Commit graph

97 commits

Author SHA1 Message Date
Daniel Onyejesi
70d2f34770 v8.0.0: Fix speech recognition repeating text, enable AWS Transcribe Medical
- Add deduplication logic to prevent Chrome Speech API from repeating
  sentences during long recording sessions (all 4 recording modules)
- Enable AWS Transcribe Medical with PRIMARYCARE specialty in .env
- Bump version to 8.0.0
2026-03-25 17:24:28 -04:00
Daniel Onyejesi
3da61c455e Add ffmpeg audio conversion fallback for AWS Transcribe
- transcribeAWS.js: convert browser WebM/Opus → PCM 16kHz mono via
  ffmpeg before sending to AWS Transcribe — PCM is unambiguous and
  most reliable; gracefully falls back to ogg-opus if ffmpeg absent
- Dockerfile: install ffmpeg (apk add ffmpeg) so Docker image works
  out of the box with AWS Transcribe
- README: document Amazon Transcribe setup, ffmpeg requirement,
  Transcribe Medical specialty options, and env vars reference
2026-03-25 20:35:24 +00:00
Daniel Onyejesi
767d28fc54 Add Amazon Transcribe streaming (no S3) with Medical specialty support
- New src/utils/transcribeAWS.js: streams audio directly to AWS
  Transcribe without requiring an S3 bucket
- Supports AWS_TRANSCRIBE_MEDICAL=true for Transcribe Medical
  (better clinical accuracy: drug names, diagnoses, procedures)
- AWS_TRANSCRIBE_SPECIALTY configures specialty (default PRIMARYCARE)
- transcribe.js auto-selects AWS when AWS_BEDROCK_REGION is set,
  or can be forced with TRANSCRIBE_PROVIDER=aws|openai
- Falls back to OpenAI Whisper when AWS is not configured
- Add @aws-sdk/client-transcribe-streaming as optional dependency
- Update .env.example with transcription configuration docs
2026-03-25 20:26:10 +00:00
Daniel Onyejesi
f397ca7725 v7: fix speech recognition repetition, HTML injection, long-session guard
- Fix word repetition: use sessionFinals pattern so each browser SR
  session starts fresh; no overlap when recognition auto-restarts
- Fix HTML injection / '>' parse error: escape < > & in live transcript
  innerHTML before inserting speech recognition text
- Add 24 MB blob guard: fall back to live SR transcript if audio file
  is too large for Whisper API (long sessions)
- Bump version to 7.0.0, update docker-compose image tag to v7
2026-03-25 20:07:10 +00:00
Daniel Onyejesi
689d5e9028 Expand DEVELOPER_GUIDE with detailed architecture, DB layer, file descriptions
- Added request flow walkthrough, AI provider selection logic
- Documented database layer (raw pg, no ORM) with helper methods
- Expanded directory structure with detailed per-file descriptions
- Expanded frontend JS descriptions (what each file does)
- Rewrote PDF section with current 50k char limit, supported types
- Updated version history through v6.0
2026-03-24 19:30:01 -04:00
Daniel Onyejesi
46ddfac358 Increase PDF/doc context to 50k chars, raise maxTokens ceiling to 8k
Supports large PDFs (~30 pages) from upload and Nextcloud.
maxTokens is a ceiling, not a target — short topics still get short responses.
2026-03-24 19:22:51 -04:00
Daniel Onyejesi
27d20c962f Re-add vendor model Opus 4.6, update DEVELOPER_GUIDE with logs/Bedrock docs
- Re-added Opus 4.6 (JSON sanitizer now handles its output)
- Added Logs & Debugging section with docker logs commands and prefixes
- Added Bedrock Model Notes (inference profiles, maxTokens, JSON sanitization)
- Updated version history through v5.8
- Updated rate limiting docs, build/push process, current image tag
2026-03-24 19:14:00 -04:00
Daniel Onyejesi
0e01f94247 Fix JSON parse for Sonnet 4.6: escape literal newlines in strings
Sonnet 4.6 outputs literal newline characters inside JSON string
values (e.g. in HTML body field) instead of \n escape sequences.
Added sanitizeJsonString that walks the string character by character
and escapes unescaped control chars inside quoted values.
2026-03-24 19:01:16 -04:00
Daniel Onyejesi
24ccb402b0 Remove vendor model Opus 4.6 (returns invalid JSON via Bedrock) 2026-03-24 18:43:28 -04:00
Daniel Onyejesi
cd9071a27d Re-add Qwen3 235B (works in us-east-1 despite docs) 2026-03-24 18:35:51 -04:00
Daniel Onyejesi
208ce27fa4 Comprehensive Bedrock fix: inference profiles + maxTokens clamping
- ALL models that need inference profiles now use us. prefix IDs:
  Anthropic (all 8), Nova (3), Meta Llama (3), DeepSeek R1, Writer
- Models with low max output tokens (Cohere 4096, Jamba 4096) now
  have maxOut field; callBedrock clamps maxTokens automatically
- Removed Qwen3 235B (no us-east-1 support, no inference profile)
- Added better debug logging for response block structure
2026-03-24 18:26:43 -04:00
Daniel Onyejesi
a43468fd4e Fix Anthropic models: use cross-region inference profiles (us. prefix)
Opus 4.6, Opus 4.5, Sonnet 4.6, Haiku 4.5 do NOT support direct
on-demand invocation — they require cross-region inference profile IDs
(us.anthropic.* prefix). Updated all affected bedrockIds. Also fixed
isAnthropic check to handle us.anthropic.* prefix.

