Commit graph

21 commits

Author SHA1 Message Date
Daniel Onyejesi
0cbfd34cb4 Feat: persist active tab in URL hash across page refreshes 2026-03-22 00:26:13 -04:00
Daniel Onyejesi
731e3137bd Bump image tag to v1.2 in docker-compose.yml 2026-03-22 00:16:51 -04:00
Daniel Onyejesi
1443e74333 Fix: init Well Visit tab on DOMContentLoaded instead of lazy tabChanged event 2026-03-22 00:10:46 -04:00
Daniel Onyejesi
70ac393619 Fix: remove build context from docker-compose so production always pulls from Docker Hub 2026-03-22 00:02:52 -04:00
Daniel Onyejesi
d96771f4c6 Fix: use versioned Docker tag v1.1 instead of latest
Prevents Docker from skipping pulls when tag name hasn't changed.
2026-03-21 23:59:10 -04:00
Daniel Onyejesi
837cc9f261 Fix: set no-cache headers for HTML, short cache for JS/CSS
Prevents Caddy/browser from caching index.html across deployments.
2026-03-21 23:54:48 -04:00
Daniel Onyejesi
2dda53698f Fix: add missing Dengue and Mpox labels to VACCINE_FULL_NAMES 2026-03-21 23:44:12 -04:00
Daniel Onyejesi
2b73db1664 Feat: add Well Visit / Preventive Care tab with AAP 2025 data
- Add Well Visit tab with three sub-views: By Visit Age, Full Vaccine Schedule, Catch-Up Schedule
- By Visit Age: shows ICD-10/CPT billing codes, vaccines due with dose info, measurements, sensory/developmental/behavioral/procedure screenings, oral health, notes
- Full Schedule: scrollable table of all vaccines vs all visit ages
- Catch-Up Schedule: per-vaccine minimum ages, intervals, and catch-up notes per CDC 2025
- Add pediatricScheduleData.js (1719-line AAP 2025 Bright Futures dataset)
- Add wellVisit.js for tab logic (lazy-initialized on first tab activation)
- Fire tabChanged CustomEvent on tab switch for lazy initialization
- Add Well Visit CSS styles to styles.css
2026-03-21 23:19:24 -04:00
Daniel Onyejesi
1207202f45 Fix: milestone list — achieved states naturally, not-achieved uses Cannot/Does not
Achieved: 'Stands on one foot' (not 'Can stand on one foot')
Not achieved: 'Cannot stand on one foot' / 'Does not yet use 2-word sentences'
2026-03-21 22:48:26 -04:00
Daniel Onyejesi
34ca5f12c9 Fix: milestone list uses natural language sentences instead of X/checkmark
Replace checkmark/X symbol format with plain numbered sentences:
achieved → 'Can walk independently'
not achieved → 'Cannot walk' / 'Does not yet use 2-word sentences'
2026-03-21 22:45:55 -04:00
Daniel Onyejesi
797b22e58b Improve email templates and update README
- Replace bare-bones email HTML with branded templates: gradient header,
  action button, plain-text URL fallback, security footer notice
- Welcome/verify email: friendly greeting with user's name
- Password reset email: clear instructions, 1-hour expiry notice,
  explicit 'if you didn't request this, ignore it' message
- README: updated features list, vendor model 4.6 models, plain-text output note
2026-03-21 22:43:19 -04:00
Daniel Onyejesi
a752de60ab Fix: add scriptSrcAttr unsafe-inline to allow onclick handlers
Helmet 8 adds script-src-attr: 'none' by default which blocks ALL
inline event attribute handlers (onclick, onchange, etc.) regardless
of script-src unsafe-inline. This silently broke every onclick button:
copy, read aloud, nextcloud upload, generate, record, etc.
