Commit graph

75 commits

Author SHA1 Message Date
Daniel Onyejesi
01f6a38ee2 Fix login flash, quiz in presentations, revert viewer body, feed labels
Login flash:
- Auth screen now hidden by CSS default (#auth-screen{display:none !important})
- auth.js shows it only when there is no valid token or token is expired
- No more flash of login page on refresh for logged-in users

Presentation quiz option (AI Generate panel):
- Presentation type now shows optional quiz question toggle (same as article)
- Backend: when questionCount>0, returns JSON {marpMarkdown, questions[]}
  instead of plain Marp markdown
- applyAiContent fills both the Marp textarea and question blocks for presentations

Viewer revert:
- Removed the viewer presentation card change (user wants markdown as-is)
- Removed dangling viewer button wiring

Feed/CMS list:
- Presentation type shows correct icon (fa-presentation-screen) and
  label "Slides" in the CMS content list
2026-03-24 02:50:31 -04:00
Daniel Onyejesi
23d39dec65 Fix WebDAV selection, pdf-parse, prompt(), CSP, security issues 1/2/4/5
pdf-parse (was v2, broken API):
- Downgraded to v1.1.1 — default export is a function again
- pdfParse is not a function error fixed

WebDAV file selection (style.display bug, same cascade issue):
- lh-ai-webdav-selected had inline style="display:flex" always visible
- selectWebdavFile() / deselectWebdavFile() now use element.style.display
- On select: browser div hides, selected indicator shows with file name + X
- On deselect (X): indicator hides, browser shows again

Topic context for Upload and Nextcloud tabs:
- Both tabs now have optional "Topic / context" field
- Sent to backend as 'topic' param to help AI focus the generated content

Inline refine bar (replaces window.prompt):
- Refine Body button shows/hides an amber inline input bar below generate buttons
- Enter instructions, press Apply — no browser dialog, works in all contexts

CSP: remove unsafe-inline from scriptSrc (security issue #2):
- Converted all 26 onclick= handlers in component HTML files to
  data-action / data-target / data-label attributes
- Added delegated click handler in app.js for copy/speak/nc-export actions
- script-src now 'self' only; script-src-attr 'none'

WebDAV path endpoint (security issue #5):
- New POST /api/user/webdav-path (authMiddleware only, not moderator)
- nextcloud.js updated to use new endpoint

nodemailer: already at 6.10.1 (vulnerability fixed).
2026-03-24 02:28:43 -04:00
Daniel Onyejesi
9a584bcc8a Fix AI panel options: use style.display, redesign quiz card
Bug: classList.toggle('hidden') was silently ignored because
.lh-ai-opt-field{display:flex} is defined at CSS line 758, after
.hidden{display:none} at line 242 — same specificity, later rule wins.
Fix: updateAiOptions() now uses element.style.display directly (inline
styles always override class rules).

Also fix initial state: lh-ai-slides-field now uses style="display:none"
instead of class="hidden" so it's correctly hidden on load.

Panel syncs content type from editor on open (editorType → ctype select
→ updateAiOptions called immediately).

Per type:
- Quiz: word count hidden, slides hidden, quiz card visible (no toggle)
- Presentation: word count hidden, slides visible, quiz card hidden
- Article/Pearl: word count visible, slides hidden, quiz card with toggle

Quiz card redesign: gradient blue/indigo background, white header with
icon, clean body — replaces the plain grey rectangle.
2026-03-24 02:07:56 -04:00
Daniel Onyejesi
d78b79714c Add DEVELOPER_GUIDE.md — full handover documentation
Covers: architecture, directory structure, all env vars, full DB schema,
auth system, every API endpoint with auth level, frontend tab loading
pattern (critical: tabChanged not DOMContentLoaded), AI integration,
Learning Hub content types, deployment commands, security notes,
admin password reset via Docker console, and how to add new features.
2026-03-24 02:02:31 -04:00
Daniel Onyejesi
21c1c5ea6d Revert auth to localStorage tokens, fix slide padding, AI panel options
REVERT: httpOnly cookie auth removed — reverts to JWT in localStorage.
The cookie implementation broke the login page (always-hidden auth screen).
localStorage token approach is restored fully:
- Login/register return token in JSON body
- getAuthHeaders() sends Authorization: Bearer header
- Session check reads localStorage token on load
- clearSession() removes localStorage token

Fix: slide preview padding — section elements now have 40px 48px padding
so text is not flush against the frame edges.