Sonnet 4.5, Sonnet 4, 3.5 Haiku also updated to use profiles for
consistency (profiles work everywhere, direct IDs are limited).
2026-03-24 18:17:36 -04:00
Daniel Onyejesi
e4faf07a6d Fix Opus 4.6 thinking blocks, re-add Amazon Nova models
- Opus 4.6 returns multiple content blocks (thinking + text); was only
  reading content[0] which was the thinking block (just '{')
- Now iterates all blocks and extracts only type:'text' blocks
- Added debug logging for Bedrock response structure
- Re-added Nova Pro, Nova Lite, Nova Micro with correct region metadata
2026-03-24 18:05:27 -04:00
Daniel Onyejesi
8f0f9ff9e6 Fix AI invalid JSON: add system prompt + robust JSON extraction
Opus 4.6 and other large models add preamble/thinking text before
JSON output. Fix: add system message enforcing JSON-only, strip
leading text before first {, trim trailing text after last }, and
log raw output on parse failure for debugging.
2026-03-24 17:52:49 -04:00
Daniel Onyejesi
a0dec0d1d7 Fix Bedrock models: remove Nova (no on-demand), add region filtering
- Removed Amazon Nova models (not available for on-demand invocation)
- Replaced DeepSeek V3 with V3.2 (correct model ID)
- Removed Mistral Large 24.07 (us-west-2 only), added Magistral Small
- Added vendor model Opus 4.1, Writer Palmyra X5, Qwen3, Command R
- Each model now has region metadata; getAvailableModels() filters
  to only show models available in the configured AWS_BEDROCK_REGION
- Fixes "on-demand throughput not allowed" and region mismatch errors
2026-03-24 17:45:36 -04:00
Daniel Onyejesi
9437da2c99 Add resend verification link on login + rate limit (3/15min) 2026-03-24 14:14:42 -04:00
Daniel Onyejesi
114bc4e7cd Fix CMS button clickability, replace AI topic input with context box
- Add type="button" to all CMS action buttons to prevent default submit
- Change overflow:hidden to overflow:visible on .cms-main to prevent clipping
- Add z-index to .cms-editor-actions for reliable click targeting
- Replace AI "Topic" text input with a descriptive textarea context box
  so users can tell AI what to generate (AI creates its own title)
- Rename AI tab from "By Topic" to "Describe Content"
2026-03-24 11:52:02 -04:00
Daniel Onyejesi
3863a9c8d1 Fix login screen not showing on sign-out
Remove !important from #auth-screen CSS so the inline style set by
exitApp() can override it and display the login form after logout.
2026-03-24 11:24:26 -04:00
Daniel Onyejesi
11e4302e97 Fix Learning Hub search and content viewer isolation
Search (was completely broken):
- wireSearch() registered inside tabChanged for 'learning' tab — runs
  after component HTML is in the DOM (lh-search existed but listener
  was never attached because element was null at IIFE load time)
- Proper debounced search with 350ms delay, Escape key to clear
- Search results show count, 'X results for "query"', Clear Search button
- Empty state with helpful message; loading state while fetching

