# Pediatric AI Scribe - Architecture Overview ## System Overview The Pediatric AI Scribe is a self-hosted, Dockerized clinical documentation assistant built on the following stack: - **Runtime:** Node.js 20 (Alpine) with Express - **Database:** PostgreSQL 16 with the pgvector extension for embedding-based similarity search - **Containerization:** Docker Compose with two services (app + database) - **Frontend:** Vanilla JavaScript single-page application (no framework) The application provides AI-powered transcription, note generation, and learning tools for pediatric clinicians. It runs entirely behind a reverse proxy and is designed for single-institution or personal deployment. --- ## File Structure ``` / ├── server.js # Application entry point ├── package.json ├── Dockerfile ├── docker-compose.yml ├── sw.js # Service worker (copied into public/) │ ├── src/ │ ├── routes/ # 27 route files (Express routers) │ │ ├── encounters.js │ │ ├── auth.js │ │ ├── admin.js │ │ ├── learning.js │ │ ├── ... # (27 total) │ │ │ ├── utils/ │ │ ├── ai.js # LLM client abstraction (OpenAI-compatible) │ │ ├── models.js # Model registry and selection │ │ ├── prompts.js # System/user prompt templates │ │ ├── config.js # App settings helpers (DB-backed) │ │ ├── logger.js # Winston logger setup │ │ ├── embeddings.js # pgvector embedding generation │ │ ├── transcribeAWS.js # AWS Transcribe integration │ │ ├── transcribeGoogle.js # Google Cloud Speech-to-Text │ │ ├── transcribeLocal.js # Local Whisper WASM transcription │ │ └── ttsGoogle.js # Google Cloud Text-to-Speech │ │ │ ├── middleware/ │ │ ├── auth.js # JWT + session authentication │ │ └── logging.js # Request/response logging middleware │ │ │ └── db/ │ └── database.js # PostgreSQL connection pool + query helpers │ ├── public/ # Static frontend assets │ ├── index.html # SPA shell │ ├── app.js # Tab/navigation manager │ ├── components/ # HTML partials loaded via fetch │ ├── js/ # 20+ JS modules │ └── css/ # Stylesheets │ └── scripts/ # Utility and migration scripts ``` --- ## Request Flow Every incoming HTTP request passes through the following middleware chain in order: ``` Client Request | v Helmet (CSP headers, security hardening) | v CORS (origin validation) | v Cookie Parser (signed cookies for sessions) | v Rate Limiting (per-IP and per-route limits) | v Static File Serving (public/ directory) | v Route Matching (src/routes/*.js) | v Auth Middleware (JWT verification, role checks) | v Route Handler (business logic, DB queries, AI calls) | v JSON Response ``` Static assets are served before route matching, so unauthenticated users can load the SPA shell and login page. All API routes under `/api/` require authentication unless explicitly excluded (e.g., `/api/auth/login`, `/api/auth/register`). --- ## Frontend Architecture The frontend is a vanilla JavaScript SPA with no build step and no framework. ### Loading `index.html` serves as the application shell. It contains a `