Kept from v3.14: AI panel context-aware options (word count, slide count,
quiz question toggle), delete confirmation wording per content type.
2026-03-24 01:57:59 -04:00
Daniel Onyejesi
9d63625987 AI panel context-aware options, delete wording, httpOnly cookie auth
AI Generate panel:
- Content type synced from editor on open
- Article/Pearl: optional word count field
- Presentation: optional slide count field
- Questions row: checkbox toggle for article/pearl (optional), always on for quiz,
  hidden for presentation; count input shown only when enabled
- Backend: passes wordCount/slideCount to prompt; questionCount=0 skips questions

Delete confirmation:
- Wording built dynamically from content type
- Presentation: no mention of questions
- Quiz: "All quiz questions will be permanently removed"
- Article/pearl: "Any quiz questions attached will also be removed"

Auth refactor — JWT → httpOnly cookie:
- Backend: setAuthCookie() sets ped_auth as httpOnly, Secure, SameSite=Lax, 7d
- Backend: clearAuthCookie() on POST /api/auth/logout (new endpoint)
- Backend: auth middleware reads ped_auth cookie first, falls back to Bearer header
- Login/register: no longer return token in JSON body; cookie is the session
- Frontend: getAuthHeaders() returns only Content-Type (no Authorization header)
- Frontend: session check uses /api/auth/me via cookie (no localStorage token)
- Frontend: clearSession() calls /api/auth/logout to clear cookie server-side
- Frontend: no token in localStorage; window.AUTH_TOKEN removed
- All FormData fetches use credentials:'same-origin' (cookie sent automatically)
- index.html: optimistic auth-screen hide (removed localStorage token check)

Tested: login, logout, /api/auth/me, admin routes, FormData uploads, cookie httpOnly
flag, 401 without cookie, cookie cleared on logout.
2026-03-24 01:46:07 -04:00
Daniel Onyejesi
10620a3152 Fix delete bar always visible, slide preview modal, Marp textarea hint
Delete bar bug:
- Root cause: .lh-delete-confirm-bar{display:flex} defined after .hidden{display:none}
  so flex overrode hidden (no !important on global .hidden rule)
- Fix: remove display:flex from base rule, use .lh-delete-confirm-bar:not(.hidden){display:flex}
  so hidden class always wins regardless of CSS order

Slide preview (replace window.open + document.write approach):
- Backend /preview-slides now returns JSON: {css, slides[]} (individual <section> HTML)
- In-page full-screen modal with dark overlay, white slide frame
- Prev/Next arrow buttons, dot indicators, slide counter
- Keyboard navigation (arrow keys, Escape to close)
- Touch/swipe support for mobile
- Overlay click closes modal
- No popups required, works in all browsers

Marp textarea:
- Placeholder updated to guide users: "Click AI Generate above to create slides"
- Makes it clear AI is the primary authoring path; textarea for review/edits
2026-03-24 01:13:55 -04:00
Daniel Onyejesi
dc40e94749 Delete confirm inline bar, lighter login, Presentation type with Marp+PPTX
Delete confirmation:
- Replaced browser confirm() popup with inline red warning bar in editor
- Shows content title, Cancel and Delete buttons inline in the editor header
- Category delete uses double-click pattern with toast feedback

Login screen:
- Changed from dark blue/purple gradient to light gray background (var(--g50))
- Card now matches 404 page style: white, subtle blue shadow, indigo border

Presentation content type:
- New 'Presentation' button in CMS toolbar (green style)
- Marp markdown textarea editor (dark code editor style) shown when type=presentation
- Body/Tiptap editor hidden; Marp section shown (toggleEditorMode)
- Preview button: renders Marp HTML via @marp-team/marp-core, opens in new tab
- Download PPTX: pure-JS pptxgenjs (no Chromium), parses slides, exports .pptx
- AI generate: returns Marp markdown directly when contentType=presentation
- Body column stores Marp markdown for presentations

Backend:
- POST /api/admin/learning/generate-pptx — pptxgenjs PPTX from Marp markdown
- POST /api/admin/learning/preview-slides — Marp HTML preview