Content viewer showing feed items beneath it (CSS cascade bug):
- .lh-feed{display:flex} and .lh-category-bar{display:flex} defined
  at CSS lines 513/507 — after .hidden{display:none} at line 242
  So classList.add('hidden') was silently overridden
- showFeed() and showViewer() now use element.style.display with
  explicit values ('flex'/'block'/'none') which always win over class rules
- viewer started hidden via class="hidden"; now shown with style.display='block'
2026-03-24 03:13:22 -04:00
Daniel Onyejesi
e3da7c5bb0 Render presentations as slides in Learning Hub viewer
- New GET /api/learning/content/:slug/slides (authMiddleware only)
  Renders Marp markdown via marp-core, returns {css, slides[]} for
  any authenticated user — no moderator access required

- showViewer: when content_type === 'presentation', hides the body card
  and shows a presentation card with title, slide count, and View Slides button
  Auto-opens the slide modal immediately on load; button allows re-opening

- openSlidesFromSlug(): fetches slides from user-accessible endpoint
  then opens the existing slide preview modal (arrow keys, swipe, dots)

- Viewer already correctly hides feed/categories/search when viewing content;
  "Back to Feed" button returns to the main list
2026-03-24 03:04:14 -04:00
Daniel Onyejesi
e5d79b8a9a Update DEVELOPER_GUIDE: PDF/embedding rationale, scalability, security notes
- Section 17: PDF uploads — why no vector embeddings needed (single-file
  generation uses full-text extraction which is better for this use case;
  explains when embeddings would be appropriate and how to increase truncation limit)
- Section 18: Scalability — what already scales, bottlenecks (rate limiting,
  file uploads), horizontal scaling pattern with Redis + nginx, cloud options
- Section 19: Security — localStorage vs httpOnly cookie decision documented
  with rationale; existing XSS protections listed; path to httpOnly if needed
- Section 15: Version history updated and moved below new sections
- Version bumped to 3.19, current Docker tag updated
2026-03-24 02:57:04 -04:00
Daniel Onyejesi
be81f00aba Update DEVELOPER_GUIDE to v3.19 with version history and current Docker tag 2026-03-24 02:51:59 -04:00
Daniel Onyejesi
bc588fc320 Fix login flash, quiz in presentations, revert viewer body, feed labels
Login flash:
- Auth screen now hidden by CSS default (#auth-screen{display:none !important})
- auth.js shows it only when there is no valid token or token is expired
- No more flash of login page on refresh for logged-in users

Presentation quiz option (AI Generate panel):
- Presentation type now shows optional quiz question toggle (same as article)
- Backend: when questionCount>0, returns JSON {marpMarkdown, questions[]}
  instead of plain Marp markdown
- applyAiContent fills both the Marp textarea and question blocks for presentations

Viewer revert:
- Removed the viewer presentation card change (user wants markdown as-is)
- Removed dangling viewer button wiring

Feed/CMS list:
- Presentation type shows correct icon (fa-presentation-screen) and
  label "Slides" in the CMS content list
2026-03-24 02:50:31 -04:00
Daniel Onyejesi
7c7f72f54a Fix WebDAV selection, pdf-parse, prompt(), CSP, security issues 1/2/4/5
pdf-parse (was v2, broken API):
- Downgraded to v1.1.1 — default export is a function again
- pdfParse is not a function error fixed

WebDAV file selection (style.display bug, same cascade issue):
- lh-ai-webdav-selected had inline style="display:flex" always visible
- selectWebdavFile() / deselectWebdavFile() now use element.style.display
- On select: browser div hides, selected indicator shows with file name + X
- On deselect (X): indicator hides, browser shows again

