Initial commit: MyMidas personal finance tracker

Full-stack self-hosted finance app with FastAPI backend and React frontend.

Features:
- Accounts, transactions, budgets, investments with GBP base currency
- CSV import with auto-detection for 10 UK bank formats
- ML predictions: spending forecast, net worth projection, Monte Carlo
- 7 selectable themes (Obsidian, Arctic, Midnight, Vault, Terminal, Synthwave, Ledger)
- Receipt/document attachments on transactions (JPEG, PNG, WebP, PDF)
- AES-256-GCM field encryption, RS256 JWT, TOTP 2FA, RLS, audit log
- Encrypted nightly backups + key rotation script
- Mobile-responsive layout with bottom nav

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/app/core/encryption.py

@@ -0,0 +1,24 @@
+"""
+Helpers for re-encrypting all sensitive DB fields during key rotation.
+"""
+from app.core.security import decrypt_field, encrypt_field
+
+
+def reencrypt(data: bytes, old_key_hex: str, new_key_hex: str) -> bytes:
+    """Re-encrypt a bytea field from old key to new key."""
+    from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+    import os
+
+    old_key = bytes.fromhex(old_key_hex)
+    new_key = bytes.fromhex(new_key_hex)
+
+    # Decrypt with old key
+    iv = data[:12]
+    ciphertext_with_tag = data[12:]
+    aesgcm_old = AESGCM(old_key)
+    plaintext = aesgcm_old.decrypt(iv, ciphertext_with_tag, None)
+
+    # Encrypt with new key
+    new_iv = os.urandom(12)
+    aesgcm_new = AESGCM(new_key)
+    return new_iv + aesgcm_new.encrypt(new_iv, plaintext, None)