GitHub repo set to private via API.
2026-03-24 00:59:36 -04:00
Daniel Onyejesi
e16e47f634 Add AI content generation to Learning Hub CMS
Backend (src/routes/learningAI.js):
- POST /api/admin/learning/ai-generate
  * Accepts: topic text, uploaded file (PDF/TXT/MD/HTML), or Nextcloud WebDAV path
  * Extracts text from PDFs via pdf-parse; plain text read directly
  * Fetches WebDAV files using stored Nextcloud credentials
  * Prompts AI to return structured JSON: title, subject, body (HTML), questions[]
  * Strips code fences, falls back to regex JSON extraction if needed
- POST /api/admin/learning/ai-refine — refine existing body with instructions
- GET  /api/admin/learning/webdav-browse — PROPFIND-based Nextcloud file browser
- POST /api/admin/learning/webdav-path — save user's default browse path

Frontend:
- AI Generate button in CMS editor header (gradient purple→blue)
- Panel with 3 source tabs: By Topic / Upload File / Nextcloud
- Drag-and-drop file dropzone with DataTransfer API support
- WebDAV file browser: navigate folders, select files, breadcrumb path
- Options: question count, content type (article/quiz/pearl), model selector, instructions
- Refine Current Body: prompt-driven AI rewrite of existing content
- Generated content auto-fills title, subject, type, Tiptap body, quiz questions

Settings:
- Nextcloud section: "Learning Hub Default Browse Path" field (shown when connected)
- Saves to webdav_learning_path column via /api/admin/learning/webdav-path

DB: ALTER TABLE users ADD COLUMN IF NOT EXISTS webdav_learning_path TEXT
2026-03-24 00:17:28 -04:00
Daniel Onyejesi
a3277f352e Add proper 404 handling and custom error page
Only serve index.html for GET /; all other unknown paths return HTTP 404
with a custom branded error page (stethoscope SVG illustration, matches
app design, links back to /).
2026-03-23 23:47:50 -04:00
Daniel Onyejesi
6633763833 Add tiptap and build dependencies to package.json 2026-03-23 23:40:58 -04:00
Daniel Onyejesi
aae75b678f Replace Quill with Tiptap rich text editor
- Bundle Tiptap 2 (StarterKit, Link, Underline) with esbuild into
  public/vendor/tiptap.bundle.js — fully self-hosted, no CDN needed
- Remove Quill (quill.min.js, quill.snow.css, patchQuillTooltip hack)
- Headless Tiptap editor: custom toolbar (bold/italic/underline/strike,
  headings, lists, blockquote, code, link) with active-state highlighting
- Link insertion: inline link bar below toolbar (no popup, no tooltip)
  — type URL, press Apply or Enter; Remove button to unset
- Mini editor for question text and option text (same toggle UX)
- ProseMirror content styles: headings, lists, blockquote, code, links
2026-03-23 23:32:41 -04:00
Daniel Onyejesi
8aa1c5d0f7 Fix Quill link tooltip positioning and registration flash
Quill tooltip: move tooltip element to document.body via patchQuillTooltip()
so overflow:hidden on .cms-main cannot clip it. Recalculates position from
container-relative to viewport (fixed) coordinates with viewport clamping.
Removes overflow:hidden from quill wrappers; applies border-radius to toolbar/container.

Registration: hide #show-register by default in HTML; reveal only after
registration-status fetch confirms enabled=true. Endpoint already returns 403
when disabled — no backend change needed.
2026-03-23 23:09:21 -04:00
Daniel Onyejesi
d0299f5284 Fix vaccine/catchup tabs and serve Quill locally
- wellVisit.js now handles tabChanged for vaxschedule and catchup tabs
  so renderFullSchedule() and renderCatchUp() fire when those tabs open
- Replace Quill CDN with local /vendor/quill.min.js + quill.snow.css
  (CDN was unreachable in local/offline environments)
2026-03-23 22:59:47 -04:00
Daniel Onyejesi
d8ba336451 Add Quill rich text editor, multi-select questions, per-field rich text toggle
- Replace textarea+toolbar with Quill.js (free, MIT) for body editor
  - Full WYSIWYG: headings, bold/italic, lists, blockquote, code, link (inline, no popup)
- Rich Text toggle button on each question text field and option text field
  - Plain textarea by default; toggle activates mini Quill editor per field
- New 'Multiple Select' question type: checkboxes, all correct must be chosen
  - Backend scoring: allCorrectChosen && noWrongChosen
  - Results show all correct options highlighted, wrong selections flagged
- quiz display uses sanitizeHtml for question/option text (supports formatted HTML)
- sanitizeHtml allows Quill class attrs (ql-indent, etc.)
2026-03-23 22:37:29 -04:00
Daniel Onyejesi
868afcda20 Fix module init: defer all tab scripts until component HTML is loaded
All JS modules were running immediately (IIFE/DOMContentLoaded) but
tab HTML is lazy-loaded from /components/*.html, causing null errors
on every addEventListener call. Each module now listens for tabChanged
with its tab name and initializes once after the DOM is ready.

