Skip to content

feat: implement PII encryption with AES-256-GCM and key rotation#447

Merged
Smartdevs17 merged 6 commits into
Smartdevs17:mainfrom
Junman140:feat/pii-encryption
May 28, 2026
Merged

feat: implement PII encryption with AES-256-GCM and key rotation#447
Smartdevs17 merged 6 commits into
Smartdevs17:mainfrom
Junman140:feat/pii-encryption

Conversation

@Junman140
Copy link
Copy Markdown
Contributor

@Junman140 Junman140 commented May 27, 2026
edited
Loading

Closes #373

Summary

  • Added field-level AES-256-GCM encryption for PII fields (email, name, phoneNumber, address, etc.)
  • Implemented key management with automatic 90-day rotation using HKDF key derivation
  • Added blind indexing for searchable encrypted fields using HMAC-SHA256 with trigram tokenization
  • Integrated PII access audit logging with existing tamper-evident audit chain
  • Implemented data masking for non-production environments (email, phone, general PII)
  • Added compliance reporting with encryption status, key management, and access summaries
  • Upgraded SecretsVault from base64 obfuscation to AES-256-GCM encryption at rest

Files Changed

New files

  • backend/services/encryption.ts - Core AES-256-GCM encryption, blind indexing, data masking
  • backend/services/keyManager.ts - Key hierarchy with 90-day auto rotation and re-encryption support
  • backend/services/piiAudit.ts - PII access audit logging integrated with AuditService chain
  • backend/services/complianceReport.ts - Compliance reporting with scoring and recommendations
  • backend/services/__tests__/encryption.test.ts - Tests for encryption/decryption, blind indexing, masking
  • backend/services/__tests__/keyManager.test.ts - Tests for key initialization, rotation, lookup

Modified files

  • backend/services/auditTypes.ts - Added PII-specific audit actions (viewed, exported, encrypted, etc.)
  • backend/services/gdpr.ts - Integrated encryption into data export/anonymization with audit logging
  • backend/services/index.ts - Exported all new services, types, and utilities
  • backend/secrets/SecretsVault.ts - Upgraded from base64 to AES-256-GCM authenticated encryption
  • src/services/gdpr.ts - Updated frontend GDPR service with encryption-aware response types

Technical Details

  • Algorithm: AES-256-GCM with 16-byte IV and 16-byte authentication tag
  • Key hierarchy: Master key → HKDF-SHA256(encryption key + index key)
  • Blind index: HMAC-SHA256 deterministic prefix (16 hex chars) with trigram tokenization
  • Masking: Email partial masking (first 1/3 visible), phone shows last 4 digits
  • Audit: All PII access logged through tamper-evident HMAC chain, exportable as CSV/JSON
  • Compliance report: Generates formatted report with encryption rate, key status, access summary, score

@Junman140
feat: implement PII encryption with AES-256-GCM and key rotation
b4b956d 
- Added field-level AES-256-GCM encryption for PII fields (email, name, phoneNumber, address, etc.)
- Key management with automatic 90-day rotation via HKDF key derivation
- Blind indexing for searchable encrypted fields using HMAC-SHA256 with trigram tokenization
- PII access audit logging integrated with existing tamper-evident audit chain
- Data masking for non-production environments (email, phone, general PII)
- Compliance reporting with encryption status, key management, and access summaries
- Upgraded SecretsVault from base64 obfuscation to AES-256-GCM encryption at rest
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 27, 2026

@Junman140 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Junman140 and others added 5 commits May 27, 2026 10:59
@Junman140
feat: implement batch subscription operations for bulk management
f81792d 
Add batch create from CSV/JSON, batch update with filtering, batch cancel with reason collection, and batch charge for manual billing runs.

- contracts/batch: Added CancelReason enum, BatchFilter struct, enhanced result types with skipped_operations tracking
- app/services/batchTransactionService.ts: Full rewrite with 4 operation types, CSV parsers, chunked processing, idempotent retry with backoff, result export (CSV/JSON), history persistence, per-item status tracking
- app/stores/batchStore.ts: Zustand store with draft management, CSV loading per operation type, execute/retry, export helpers
- app/screens/BatchOperationsScreen.tsx: Full UI with operation selector, CSV input, update params/filter modals, cancel reason picker, progress bar, per-item results with status coloring, export buttons, retry failed, history modal
- src/screens/ImportScreen.tsx: Added batch operations shortcut banner
- src/navigation: Added BatchOperations route to SettingsStack
- Updated useBatchTransactions hook and batchStore tests for new API

Edge cases handled: partial batch failure, idempotent retry of failed items, large batch memory management via chunked processing (default 50, max 200)
@Junman140
feat: implement contract-level subscription tax calculation and remit…
816b1ec 
…tance

- Add tax types to contracts/types (TaxJurisdiction, TaxExemption, TaxRemittanceReport, NexusRegion, TaxRateChangeEvent)
- Add 12 new StorageKey variants for tax state persistence
- Enhance invoice contract with full tax system:
  - Multi-jurisdiction tax lookup (set_tax_jurisdiction/get_tax_jurisdiction_by_location)
  - Tax exemption lifecycle (register/validate/revoke) with certificate validation
  - Digital goods classification and taxability rules
  - Mid-cycle tax rate change proration (calculate_prorated_tax)
  - Nexus determination with economic thresholds per jurisdiction
  - Tax remittance report generation and submission
- Add 10 contract test cases covering invoice generation, tax exemption, proration, nexus, and remittance
- Update frontend types with DigitalGoodsCategory, TaxRemittanceReport, NexusRegion, MidCycleTaxChange
@Junman140
feat: implement subscription tax calculation and remittance system
63cd23b 
- Add TaxType, TaxJurisdiction, TaxRateEntry, CustomerTaxStatus, DigitalGoodsClass, TaxRemittanceLineItem types

- Add new StorageKey variants: TaxRateEntry, CustomerTaxStatus, TaxRemittanceLine, DigitalGoodsClass, TaxRateChangeLogByJdx

- Fix StorageKey variant name length limits (ProxyPrevImplCount, TaxRemittanceReportByJdx)

- Enhance invoice contract with multi-jurisdiction tax lookup with fallback chain

- Add tax-exempt customer handling with certificate validation and expiry checks

- Implement mid-cycle tax rate change proration for existing subscriptions

- Add reverse-charge flagging and nexus threshold determination

- Add per-invoice/per-jurisdiction remittance line tracking

- Add 11 new contract functions and 10 comprehensive test cases

- Update subscription contract with new generate_invoice signature

- Create TaxService backend with built-in jurisdiction rates, caching, exemption validation, nexus checks, digital goods rules, and remittance report generation

- Create taxTypes.ts with full TypeScript type definitions

- Extend invoiceStore with tax state management (rates, exemptions, remittance lines, reports, mid-cycle changes)

- Add backend TaxService tests covering lookup, exemption, calculation, nexus, and reporting

- Update Invoice TypeScript types with TaxJurisdiction, CustomerTaxStatus, TaxRemittanceReport, MidCycleTaxChange and helper utilities

- Extend Invoice interface with taxJurisdiction, isTaxExempt, and reverseCharge fields
@Junman140
fix: add @react-native/jest-preset dependency for jest-expo compatibi…
b45b7f7 
…lity
@Junman140
Merge branch 'main' into feat/pii-encryption
94be796
@Smartdevs17 Smartdevs17 merged commit 557987e into Smartdevs17:main May 28, 2026
4 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement subscription data encryption for PII compliance

2 participants

@Junman140 @Smartdevs17