PII Service — Searchable Encryption

• What it is: a secure personal-data (PII) management service — separates identity (Keycloak) from personal data, stores it with field-level encryption, supports search over encrypted fields (blind index), audits all operations, multi-tenant B2B/B2C/partner/internal, GDPR and Saudi PDPL compliance. This is Healthcare platform's actual PII service (the empty #46 pii-service is a stub; the code lives here).
• Type / status / role: api (microservice) · active (last commit 2026-02-13) · solo (91 of 91 commits by the user; Harsh Manwani 2 — external help).
• Activity period: 2025-08-30 → 2026-02-13 (~5.5 months), v1.0.50.

• Languages: TypeScript (strict).
• Frameworks/libraries: Bun 1.2.21 (runtime, clustering in prod); Elysia.js (typed, OpenAPI/Swagger); Drizzle ORM + PostgreSQL 15+ (18 migrations); HashiCorp Vault (node-vault — Transit engine for field-level encryption + key rotation); Keycloak (@keycloak/keycloak-admin-client, keycloak-connect — 4 realms); BullMQ + ioredis (queues); OpenTelemetry (@elysiajs/opentelemetry + OTLP exporter — tracing); jose (JWT); Zod v4. Monorepo workspaces: @regain/crypto, @regain/auth-provider (shared packages).
• Infra/deploy: 4 Dockerfiles (main / dev / migrate / queue), docker-compose; GitLab CI + GitHub Actions; husky pre-commit (drizzle generate + add migrations + bun test).
• Data: PostgreSQL (Drizzle), Redis (BullMQ), Vault (keys/encryption).
• Notable tooling: rich AI tooling — .claude/, .kombai/, .qoder/, AGENTS.md; OpenTelemetry observability; vault scripts (init/status/test/key-rotation).

91 solo authored commits over ~5.5 months. By structure (src/services/) — a broad set of subsystems (each a separate module): encryption, indexing, security, authorization, auth, otp, verification, audit, rate-limiter, cache, sms, notification, integration. API in src/modules/v1/ (patients, consent, gdpr, admin), middleware (auth + audit), queue (jobs + processors). 18 Drizzle migrations. Developed against a phased plan (docs/pii_service_development_plan.md — 10 phases / 16 weeks).

By CLAUDE.md + code structure (solo authorship):

• Three-tier encryption (src/services/encryption, indexing): (1) Transit encryption via Vault (AES-256-GCM, keys never leave Vault); (2) blind indexing with HMAC-SHA256 — search over encrypted fields without decryption; (3) automatic key rotation (src/scripts/key-rotation.ts). → Strong security engineering: searchable encryption is a non-trivial pattern.
• Identity ↔ PII separation: Keycloak holds accounts, the PII service holds personal data; field-level access control prior to decryption, mandatory access audit, PII handled only inside transactions, no plaintext PII in logs. → Sound privacy/compliance model (GDPR, Saudi PDPL).
• Multi-realm Keycloak auth (4 realms: B2B clinics, B2C patients, partner-api service account, internal-service). → Complex multi-tenant authorization.
• Production-grade wiring: clustering (Node cluster for multi-core on Bun), BullMQ queues (separate Dockerfile.queue + worker), OpenTelemetry tracing, rate-limiter, SMS/OTP/verification services, separate migrate container. → Full production contour.
• Shared crypto monorepo (@regain/crypto, @regain/auth-provider) — reusable security packages across Healthcare platform/regain services.

• Sessions found: the directory exists in the local Claude Code sessions store, but contains 0 .jsonl transcripts (possibly cleared/moved). No recorded sessions, but AI-assisted development was active: .claude/, .kombai/, .qoder/, AGENTS.md in the repo.
• What was done with AI: based on tooling — substantial AI assistance; phased development plan in docs.
• AI workflow patterns: multi-tool (Claude Code + Kombai + Qoder), AGENTS.md, document-oriented development (a 10-phase plan).

• v1.0.50; ~20 service modules, 4 Keycloak realms, 18 migrations, 4 Docker targets, dual CI.
• A real security-sensitive production service for a medical platform (patient PII) with GDPR/PDPL compliance.