Also: quiz question/explanation boxes changed to textarea for
multi-line support; quiz display uses sanitizeHtml() so formatted
text (bold, lists, etc.) renders correctly.
2026-03-23 22:03:54 -04:00
Daniel Onyejesi
ca68177abb Fix line breaks in AI output: use innerHTML instead of textContent
Adds setOutputText() helper that escapes HTML and converts \n to <br>,
applied to all AI-generated note outputs so line breaks are preserved
in contenteditable divs. Also cleans up CSS for quiz option markers.
2026-03-23 21:17:50 -04:00
Daniel Onyejesi
7eb72cee78 Fix loading race condition, improve quiz UX, editor toolbar, settings page
- Fix: component loader now fires tabChanged AFTER HTML is in DOM
  (fixes CMS/settings stuck at loading)
- CMS: separate "New Article", "New Quiz", "New Pearl" buttons
- CMS: editor toolbar with formatting buttons (bold, italic, headings,
  lists, links, tables, quotes, code, hr)
- CMS: quiz questions have numbered headers (Q1, Q2...), larger inputs,
  clear "check correct answer" labels
- CMS: validation prevents saving questions without correct answer marked
- Quiz UX: large card-style question boxes with gradient number badges,
  bigger option buttons with hover effects and selection feedback,
  checkmark/cross icons on results
- Settings: improved card spacing, input styling, section headers with
  bottom borders for visual hierarchy
- Settings: updated compliance section (removed HIPAA references, added
  BAA/institution guidelines language)
2026-03-23 20:37:35 -04:00
Daniel Onyejesi
28464308ba Dedicated CMS page, responsive email templates, security fixes in auth
- New dedicated Content Manager tab (WordPress-like layout) with:
  - Stats dashboard (published, drafts, categories, quizzes, attempts)
  - Sidebar with category tree and filter controls (status, category)
  - Table-style content list with search
  - Full-page editor with title bar, meta fields, body editor, quiz builder
- Content Manager visible only for admin and moderator roles in sidebar
- Removed CMS from admin panel (admin panel is admin-only again)
- Email templates: fully responsive with max-width, proper mobile breakpoints,
  table-based layout for Outlook/Gmail compatibility, no overflow
- Security: escape all user data in emails with escHtml(), escape APP_URL
  in verify-email HTML, replace raw err.message with generic errors in auth
- Security: email body from admin settings now HTML-escaped before rendering
2026-03-23 20:13:22 -04:00
Daniel Onyejesi
4064ccf516 Fix quiz SQL bug, security hardening, componentize HTML, speed improvements
- Fix: "missing FROM-clause entry for table q" in quiz submission query
- Security: replace broken sanitizeHtml with allowlist-based sanitizer (prevents stored XSS)
- Security: whitelist table names in uniqueSlug() to prevent SQL injection pattern
- Security: replace raw err.message responses with generic errors in learning routes
- Security: cap admin logs query LIMIT to 500
- Refactor: break 1685-line index.html into 12 lazy-loaded component files (280 lines shell)
- Speed: add preconnect hints for Google Fonts and CDN
- Speed: defer all script tags for faster initial paint
- Speed: lazy-load tab HTML on activation (only active tab's DOM is parsed)
- Update: replace HIPAA notice with institution-guidelines cautionary note
2026-03-23 20:01:54 -04:00
Daniel Onyejesi
4af622913f v3.1: Add Learning Hub with CMS, quizzes, and 3-role user system
- New Learning Hub under Pediatric menu with content feed, category browsing,
  search, content viewer, and interactive quizzes (MCQ, true/false)
- Quiz system with per-option wrong-answer explanations and general explanations
- Admin CMS for creating/editing categories, content (articles, pearls, quizzes),
  and inline question builder with answer options
- 3-role system: admin (full access), moderator (can manage Learning Hub content),
  user (all clinical features + learning hub read access)
- 5 new database tables: learning_categories, learning_content, learning_questions,
  learning_options, learning_progress
