MGit: (Medical) Git

A Git wrapper for secure, decentralized medical data exchange

Revolutionizing Medical Record Management

MGit enables patients to take control of their medical data through a decentralized, cryptographically secure system built on Git and authenticated with Nostr public keys. No more fragmented records, data silos, or loss of medical history when switching providers.

What is MGit?

MGit is a specialized Git wrapper built on top of git that extends Git's capabilities with Nostr public key integration. MGit is designed specifically for secure, decentralized medical record management and transmission, giving patients and healthcare providers a verifiable way to store, share, and track medical data.

By using Git's robust version control features combined with Nostr's cryptographic identity system, MGit provides:

Verifiable Authorship

Every medical record change is cryptographically signed with your Nostr public key, ensuring data integrity and establishing clear ownership.

Complete History

Full audit trail of all medical record updates, enabling historical views of patient data and accountability for all changes.

Secure, Distributed Storage

No single point of failure. Your medical data can be stored across multiple locations while maintaining your control.

Patient-Controlled Access

Granular permission controls allow you to share specific portions of your medical history with different providers as needed.

Why Decentralized Medical Records?

Traditional Electronic Medical Record (EMR) systems face significant challenges that directly impact patient care and data ownership:

Data Silos

Medical records are fragmented across different providers and systems, making it difficult for patients to access their complete health history or for new providers to get a full picture of patient care.

Lack of Interoperability

Different EMR systems often cannot communicate effectively, leading to repeated tests, treatment delays, potential medical errors, and unnecessary costs.

Security Concerns

Centralized databases create attractive targets for data breaches and single points of failure, putting sensitive medical information at risk.

Patient Lock-in

Patients often cannot easily transfer their complete medical history when switching providers, losing years of valuable health data.

Lack of Transparency

Patients have limited visibility into who has accessed their data, when changes were made, and by whom, reducing trust and accountability.

Vendor Dependencies

Healthcare providers are locked into specific EMR vendors, limiting innovation and creating dependencies on proprietary systems.

What is MGit Server?

MGit Server is a self-hosted service that stores a user's Medical Data. It authenticates users via Nostr and serves the MGit Repo back to the authenticated client. MGit Server = MGit + Nostr

The server provides secure repository hosting with role-based access control, ensuring that only authorized healthcare providers can access specific portions of your medical records based on permissions you set.

How does it all work together?

The MGit repo is—you guessed it—a git repo, but its contents are a user's medical data. Together with a client App that understands how to render such data, the user essentially has a digital Medical Binder on their smartphone.

This creates a paradigm where patients maintain self-custody of their medical records while still enabling seamless sharing with healthcare providers. Think of it as having your complete medical history in your pocket, with the ability to grant access to specific providers as needed.

Core Functionality

MGit supports these operations with enhanced security and authentication:

  • mgit init - Initialize a new medical record repository
  • mgit clone <url> [path] - Clone a repository with Nostr authentication
  • mgit add <files...> - Add medical files to staging
  • mgit commit -m <message> - Commit staged changes with Nostr public key attribution
  • mgit push - Push commits to remote repository
  • mgit pull - Pull changes from remote
  • mgit status - Show repository status
  • mgit show [commit] - Show commit details and changes with medical data context
  • mgit config - Get and set configuration values including Nostr keys

Authentication & Security

MGit uses a robust challenge-response authentication system based on Nostr cryptographic keys:

  1. Challenge Request: The client requests a challenge from the server for a specific repository
  2. Cryptographic Signing: The challenge is signed using the user's Nostr private key
  3. Signature Verification: The server verifies the signature against known authorized public keys
  4. Token Issuance: Upon successful verification, the server issues a JWT token for repository access
  5. Authorized Operations: The token is used for all subsequent repository operations with role-based permissions

This approach ensures that only authorized individuals can access medical repositories while maintaining the decentralized nature of the system.

Getting Started

MGit provides a familiar command-line interface for those who already know Git, with enhanced security features for medical data: 

$ mgit config --global user.name "Dr. Jane Smith"
    $ mgit config --global user.email "[email protected]"
    $ mgit config --global user.pubkey "npub19jlhl9twyjajarvrjeeh75a5ylzngv4tj8y9wgffsgu..."

After setup, MGit operates with the same basic commands as Git, but with enhanced security, verification, and medical data management capabilities.

Development Roadmap

Current Implementation

  • Go-based implementation using go-git
  • Node.js server components
  • Nostr authentication integration
  • Basic repository operations
  • Role-based access control

Web-Based Client

  • In-browser implementation using isomorphic-git
  • Browser storage for repository data
  • React-based UI for medical record management
  • Drag-and-drop document upload

Mobile Integration Strategy

  • Native module approach using libgit2
  • Custom C library (libmgit2) implementing MGit functionality
  • React Native integration for iOS and Android
  • Full offline support for medical record access
  • Biometric authentication integration

Self-Custody of Medical Data

The primary goal of MGit is to enable patients to maintain self-custody of their medical records. This means:

  • Data Ownership: You own and control your medical data, not the healthcare provider or EMR vendor
  • Portability: Take your complete medical history with you when switching providers
  • Transparency: Full visibility into who has accessed your data and when
  • Granular Control: Share only the specific medical information relevant to each provider
  • Long-term Preservation: Your medical history is preserved regardless of provider changes or technology migrations

Proof of Concept

This server is running a proof of concept implementation of the MGit system. It demonstrates:

  • Nostr-based authentication and authorization
  • Cryptographically verified medical record commits
  • Secure repository access controls with role-based permissions
  • Transparent audit trail of all record changes
  • Integration between Git version control and medical data management

Click the "Login / Access Repository" button above to test the authentication system with your Nostr keys.