build update

.build/prod/frontend.Dockerfile

@@ -1,10 +1,28 @@
+# Build stage - compile the React/Vite app
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Copy package files first for better caching
+COPY frontend-react/package*.json ./
+
+# Install dependencies
+RUN npm ci
+
+# Copy source files
+COPY frontend-react/ ./
+
+# Build the production bundle
+RUN npm run build
+
+# Production stage - serve with Nginx
 FROM nginx:alpine
 
 # Copy custom nginx configuration
 COPY .build/prod/nginx.conf /etc/nginx/nginx.conf
 
-# Copy static frontend files
-COPY Frontend/ /usr/share/nginx/html/
+# Copy built React app from builder stage
+COPY --from=builder /app/dist /usr/share/nginx/html/
 
 # Expose port 80
 EXPOSE 80

.claude/settings.local.json

@@ -2,7 +2,10 @@
   "permissions": {
     "allow": [
       "Bash(docker compose build:*)",
-      "Bash(docker compose:*)"
+      "Bash(docker compose:*)",
+      "Bash(chmod:*)",
+      "Bash(tree:*)",
+      "Bash(./ci-helper:*)"
     ]
   }
 }

English-Draft.md

@@ -0,0 +1,42 @@
+## Petition: For the Urgent Enactment of a Comprehensive Data Protection and Privacy Act
+
+### I. Preamble
+
+We, the undersigned citizens of the Maldives, submit this petition to address the critical vacuum in our legal framework regarding personal data. As the "Maldives 2.0" digital transformation accelerates, our current laws fail to address the fundamental rights of individuals to own and protect their personal information. The lack of a GDPR-standard law has left the Maldivian public vulnerable to identity theft, unsolicited surveillance, and corporate negligence.
+
+### II. Core Principles of Data Sovereignty
+
+* **User Ownership:** All data produced by a user belongs to that user. Service providers are custodians with no inherent rights to sell or share this data.
+* **Granular Consent:** Service providers must be prohibited from auto-enrolling users into auxiliary programs. "Pre-checked" boxes for newsletters or third-party services must be legally void.
+* **Right to Permanent Erasure:** Users must have the right to "Hard Deletion," ensuring data is scrubbed from servers rather than merely hidden ("Soft Deletion").
+* **Accessible Portability:** Users have the right to receive a copy of their data in a modern, readable, and raw format—not on obsolete physical media.
+
+### III. Statement of Grievances (General Incidents)
+
+The following systemic issues demonstrate the urgent need for legislative intervention:
+
+1. **Exploitation in Local Apps and Portals:** Some applications have been identified as leaking precise customer. When reported, these entities often refuse to admit fault or provide transparency, leaving users at risk of physical and digital stalking.
+2. **Government Portal Vulnerabilities:** Multiple state-managed digital portals have suffered breaches where personal IDs and contact information were exposed. The lack of a mandatory breach notification law means citizens are often the last to know their data is on the dark web.
+3. **Healthcare Data Breaches:** Sensitive medical histories and records from healthcare providers have been leaked or shared inappropriately. In a small society, the disclosure of medical status without consent causes irreparable social and professional harm.
+4. **Financial Phishing & Scams:** The rise in fraudulent calls is a direct result of data leaks from merchants and service providers. Scammers utilize leaked partial card numbers and personal details to convince citizens they are legitimate authorities.
+5. **Political Misuse:** Citizens are frequently discovered to be registered as members of political organizations without their knowledge, indicating a widespread misuse of national identification data.
+
+### IV. Critical Legal Gaps
+
+* **Negligent Security:** Current laws penalize active hacking but do not hold organizations accountable for leaving servers unprotected or for failing to report a hack to their customers.
+* **AI Regulation:** Without specific data laws, personal data (including faces and chats) is being harvested to train AI models without explicit, verbose consent.
+* **Accountability Vacuum:** Companies currently "hold data hostage," making it intentionally difficult for users to delete accounts or access their own information.
+
+### V. Proposed Solutions & Requests
+
+We call upon the People’s Majlis to:
+
+1. **Enact a Data Protection Act** that meets or exceeds global GDPR standards.
+2. **Establish an Independent Data Protection Authority (DPA)** to oversee both private and public sectors, with the power to audit and fine entities.
+3. **Mandatory Breach Disclosure:** Require all entities to notify the DPA and affected individuals within 72 hours of a data breach.
+4. **Enforce Harsh Penalties:** Implement significant fines for organizations that mishandle data or operate without adequate cybersecurity protocols.
+5. **Regulate AI Data Usage:** Mandate that consent for AI training must be a separate, clear, and verbose agreement, not hidden in a standard TOS.
+
+### VI. Conclusion
+
+A "Digital Maldives" cannot exist without trust. We urge the Majlis to prioritize this legislation to ensure that as our nation moves forward, the privacy and dignity of its citizens are not left behind.