- User progress tracking with score history per quiz
- Moderators see "Content Manager" tab instead of full Admin panel
2026-03-23 19:32:47 -04:00
Daniel
fc3c58e4eb Expand ROS/PE: pertinent negatives for WNL, clinical descriptions for abnormal
- WNL/Normal systems now expand to 1-3 specific pertinent negatives instead of
  just "WNL" — varies each time, relates to chief complaint and differential
  (e.g., Skin: "no rash, no petechiae, no bruising" instead of "WNL")
- Abnormal systems: AI expands physician's brief note into clinical description
  favoring most common presentation, adds only 1-2 related pertinent negatives
  (e.g., "pimples on face" → "inflammatory papules on bilateral cheeks...")
- Format function now passes system domain details for context
- Rules applied to well visit (full + short) and sick visit prompts
2026-03-23 23:45:09 +01:00
Daniel
3eb14af051 Add growth velocity, feeding guidance, BMI classification to well visits
- Growth reference data by age (newborn through 21y): expected weight/length/HC
  gains per day/month/year, puberty growth spurt details
- Feeding/nutrition guidance by age: formula amounts, breastfeeding frequency,
  solid food introduction timeline, juice limits, milk transitions, calorie needs
- BMI/obesity classification per AAP 2023 CPG + CDC Extended BMI:
  Underweight, Healthy, Overweight, Obesity Class I/II/III with action items
  (≥120% and ≥140% of 95th percentile thresholds)
- Weight-for-length guidance for children <2 years
- "By Visit" panel now shows growth reference + feeding guidance + BMI table
- Well visit AI prompt updated to include growth assessment, BMI classification,
  and feeding counseling in generated notes
- Backend injects age-appropriate growth/nutrition data into AI context
2026-03-23 23:11:24 +01:00
Daniel
d2ed08cd46 v3.0: Add multi-provider Bedrock models, newborn milestones, Converse API
- Bedrock: Add 14 non-vendor model models (Amazon Nova, Meta Llama 4, DeepSeek R1/V3,
  Mistral Large 3, Cohere Command R+, AI21 Jamba) with verified AWS model IDs
- Bedrock: Implement Converse API for non-Anthropic models (unified cross-model API),
  keep native Messages API for vendor model models (best performance)
- Milestones: Add Newborn / 1 month developmental milestones (Gross Motor, Fine Motor,
  Language, Social/Emotional, Cognitive) — previously started at 2 months
- Bump version to 3.0.0, docker-compose tag to v3.0
2026-03-23 22:13:19 +01:00
Daniel
eb8c86f70e Fix: Bedrock vendor model models updated with verified IDs from AWS docs
- Source: docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html
- Added: vendor model Opus 4.6 (anthropic.agent-config-opus-4-6-v1)
- Added: vendor model Opus 4.5 (anthropic.agent-config-opus-4-5-20251101-v1:0)
- Added: vendor model Sonnet 4.6 (anthropic.agent-config-sonnet-4-6) — new default
- Added: vendor model Sonnet 4.5 (anthropic.agent-config-sonnet-4-5-20250929-v1:0)
- Kept: vendor model Sonnet 4, Haiku 4.5, vendor model 3.5 Haiku
- Fallback updated to vendor model Haiku 4.5
- Bump version to 2.9.0
2026-03-23 18:23:26 +01:00
Daniel
fa6cdb8f24 Fix: chart review New clears all fields/notes, date context for AI, Bedrock vendor model-only models
- resetChartReview() clears all pasted notes, visit cards, labs, demographics, and output on New
- clearTab('chart') in encounters.js now calls resetChartReview() for complete reset
- chartReview route injects today's date so AI understands time-relative terms
- Bedrock models updated to vendor model-only with verified 2025 IDs (Sonnet 4, 3.7 Sonnet, 3.5 Sonnet v2, 3.5 Haiku)
- Removed Llama/Mistral/Titan from Bedrock; fixed incorrect vendor-model-4.6 Bedrock IDs
- Bump version to 2.8.0
2026-03-23 18:12:07 +01:00
Daniel Onyejesi
6375be96a3 Fix: auth-screen flex-direction column so footer sits below login box 2026-03-22 19:48:23 -04:00
Daniel Onyejesi
df6c3abaa4 Fix: footer on login page only, static position at bottom of auth screen 2026-03-22 19:46:25 -04:00
Daniel Onyejesi