Topic context for Upload and Nextcloud tabs:
- Both tabs now have optional "Topic / context" field
- Sent to backend as 'topic' param to help AI focus the generated content

Inline refine bar (replaces window.prompt):
- Refine Body button shows/hides an amber inline input bar below generate buttons
- Enter instructions, press Apply — no browser dialog, works in all contexts

CSP: remove unsafe-inline from scriptSrc (security issue #2):
- Converted all 26 onclick= handlers in component HTML files to
  data-action / data-target / data-label attributes
- Added delegated click handler in app.js for copy/speak/nc-export actions
- script-src now 'self' only; script-src-attr 'none'

WebDAV path endpoint (security issue #5):
- New POST /api/user/webdav-path (authMiddleware only, not moderator)
- nextcloud.js updated to use new endpoint

nodemailer: already at 6.10.1 (vulnerability fixed).
2026-03-24 02:28:43 -04:00
Daniel Onyejesi
8c1550a437 Fix AI panel options: use style.display, redesign quiz card
Bug: classList.toggle('hidden') was silently ignored because
.lh-ai-opt-field{display:flex} is defined at CSS line 758, after
.hidden{display:none} at line 242 — same specificity, later rule wins.
Fix: updateAiOptions() now uses element.style.display directly (inline
styles always override class rules).

Also fix initial state: lh-ai-slides-field now uses style="display:none"
instead of class="hidden" so it's correctly hidden on load.

Panel syncs content type from editor on open (editorType → ctype select
→ updateAiOptions called immediately).

Per type:
- Quiz: word count hidden, slides hidden, quiz card visible (no toggle)
- Presentation: word count hidden, slides visible, quiz card hidden
- Article/Pearl: word count visible, slides hidden, quiz card with toggle

Quiz card redesign: gradient blue/indigo background, white header with
icon, clean body — replaces the plain grey rectangle.
2026-03-24 02:07:56 -04:00
Daniel Onyejesi
e1ffe3dac2 Add DEVELOPER_GUIDE.md — full handover documentation
Covers: architecture, directory structure, all env vars, full DB schema,
auth system, every API endpoint with auth level, frontend tab loading
pattern (critical: tabChanged not DOMContentLoaded), AI integration,
Learning Hub content types, deployment commands, security notes,
admin password reset via Docker console, and how to add new features.
2026-03-24 02:02:31 -04:00
Daniel Onyejesi
b5bfcc5489 Revert auth to localStorage tokens, fix slide padding, AI panel options
REVERT: httpOnly cookie auth removed — reverts to JWT in localStorage.
The cookie implementation broke the login page (always-hidden auth screen).
localStorage token approach is restored fully:
- Login/register return token in JSON body
- getAuthHeaders() sends Authorization: Bearer header
- Session check reads localStorage token on load
- clearSession() removes localStorage token

Fix: slide preview padding — section elements now have 40px 48px padding
so text is not flush against the frame edges.

Kept from v3.14: AI panel context-aware options (word count, slide count,
quiz question toggle), delete confirmation wording per content type.
2026-03-24 01:57:59 -04:00
Daniel Onyejesi
ad40678b6e AI panel context-aware options, delete wording, httpOnly cookie auth
AI Generate panel:
- Content type synced from editor on open
- Article/Pearl: optional word count field
- Presentation: optional slide count field
- Questions row: checkbox toggle for article/pearl (optional), always on for quiz,
  hidden for presentation; count input shown only when enabled
- Backend: passes wordCount/slideCount to prompt; questionCount=0 skips questions

Delete confirmation:
- Wording built dynamically from content type
- Presentation: no mention of questions
- Quiz: "All quiz questions will be permanently removed"
- Article/pearl: "Any quiz questions attached will also be removed"

