feat: Implement Recovery Vault Core MVP (Beehive 2.0 Architecture)

[CodeByRachit]

Overview

This PR implements the foundational "Beehive 2.0" architecture, addressing the project's goal of replacing the complex legacy system with a lightweight, privacy-first alternative for community clinics. It establishes the core engine required for secure recovery journey digitization.

Key Features Implemented

• 🏗️ Minimalist Core: Built on a Flask + SQLite stack to ensure the system is "installable and runnable from a single command" without complex external dependencies.
• 🛡️ Privacy by Default: Implemented UUID file masking for all uploads to protect patient identity on the local disk.
• 📂 Universal Secure Ingestion:
  • Supports both Images (JPG, PNG) and Documents (PDF, DOCX) with distinct visual previews.
  • DoS Protection: In-memory file size validation (100MB limit) prevents server crashes.
  • Strict allow-listing for file extensions.
• ✨ Modern Interactive UI:
  • Glassmorphism Design: A clean, professional aesthetic inspired by modern health apps.
  • Auto-Theme Detection: Seamless Light/Dark mode switching with native View Transitions.
  • Drag-and-Drop Zone: Interactive upload area with instant file previews and a "Trash" option for corrections.

How to Test

1. Clone the branch and enter the directory.
2. Install dependencies: pip install -r requirements.txt
3. Run the engine: python app.py
4. Visit http://127.0.0.1:8000 to test ingestion, theme switching, and deletion.

---

📸 Interface Preview

1. Secure Upload Zone (Light Mode)

2. Professional Dark Mode (Glassmorphism)

3. Universal File Preview & Delete Modal

[gemini-code-assist]

Summary of Changes

Hello @CodeByRachit, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the initial implementation of the 'Recovery Vault Core' project, dubbed 'Beehive 2.0'. Its primary goal is to provide a lightweight, privacy-focused alternative to a legacy system for community clinics, specifically by digitizing secure recovery journeys. The changes lay the groundwork for file ingestion, secure storage, and a modern user experience.

Highlights

• Core Architecture (Beehive 2.0): The pull request establishes the foundational 'Beehive 2.0' architecture, utilizing a minimalist Flask + SQLite stack for a lightweight, easily deployable system without complex external dependencies.
• Privacy by Default: Patient identity is protected on local disk through the implementation of UUID file masking for all uploaded files, ensuring privacy.
• Universal Secure Ingestion: The system now supports secure ingestion of various file types, including images (JPG, PNG) and documents (PDF, DOCX), with distinct visual previews. It includes DoS protection via in-memory file size validation (100MB limit) and strict allow-listing for file extensions.
• Modern Interactive UI: A new user interface features a Glassmorphism design, auto-theme detection with native View Transitions for seamless light/dark mode switching, and an interactive drag-and-drop upload zone with instant file previews and a 'Trash' option for corrections.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request lays a strong foundation for the Recovery Vault Core application. The use of Flask and SQLite aligns well with the goal of a lightweight, easy-to-deploy system. The UI is modern and the privacy-by-default approach with filename anonymization is a great start. I've identified several areas for improvement, primarily focusing on enhancing security, robustness, and maintainability. Key suggestions include properly managing the Flask secret key, sanitizing user-provided filenames, improving error handling to prevent information leaks, and ensuring dependencies are pinned for reproducible builds. Addressing these points will significantly strengthen the application's security posture and long-term stability.

[CodeByRachit]

@mdxabu I have pushed the latest updates to this PR,

Update Summary

I have addressed all previous code review feedback and implemented a major architectural enhancement for data integrity.

1. 🛠️ Fixes & Optimizations

• Security Hardening: Removed hardcoded secrets and enforced strict os.environ.get patterns for FLASK_DEBUG and keys.
• Stability: Pinned versions in requirements.txt and implemented specific exception handling (OSError, SQLAlchemyError) to prevent application crashes.
• Atomic Operations: Refactored deletion logic to ensure database records are removed before attempting file deletion (preventing orphan records).
• Frontend Performance: Fixed memory leaks in dashboard.html by properly implementing URL.revokeObjectURL in the preview logic.

2. New Feature: Digital Integrity (SHA-256)

To align with the "Recovery Vault" mission of secure evidence storage, I implemented Cryptographic Data Integrity:

• Backend Hashing: The ingest_record function now calculates a SHA-256 hash of the file stream in-memory before saving.
• Immutable Evidence: Added a file_hash column to the RecoveryEntry model to store this digital fingerprint.
• UI Verification: Added a "VERIFIED INTEGRITY" badge on the dashboard that displays the hash, visually confirming the file has not been tampered with since upload.

Status

• ✅ Automated Checks: Passing