Explicit consent receipts (immutable audit log) • DSAR endpoint that streams all user data as a signed ZIP • Soft‑delete flag + background purge • End‑to‑end encryption (AES‑256 per user) • Tamper‑evident append‑only audit log | GDPR Art. 7 (consent), Art. 15 (access), Art. 17 (erasure); CCPA right‑to‑delete; Swiss PDPA |
| **Contextual‑Ads‑Free News Portal** | Personalized article recommendations without profiling or cookies. | • No server‑side user profile – all recommendation logic runs in the browser • Respect `navigator.doNotTrack` and do‑not‑collect IPs beyond host logs • Machine‑readable `/privacy-summary` endpoint (SPDX‑style) • Opt‑out endpoint that clears any session data • Stateless API, CSP & HSTS headers | GDPR Art. 5(1)(b) (purpose limitation), Art. 25 (privacy‑by‑default); CCPA “do not sell” principle; Swiss PDPA |
| **Health‑Check‑In App** | Daily wellness check‑in that handles PHI securely. | • TLS‑protected Rust API (Rocket/Axum) • Column‑level encryption in Postgres (`pgcrypto`) • Role‑based middleware (employee / manager / admin) • Automated 90‑day retention purge with logged deletions • Signed breach‑notification token • Versioned consent modal with policy hash | HIPAA (PHI protection, breach notification) CCPA §1798.105 (retention) GDPR Art. 7, Art. 15, Art. 17 (consent, access, erasure) |

---

### Getting Started
#### Prerequisites
- **Rust** ≥ 1.78 (with `cargo`)
- **Node.js** ≥ 20 (for the React front‑ends)
- **Docker** (optional, for containerised deployment)
- Git
#### Installation & Build
Clone the repo:
```bash
git clone https://github.com/sumanjangili/regulatory-first.git
cd regulatory-first
```
Choose a demo branch
| Branch                | Command                           |
| --------------------- | --------------------------------- |
| **My Privacy Locker** | `git checkout -b my-privacy-locker` |
| **News Aggregator** | `git checkout -b news-aggregator` |
| **Health Check‑In** | `git checkout -b health-check-in` |

Build & run the Personal‑Data‑Vault (example)
```bash
# Back‑end (Rust)
cd backend                # inside the selected branch
cargo run --release       # launches Actix‑Web / Rocket / Axum server

# Front‑end (React)
cd locker-frontend   # Personal‑Data‑Vault UI
npm install
npm run dev          # Vite dev server → https://localhost:5173
```
The other demos follow the same pattern – just swap the backend crate (rocket or axum) and the React starter (next.js or create‑react‑app).
Docker (optional, all services)
Build images without cache:
```bash
docker compose build --no-cache regulatory_api db health-ui locker-ui news-ui
docker compose up -d
docker compose logs -f regulatory_api   # wait for “Server listening …”
```

---

### Why These Demos Matter
- **End‑to‑end privacy engineering** – From consent capture in the UI to cryptographic storage and audit trails in the back‑end.
- **Rust’s safety** – Strong typing, memory safety, and performant async servers make it ideal for handling regulated data.
- **Modern React UX** – Clear consent modals, privacy dashboards, and accessible opt‑out flows give users transparency required by law.
- **Reusable scaffold** – Fork a branch, replace the domain‑specific logic, and you already have a regulatory‑first foundation for your own product.

---

### Roadmap

| Version | Target | Highlights |
| ------- | ------ | ---------- |
| v1.1   | Q2 2026 | OpenAPI spec generation, CI linting for Rust & TypeScript, automated compliance-report generator.

(Future milestones will be added as the project evolves.)

---

### Contributing
We welcome contributions! Please read our [CONTRIBUTING.md](CONTRIBUTING.md) for setup instructions, coding standards, and the pull‑request workflow.
Typical contribution flow:
```bash
git checkout -b feature/<your‑feature>
# make changes
git commit -m "Add <description>"
git push origin feature/<your‑feature>
# open a PR
```

---

### License
This project is licensed under the **MIT License** – see the [LICENSE](LICENSE) file for details.

---

### Quick Links
- Repository: [https://github.com/sumanjangili/regulatory-first](https://github.com/sumanjangili/regulatory-first)
- Issue Tracker: [https://github.com/sumanjangili/regulatory-first/issues](https://github.com/sumanjangili/regulatory-first/issues)
- Documentation (generated from source):

Feel free to explore the demos, raise issues, or submit pull requests.

---