Auth refactor — JWT → httpOnly cookie:
- Backend: setAuthCookie() sets ped_auth as httpOnly, Secure, SameSite=Lax, 7d
- Backend: clearAuthCookie() on POST /api/auth/logout (new endpoint)
- Backend: auth middleware reads ped_auth cookie first, falls back to Bearer header
- Login/register: no longer return token in JSON body; cookie is the session
- Frontend: getAuthHeaders() returns only Content-Type (no Authorization header)
- Frontend: session check uses /api/auth/me via cookie (no localStorage token)
- Frontend: clearSession() calls /api/auth/logout to clear cookie server-side
- Frontend: no token in localStorage; window.AUTH_TOKEN removed
- All FormData fetches use credentials:'same-origin' (cookie sent automatically)
- index.html: optimistic auth-screen hide (removed localStorage token check)

Tested: login, logout, /api/auth/me, admin routes, FormData uploads, cookie httpOnly
flag, 401 without cookie, cookie cleared on logout.
2026-03-24 01:46:07 -04:00
Daniel Onyejesi
6471aced55 Fix delete bar always visible, slide preview modal, Marp textarea hint
Delete bar bug:
- Root cause: .lh-delete-confirm-bar{display:flex} defined after .hidden{display:none}
  so flex overrode hidden (no !important on global .hidden rule)
- Fix: remove display:flex from base rule, use .lh-delete-confirm-bar:not(.hidden){display:flex}
  so hidden class always wins regardless of CSS order

Slide preview (replace window.open + document.write approach):
- Backend /preview-slides now returns JSON: {css, slides[]} (individual <section> HTML)
- In-page full-screen modal with dark overlay, white slide frame
- Prev/Next arrow buttons, dot indicators, slide counter
- Keyboard navigation (arrow keys, Escape to close)
- Touch/swipe support for mobile
- Overlay click closes modal
- No popups required, works in all browsers

Marp textarea:
- Placeholder updated to guide users: "Click AI Generate above to create slides"
- Makes it clear AI is the primary authoring path; textarea for review/edits
2026-03-24 01:13:55 -04:00
Daniel Onyejesi
020cc76f2f Delete confirm inline bar, lighter login, Presentation type with Marp+PPTX
Delete confirmation:
- Replaced browser confirm() popup with inline red warning bar in editor
- Shows content title, Cancel and Delete buttons inline in the editor header
- Category delete uses double-click pattern with toast feedback

Login screen:
- Changed from dark blue/purple gradient to light gray background (var(--g50))
- Card now matches 404 page style: white, subtle blue shadow, indigo border

Presentation content type:
- New 'Presentation' button in CMS toolbar (green style)
- Marp markdown textarea editor (dark code editor style) shown when type=presentation
- Body/Tiptap editor hidden; Marp section shown (toggleEditorMode)
- Preview button: renders Marp HTML via @marp-team/marp-core, opens in new tab
- Download PPTX: pure-JS pptxgenjs (no Chromium), parses slides, exports .pptx
- AI generate: returns Marp markdown directly when contentType=presentation
- Body column stores Marp markdown for presentations

Backend:
- POST /api/admin/learning/generate-pptx — pptxgenjs PPTX from Marp markdown
- POST /api/admin/learning/preview-slides — Marp HTML preview

GitHub repo set to private via API.
2026-03-24 00:59:36 -04:00
Daniel Onyejesi
936ad7e8a0 Add AI content generation to Learning Hub CMS
Backend (src/routes/learningAI.js):
- POST /api/admin/learning/ai-generate
  * Accepts: topic text, uploaded file (PDF/TXT/MD/HTML), or Nextcloud WebDAV path
  * Extracts text from PDFs via pdf-parse; plain text read directly
  * Fetches WebDAV files using stored Nextcloud credentials
  * Prompts AI to return structured JSON: title, subject, body (HTML), questions[]
  * Strips code fences, falls back to regex JSON extraction if needed
- POST /api/admin/learning/ai-refine — refine existing body with instructions
- GET  /api/admin/learning/webdav-browse — PROPFIND-based Nextcloud file browser
- POST /api/admin/learning/webdav-path — save user's default browse path

Frontend:
- AI Generate button in CMS editor header (gradient purple→blue)
- Panel with 3 source tabs: By Topic / Upload File / Nextcloud
- Drag-and-drop file dropzone with DataTransfer API support
- WebDAV file browser: navigate folders, select files, breadcrumb path
- Options: question count, content type (article/quiz/pearl), model selector, instructions
- Refine Current Body: prompt-driven AI rewrite of existing content
- Generated content auto-fills title, subject, type, Tiptap body, quiz questions