3cea15734b Fix: replace footer with slim fixed bar shown on all pages incl. login 2026-03-22 19:43:09 -04:00
Daniel Onyejesi
0851d47ab9 Feat: show footer on login page with transparent styling 2026-03-22 19:40:35 -04:00
Daniel Onyejesi
4d45050522 Feat: add footer with healthcare equity statement and copyright 2026-03-22 19:37:36 -04:00
Daniel Onyejesi
a6b6d0dffb Revert: undo model selector color-scheme overrides (local Adwaita theme issue, not a code bug) 2026-03-22 19:23:47 -04:00
Daniel Onyejesi
2cd0eaa511 Fix: force color-scheme on model selects to prevent OS dark mode bleed-through 2026-03-22 19:18:51 -04:00
Daniel Onyejesi
38d07ff37f Feat: v2.7 — sidebar UX, well visit subtabs, larger boxes, sick visit reorder
- Remove duplicate milestones sidebar button; well visit button now works correctly
- Move Sick Visit sidebar entry to just below Well Visit (before Vaccine/Catch-Up)
- Sick Visit remains its own standalone tab (not a subtab)
- Well Visit subtabs: By Visit Age | Milestones | SSHADESS (12+) | Visit Note
- Dramatically larger transcript boxes (min-height 240px, max-height 600px)
- Dramatically larger note output boxes (min-height 480px) — beautiful scrollable
- Collapsible desktop sidebar with localStorage persistence
- Update README with full feature list
- Bump docker-compose to v2.7
2026-03-22 19:14:41 -04:00
Daniel Onyejesi
78730a669f Bump image to v2.6 2026-03-22 19:00:29 -04:00
Daniel Onyejesi
aecf72453f Fix: milestones copy-to-note auto-navigates; add 6-11y milestone data
- Copy to Note button now switches to Well Visit → Visit Note subtab
  automatically so user sees the result immediately
- Add complete AAP/Nelson developmental milestones for ages 6, 7, 8, 9,
  10, and 11 years (Gross Motor, Fine Motor, Language, Social/Emotional,
  Cognitive domains each)
- Add corresponding age options to ms-age-group select
2026-03-22 19:00:02 -04:00
Daniel Onyejesi
2e4d0f1f6e Bump image to v2.5 2026-03-22 18:52:35 -04:00
Daniel Onyejesi
90c7bc35af Feat: milestones under well visit, standalone schedule tabs, remove admin models
- Move Milestones from standalone tab to well visit subtab (wv-panel-milestones)
  with 'Copy to Note' button that fills Developmental Assessment card in Visit Note
- Sidebar Milestones button now navigates to Well Visit → Milestones subtab
- Move Full Vaccine Schedule → standalone sidebar tab (vaxschedule-tab)
- Move Catch-Up Schedule → standalone sidebar tab (catchup-tab)
- Add Developmental Assessment textarea (wv-milestones-text) to Visit Note panel
- Remove AI Models management from admin panel (was failing to load)
- switchSubtab scoped to wellvisit-tab so standalone schedule panels unaffected
- Expose window.wvSwitchSubtab for cross-module subtab switching
2026-03-22 18:52:11 -04:00
Daniel Onyejesi
bfa832713d Bump docker-compose image to v2.4 2026-03-22 18:34:07 -04:00
Daniel Onyejesi
2da4401d80 Fix: admin models/2FA loading, save doubles, sidebar collapse, SSHADESS copy
- Fix 2FA status stuck at "Loading...": export load2FAStatus globally so
  app.js tabChanged handler can call it when navigating via sidebar
- Fix admin models silent failure: add error message + retry button on catch
- Fix save encounter doubles: persist _savedEncId_* to sessionStorage so
  page refresh reuses existing record instead of inserting a duplicate;
  add _savingInProgress guard to prevent race-condition double-saves
- Desktop sidebar collapsible: add collapse/expand buttons (not collapsed
  by default), state saved to localStorage; hidden on mobile
- Copy to Visit Note now also copies SSHADESS assessment to wv-shadess-text
- Store selected visit age in window._wellVisitAge + sessionStorage so
  other tabs can read the patient's age
- Bigger screening/vaccine boxes: min-height on wv-vax-list, wv-screen-list,
  wv-visit-detail; slightly more padding on vaccine items
- Wire New Patient (clearTab) buttons to document click handler
2026-03-22 18:33:28 -04:00
Daniel Onyejesi
3449b0efca Fix: save/load encounters — hidden popovers, label IDs, note IDs
- CSS: .enc-load-popover.hidden now overrides display:flex (specificity bug