2026-03-21 22:12:17 -04:00
Daniel Onyejesi
077b0b33ac Fix: update all Font Awesome 5 icon names to Font Awesome 6
FA6 renamed many icons — using old FA5 names caused blank buttons/icons:
- fa-cloud-upload-alt    → fa-cloud-arrow-up   (Nextcloud upload button)
- fa-sign-out-alt        → fa-right-from-bracket (logout button)
- fa-magic               → fa-wand-magic-sparkles (all Generate buttons)
- fa-volume-up           → fa-volume-high      (all Read buttons + stopReading)
- fa-compress-alt        → fa-compress         (Shorter + 3-Sentence Summary)
- fa-file-medical-alt    → fa-file-waveform    (SOAP tab header)
- fa-file-alt            → fa-file-lines       (Transcript/Input cards)
- fa-shield-alt          → fa-shield-halved    (HIPAA notice + 2FA section)
- fa-sync-alt            → fa-rotate           (Admin refresh button)
- fa-ambulance           → fa-truck-medical    (ED note section)
- fa-question-circle     → fa-circle-question  (What's Missing button)
2026-03-21 21:58:14 -04:00
Daniel Onyejesi
665425c115 Fix: expand CSP connectSrc for CDN/TTS; add vendor model 4.6 models
- CSP connectSrc was blocking service worker re-fetches to cdnjs.cloudflare.com
  causing Font Awesome icons to go blank (settings, logout, nextcloud buttons)
- Add cdnjs, googleapis, gstatic, google to connectSrc to fix icon rendering
  and Chrome Web Speech API (which connects to Google servers for TTS voices)
- Add vendor model Opus 4.6 and vendor model Sonnet 4.6 to all three provider lists
  (OpenRouter, Bedrock, Azure-compatible); Sonnet 4.6 now default for Bedrock
2026-03-21 21:43:00 -04:00
Daniel Onyejesi
d58d13812f Fix: revert speakText to sync speechSynthesis; robust copyText fallback
- speakText: revert async ElevenLabs fetch chain — browser requires
  speechSynthesis.speak() to be called synchronously within user gesture;
  async .catch() context caused silent failure across browsers
- copyText: fix fallback that always showed 'Copied!' even when it failed;
  now shows real error message, uses selectNodeContents for accuracy,
  handles missing clipboard API gracefully
2026-03-21 21:31:48 -04:00
Daniel Onyejesi
7069c90465 Fix: enforce plain text output in all AI prompts (no markdown)
Add PLAIN TEXT ONLY rule to CORE_RULES so no prompt returns asterisks,
pound signs, or other markdown symbols — output is copy-ready as-is.
2026-03-21 21:06:13 -04:00
Daniel Onyejesi
64761c09fd Upgrade TTS to ElevenLabs Adam voice with frontend integration
- Switch speakText() to call /api/text-to-speech backend (ElevenLabs) with fallback to native speechSynthesis
- Upgrade ElevenLabs voice from Rachel to Adam (pNInz6obpgDQGcFmaJgB) — warmer, more professional
- Upgrade model from eleven_monolingual_v1 to eleven_turbo_v2_5 for better quality and lower latency
2026-03-21 20:55:50 -04:00
ifedan-ed
4fc7f7f033 Security: CSP, CORS origin lock, 1mb body limit, auth brute-force rate limits
- Enable Helmet CSP (scripts/styles/fonts/connect restricted to self + CDNs)
- Lock CORS to APP_URL origin in production (open in dev)
- Reduce JSON body limit from 50mb to 1mb
- Add per-route rate limits: login 10/15min, register 5/hr, forgot-pw 5/hr
- Add README with full setup, Docker Hub, provider switching, env reference
- Bump version to 3.0.0
2026-03-21 19:32:40 -04:00
ifedan-ed
c30708f1cc Add .dockerignore (exclude .env, .agent-config, node_modules, data) 2026-03-21 19:27:21 -04:00
ifedan-ed
04252c3015 v3.0.0: Auth, admin panel, security fixes, per-tab model selector
- Add authMiddleware to all AI/transcribe routes (were unauthenticated)
- Add full admin panel: user management, registration toggle, stats
- Fix XSS in email verification (escape user.name in HTML)
- Fix missing APP_URL fallback in password reset email
- Add per-tab model selector (respects OpenRouter/Bedrock/Azure lists)
- Fix transcribeAudio to send Authorization header
- Fix labs input: textarea instead of single-line input
- Add structured logging: audit_log, api_log, access_log tables
- Add admin CLI (admin-cli.js) for Docker exec management
- Fix duplicate var duration declaration in ai.js catch block
- Fix RETURNING check case-sensitivity in database.js
2026-03-21 19:25:51 -04:00
ifedan-ed
565bec9ca8 v2.0.0: Pediatric AI Scribe
Features:
- Live encounter recording → HPI (outpatient/inpatient)
- Voice dictation → HPI / SOAP note
- Hospital course generator (prose/day-by-day/organ system/psych)
- Chart review / precharting (outpatient/subspecialty/ED)
- SOAP note generator (full/subjective only)
- Developmental milestones (AAP/Nelson) with narrative + 3-sentence summary
- AI refine & shorten for all outputs
- Ask AI what's missing (clarification)
- Authentication (email/password, email verification, 2FA)
- Nextcloud integration with auto date folders
- PWA support (installable on phone)
- 18+ AI models via OpenRouter
- HIPAA compliance guidance
- Docker support
2026-03-21 16:55:50 -04:00