Settings:
- Nextcloud section: "Learning Hub Default Browse Path" field (shown when connected)
- Saves to webdav_learning_path column via /api/admin/learning/webdav-path

DB: ALTER TABLE users ADD COLUMN IF NOT EXISTS webdav_learning_path TEXT
2026-03-24 00:17:28 -04:00
Daniel Onyejesi
9280257e2a Add proper 404 handling and custom error page
Only serve index.html for GET /; all other unknown paths return HTTP 404
with a custom branded error page (stethoscope SVG illustration, matches
app design, links back to /).
2026-03-23 23:47:50 -04:00
Daniel Onyejesi
bb58c30ae3 Add tiptap and build dependencies to package.json 2026-03-23 23:40:58 -04:00
Daniel Onyejesi
8c8b4b8153 Replace Quill with Tiptap rich text editor
- Bundle Tiptap 2 (StarterKit, Link, Underline) with esbuild into
  public/vendor/tiptap.bundle.js — fully self-hosted, no CDN needed
- Remove Quill (quill.min.js, quill.snow.css, patchQuillTooltip hack)
- Headless Tiptap editor: custom toolbar (bold/italic/underline/strike,
  headings, lists, blockquote, code, link) with active-state highlighting
- Link insertion: inline link bar below toolbar (no popup, no tooltip)
  — type URL, press Apply or Enter; Remove button to unset
- Mini editor for question text and option text (same toggle UX)
- ProseMirror content styles: headings, lists, blockquote, code, links
2026-03-23 23:32:41 -04:00
Daniel Onyejesi
7b91883e88 Fix Quill link tooltip positioning and registration flash
Quill tooltip: move tooltip element to document.body via patchQuillTooltip()
so overflow:hidden on .cms-main cannot clip it. Recalculates position from
container-relative to viewport (fixed) coordinates with viewport clamping.
Removes overflow:hidden from quill wrappers; applies border-radius to toolbar/container.

Registration: hide #show-register by default in HTML; reveal only after
registration-status fetch confirms enabled=true. Endpoint already returns 403
when disabled — no backend change needed.
2026-03-23 23:09:21 -04:00
Daniel Onyejesi
a69662d800 Fix vaccine/catchup tabs and serve Quill locally
- wellVisit.js now handles tabChanged for vaxschedule and catchup tabs
  so renderFullSchedule() and renderCatchUp() fire when those tabs open
- Replace Quill CDN with local /vendor/quill.min.js + quill.snow.css
  (CDN was unreachable in local/offline environments)
2026-03-23 22:59:47 -04:00
Daniel Onyejesi
d4e57177e4 Add Quill rich text editor, multi-select questions, per-field rich text toggle
- Replace textarea+toolbar with Quill.js (free, MIT) for body editor
  - Full WYSIWYG: headings, bold/italic, lists, blockquote, code, link (inline, no popup)
- Rich Text toggle button on each question text field and option text field
  - Plain textarea by default; toggle activates mini Quill editor per field
- New 'Multiple Select' question type: checkboxes, all correct must be chosen
  - Backend scoring: allCorrectChosen && noWrongChosen
  - Results show all correct options highlighted, wrong selections flagged
- quiz display uses sanitizeHtml for question/option text (supports formatted HTML)
- sanitizeHtml allows Quill class attrs (ql-indent, etc.)
2026-03-23 22:37:29 -04:00
Daniel Onyejesi
6c0c911dbd Fix module init: defer all tab scripts until component HTML is loaded
All JS modules were running immediately (IIFE/DOMContentLoaded) but
tab HTML is lazy-loaded from /components/*.html, causing null errors
on every addEventListener call. Each module now listens for tabChanged
with its tab name and initializes once after the DOM is ready.