  caused popovers to always be visible)
- resumeEncounter: add domPfxMap to correctly resolve label element IDs
  (enc_type 'wellvisit' → 'wv-label', 'hospital' → 'hosp-label', etc.)
- resumeEncounter: use noteIdMap to find the right output element per tab
- resumeEncounter: use enc.enc_type (not tabName) as _savedEncId_ key for
  consistency with saveFromTab
2026-03-22 17:39:04 -04:00
Daniel Onyejesi
9544d43b16 Chore: bump production docker image to v2.3 2026-03-22 17:18:06 -04:00
Daniel Onyejesi
56b8961a55 Feat: left sidebar nav, tab persistence, admin models fix, hospital/chart save
- Replace horizontal tab-nav with collapsible left sidebar (sticky desktop, slide-in mobile with hamburger toggle)
- Fix tab persistence: use localStorage instead of URL hash; restore last tab after login in enterApp()
- Fix admin CMS models loading: move autoDeleteDays read inside .then() callback (was ReferenceError), switch admin loading from click-only to tabChanged event
- Add Save/Load bars to Hospital Course and Chart Review tabs with popover support
- Add wv (well visit) save handler in encounters.js
- Register load handlers for hospital and chart tabs
- Expand popover prefix list to include hosp and chart
2026-03-22 17:17:45 -04:00
Daniel Onyejesi
075353886e Chore: bump production image tag to v2.2 2026-03-22 16:57:08 -04:00
Daniel Onyejesi
8317708bb6 Fix: load popover positioning, delete button, ICD-10 live search
- Wrap save-bar + popover in .save-bar-wrap (position:relative) so the
  absolute-positioned popover anchors correctly below the Load button
  (previously popovers were outside the save-bar, so had no positioned
  ancestor and appeared at the wrong place on screen)
- Remove confirm() dialog from deleteEncounter — encounter disappears
  immediately from the popover list after deletion
- ICD-10 diagnoses: replace static-only lookup with live NLM Clinical
  Tables API search (clinicaltables.nlm.nih.gov) with 280ms debounce;
  results appear in a dropdown below the search input; Enter/click selects
- Add clinicaltables.nlm.nih.gov to CSP connect-src
- Drop unused position:relative from .save-bar (now on .save-bar-wrap)
2026-03-22 16:56:28 -04:00
Daniel Onyejesi
d4759fcf58 Chore: bump production image tag to v2.1 2026-03-22 16:44:27 -04:00
Daniel Onyejesi
5dd08f8da3 Feat: admin CMS, save/resume encounters, user templates, SSHADESS, well visit notes, sick visit, ROS/PE checklists, ICD-10 diagnoses
- Admin CMS: announcements, feature flags, email templates, AI prompts, SMTP, model management, reset-to-defaults
- Save/resume encounter progress with 7-day auto-expiry and patient labels
- Inline searchable load popover (replaces settings-modal redirect)
- User memory/template system (physical exam, ROS, encounter format, etc.)
- SSHADESS psychosocial screening form (8 domains, listen-in recording)
- Well visit note generation with vitals, vaccines, screenings, SSHADESS
- Interactive screenings/vaccines status buttons (Done/Refused/Already Given/N/A)
- ROS 15-system checklist + PE 17-system checklist in well visit note tab
- ICD-10 diagnoses tag picker (28 common pediatric codes + free text)
- Simple sick visit tab: chief complaint, inferred ROS (4) + PE (7), diagnoses, generate note
- Settings converted from modal to full-page tab
- Fix: /api/models moved before authenticated routes (was returning 401 → empty model selector)
- Fix: getUserMemoryContext always fetches from API regardless of cache state
- Pause/resume recording on all recording tabs
- Site-level SMTP config stored in DB; ElevenLabs TTS with browser fallback
2026-03-22 16:43:39 -04:00
Daniel Onyejesi
cd73bec5f8 Feat: add stethoscope+pencil favicon in SVG, ICO, and PNG sizes 2026-03-22 14:09:18 -04:00
Daniel Onyejesi
93338567e8 Feat: restore ElevenLabs Adam voice for read aloud with browser TTS fallback; add client-side error logging 2026-03-22 12:27:17 -04:00
Daniel Onyejesi
e74c0ccb0c Fix: clear password fields after autofill delay and add autocomplete=off on login form 2026-03-22 12:18:29 -04:00