Also: quiz question/explanation boxes changed to textarea for
multi-line support; quiz display uses sanitizeHtml() so formatted
text (bold, lists, etc.) renders correctly.
2026-03-23 22:03:54 -04:00
Daniel Onyejesi
b933b449a8 Fix line breaks in AI output: use innerHTML instead of textContent
Adds setOutputText() helper that escapes HTML and converts \n to <br>,
applied to all AI-generated note outputs so line breaks are preserved
in contenteditable divs. Also cleans up CSS for quiz option markers.
2026-03-23 21:17:50 -04:00
Daniel Onyejesi
ffacdcbedb Fix loading race condition, improve quiz UX, editor toolbar, settings page
- Fix: component loader now fires tabChanged AFTER HTML is in DOM
  (fixes CMS/settings stuck at loading)
- CMS: separate "New Article", "New Quiz", "New Pearl" buttons
- CMS: editor toolbar with formatting buttons (bold, italic, headings,
  lists, links, tables, quotes, code, hr)
- CMS: quiz questions have numbered headers (Q1, Q2...), larger inputs,
  clear "check correct answer" labels
- CMS: validation prevents saving questions without correct answer marked
- Quiz UX: large card-style question boxes with gradient number badges,
  bigger option buttons with hover effects and selection feedback,
  checkmark/cross icons on results
- Settings: improved card spacing, input styling, section headers with
  bottom borders for visual hierarchy
- Settings: updated compliance section (removed HIPAA references, added
  BAA/institution guidelines language)
2026-03-23 20:37:35 -04:00
Daniel Onyejesi
82a0911d24 Dedicated CMS page, responsive email templates, security fixes in auth
- New dedicated Content Manager tab (WordPress-like layout) with:
  - Stats dashboard (published, drafts, categories, quizzes, attempts)
  - Sidebar with category tree and filter controls (status, category)
  - Table-style content list with search
  - Full-page editor with title bar, meta fields, body editor, quiz builder
- Content Manager visible only for admin and moderator roles in sidebar
- Removed CMS from admin panel (admin panel is admin-only again)
- Email templates: fully responsive with max-width, proper mobile breakpoints,
  table-based layout for Outlook/Gmail compatibility, no overflow
- Security: escape all user data in emails with escHtml(), escape APP_URL
  in verify-email HTML, replace raw err.message with generic errors in auth
- Security: email body from admin settings now HTML-escaped before rendering
2026-03-23 20:13:22 -04:00
Daniel Onyejesi
0327afe94c Fix quiz SQL bug, security hardening, componentize HTML, speed improvements
- Fix: "missing FROM-clause entry for table q" in quiz submission query
- Security: replace broken sanitizeHtml with allowlist-based sanitizer (prevents stored XSS)
- Security: whitelist table names in uniqueSlug() to prevent SQL injection pattern
- Security: replace raw err.message responses with generic errors in learning routes
- Security: cap admin logs query LIMIT to 500
- Refactor: break 1685-line index.html into 12 lazy-loaded component files (280 lines shell)
- Speed: add preconnect hints for Google Fonts and CDN
- Speed: defer all script tags for faster initial paint
- Speed: lazy-load tab HTML on activation (only active tab's DOM is parsed)
- Update: replace HIPAA notice with institution-guidelines cautionary note
2026-03-23 20:01:54 -04:00
Daniel Onyejesi
c6cc9ece71 v3.1: Add Learning Hub with CMS, quizzes, and 3-role user system
- New Learning Hub under Pediatric menu with content feed, category browsing,
  search, content viewer, and interactive quizzes (MCQ, true/false)
- Quiz system with per-option wrong-answer explanations and general explanations
- Admin CMS for creating/editing categories, content (articles, pearls, quizzes),
  and inline question builder with answer options
- 3-role system: admin (full access), moderator (can manage Learning Hub content),
  user (all clinical features + learning hub read access)
- 5 new database tables: learning_categories, learning_content, learning_questions,
  learning_options, learning_progress
- User progress tracking with score history per quiz
- Moderators see "Content Manager" tab instead of full Admin panel
2026-03-23 19:32:47 -04:00
Daniel
fdda1c8f83 Expand ROS/PE: pertinent negatives for WNL, clinical descriptions for abnormal
- WNL/Normal systems now expand to 1-3 specific pertinent negatives instead of
  just "WNL" — varies each time, relates to chief complaint and differential
  (e.g., Skin: "no rash, no petechiae, no bruising" instead of "WNL")
- Abnormal systems: AI expands physician's brief note into clinical description
  favoring most common presentation, adds only 1-2 related pertinent negatives
  (e.g., "pimples on face" → "inflammatory papules on bilateral cheeks...")
- Format function now passes system domain details for context
- Rules applied to well visit (full + short) and sick visit prompts
2026-03-23 23:45:09 +01:00
Daniel
0be925f58f Add growth velocity, feeding guidance, BMI classification to well visits
- Growth reference data by age (newborn through 21y): expected weight/length/HC
  gains per day/month/year, puberty growth spurt details
- Feeding/nutrition guidance by age: formula amounts, breastfeeding frequency,
  solid food introduction timeline, juice limits, milk transitions, calorie needs
- BMI/obesity classification per AAP 2023 CPG + CDC Extended BMI:
  Underweight, Healthy, Overweight, Obesity Class I/II/III with action items
  (≥120% and ≥140% of 95th percentile thresholds)
- Weight-for-length guidance for children <2 years
- "By Visit" panel now shows growth reference + feeding guidance + BMI table
- Well visit AI prompt updated to include growth assessment, BMI classification,
  and feeding counseling in generated notes
- Backend injects age-appropriate growth/nutrition data into AI context
2026-03-23 23:11:24 +01:00
Daniel
a7f5d60c64 v3.0: Add multi-provider Bedrock models, newborn milestones, Converse API
- Bedrock: Add 14 non-vendor model models (Amazon Nova, Meta Llama 4, DeepSeek R1/V3,
  Mistral Large 3, Cohere Command R+, AI21 Jamba) with verified AWS model IDs
- Bedrock: Implement Converse API for non-Anthropic models (unified cross-model API),
  keep native Messages API for vendor model models (best performance)
- Milestones: Add Newborn / 1 month developmental milestones (Gross Motor, Fine Motor,
  Language, Social/Emotional, Cognitive) — previously started at 2 months
- Bump version to 3.0.0, docker-compose tag to v3.0
2026-03-23 22:13:19 +01:00
Daniel
9736d5f3c3 Fix: Bedrock vendor model models updated with verified IDs from AWS docs
- Source: docs.aws.amazon.com/bedrock/latest/userguide/models-supported.html
- Added: vendor model Opus 4.6 (anthropic.agent-config-opus-4-6-v1)
- Added: vendor model Opus 4.5 (anthropic.agent-config-opus-4-5-20251101-v1:0)
- Added: vendor model Sonnet 4.6 (anthropic.agent-config-sonnet-4-6) — new default
- Added: vendor model Sonnet 4.5 (anthropic.agent-config-sonnet-4-5-20250929-v1:0)
- Kept: vendor model Sonnet 4, Haiku 4.5, vendor model 3.5 Haiku
- Fallback updated to vendor model Haiku 4.5
- Bump version to 2.9.0
2026-03-23 18:23:26 +01:00
Daniel
c7f1bd4901 Fix: chart review New clears all fields/notes, date context for AI, Bedrock vendor model-only models
- resetChartReview() clears all pasted notes, visit cards, labs, demographics, and output on New
- clearTab('chart') in encounters.js now calls resetChartReview() for complete reset
- chartReview route injects today's date so AI understands time-relative terms
- Bedrock models updated to vendor model-only with verified 2025 IDs (Sonnet 4, 3.7 Sonnet, 3.5 Sonnet v2, 3.5 Haiku)
- Removed Llama/Mistral/Titan from Bedrock; fixed incorrect vendor-model-4.6 Bedrock IDs
- Bump version to 2.8.0
2026-03-23 18:12:07 +01:00
Daniel Onyejesi
5139a15e51 Fix: auth-screen flex-direction column so footer sits below login box 2026-03-22 19:48:23 -04:00
Daniel Onyejesi
679260016c Fix: footer on login page only, static position at bottom of auth screen 2026-03-22 19:46:25 -04:00