Three concurrent themes from this session:
═══════════════════════════════════════════════════════════════════
ED ENCOUNTERS — per-stage cards + consolidate→MDM finalize
═══════════════════════════════════════════════════════════════════
UX redesign per Daniel's feedback ("every stage note should be shown,
if AI is told to modify that particular note then the modified version
is used in final mdm"):
- Each generated stage stays on screen as its own editable card with
its own embedded "Don't Miss" panel. No more single rolling note
element that gets replaced on each generation.
- gatherCurrentNotes() reads contenteditable text from each stage card
before any operation (advance, finalize, persist) so inline edits
flow into the next AI call and the final consolidate.
- Stage badge is now state-accurate. "Stage N (recording)" with yellow
background after Add-more before generation; "Stage N" with gray
after generation. Fixes the bug where the badge flipped to Stage 2
the moment Add-more was clicked.
- Save & Done now runs TWO server-side AI calls in /finalize:
1. edConsolidate (new prompt) → polished single final note that
integrates every stage chronologically (HPI / ROS / PE / ED Course /
A&P with disposition).
2. edFinalize (rewritten with full inline 2023 AMA E/M element
rubric — problems / data / risk definitions, level mapping with
concrete examples) → MDM JSON.
- Two new cards render after finalize: blue-bordered Final Consolidated
Note + green-bordered MDM. Stage cards become read-only.
- partial_data on the saved row now stores {stages, finalNote, mdm,
finalized} so resume re-renders the full state.
Why two-call finalize: a single combined prompt makes the model cut
corners on one task. Two focused calls cost ~2× latency at the very end
of an encounter — acceptable since finalize is a one-time terminal
action, not a per-stage hot path.
Files: public/components/ed-encounter.html, public/js/ed-encounters.js,
src/routes/edEncounters.js, src/utils/prompts.js (edConsolidate added,
edFinalize rewritten).
═══════════════════════════════════════════════════════════════════
EXTENSIONS / PAGERS — visual polish
═══════════════════════════════════════════════════════════════════
Multiple iterations based on Daniel's feedback:
- Layout: align-items:flex-start so action buttons stay pinned top-right
when long numbers wrap (was align-items:center → buttons drifted into
the text area, causing visible overlap).
- Number: word-break:break-all + min-width:0 + font-feature-settings:tnum
so long numbers wrap within their column instead of pushing under the
buttons. Click-to-copy with a 0.55s green flash + ✓ copied badge.
- Phone/pager Font Awesome icon next to the number in the type color —
at-a-glance type signal (replacing an earlier 3px left stripe that
Daniel found visually bulky).
- Name: font-weight 700, font-size 14.5px, color g900, letter-spacing
-0.012em — scan-target headline typography for long lists.
- Alternating subtle backgrounds by index (white vs #fafbfc) so a long
list reads as distinct rows.
- Hover: card lifts 1px with a soft shadow; action buttons fade from
55% to 100% opacity. Cubic-bezier transition on transform.
- Entrance: staggered fade-up animation per card (35ms × index, capped
at 12). prefers-reduced-motion media query disables motion.
- Empty state: 48px FA icon + heading instead of plain gray text.
Files: public/js/extensions.js, public/css/styles.css.
═══════════════════════════════════════════════════════════════════
DOCS REORGANIZATION + APPLICATION-LOGIC DOCS + ADMIN VIEWER
═══════════════════════════════════════════════════════════════════
Document moves (preserving git history via git mv):
BROWSER_WHISPER_SETUP.md → docs/browser-whisper-setup.md
BROWSER_WHISPER_TROUBLESHOOTING.md → docs/browser-whisper-troubleshooting.md
DEVELOPER_GUIDE.md → docs/developer-guide-extended.md
EMBEDDINGS_SETUP.md → docs/embeddings-setup.md
FEATURES_EXPLAINED.md → docs/features-explained.md
IMPROVEMENTS.md → docs/improvements.md
OPENID_SETUP.md → docs/openid-setup.md
TRANSCRIPTION_OPTIONS.md → docs/transcription-options.md
README.md updated with the new paths + a Documentation section that
links to docs/logic/ at the top.
New application-logic doc series (~8,300 lines total) at docs/logic/.
Built with 5 parallel doc-writing agents per Daniel's "use multiple
agents" directive. Each doc explains how a part of the app actually
works — application logic, data flow, design decisions, sacred zones,
how-to-extend recipes — at a depth that lets a new dev (or an AI
assistant) modify the code confidently.
docs/logic/README.md — index + recommended reading order
docs/logic/architecture.md (2166 L) — frontend IIFE pattern, lazy tab
load, backend route convention,
schema, encryption, deployment
docs/logic/clinical-notes.md (1546L) — every note tab + helper trio
docs/logic/bedside-and-calculators.md (1373L) — bedside ES module
pocket + calculators + PE Guide
+ suture selector
docs/logic/auth-admin-learning.md (1281L) — auth (local+OIDC+2FA) +
admin panel + Learning Hub
(Quiz engine logic at sub-detail
only — TODO follow-up)
docs/logic/ai-and-voice.md (1128 L) — callAI 5-provider routing,
prompts, voice/STT, helper trio
docs/logic/ed-encounters.md (821 L) — multi-stage ED + MDM (this
session's worked example)
Admin-only docs viewer:
- New route /api/admin/docs/{tree,file}: recursively walks docs/, returns
the tree as JSON; /file?path=X validates path stays inside docs/ and
renders markdown via marked. Both gated by req.user.role==='admin'.
- New tab "Docs" (book icon) in the sidebar, hidden by default and
revealed in auth.js when user.role==='admin' (same pattern as the
existing Admin and CMS tabs).
- New component public/components/admin-docs.html: split-pane layout
with a tree sidebar + filter input + a markdown reader pane.
- New module public/js/admin-docs.js: lazy-loads the tree on first tab
activation, renders collapsible folders, persists expanded state and
last-opened path via UIState. Server-rendered HTML so no client
markdown parser needed.
- CSS for the viewer (responsive split-pane, code-block styling, table
scrolling, etc.).
- Mounted at /api/admin/docs (NOT /api) — important: mounting a router
with router.use(authMiddleware) at /api accidentally 401s every other
/api/* path (caught and fixed during testing — /api/health was 401'ing).
Files: docs/* (moved + new), README.md, public/components/admin-docs.html
(new), public/js/admin-docs.js (new), src/routes/adminDocs.js (new),
public/index.html (tab + section + script), public/js/auth.js (admin
gate + logout cleanup), public/css/styles.css (viewer styles), server.js
(mount).
═══════════════════════════════════════════════════════════════════
KNOWN GAPS (TODO follow-ups)
═══════════════════════════════════════════════════════════════════
- Learning Hub quiz engine (MCQ / multi-select / T-F scoring + attempt
tracking + progress dashboard) is covered at the architectural level
in docs/logic/auth-admin-learning.md but not drilled into the quiz
data model and scoring flow. Worth a focused follow-up doc.
- ED finalize: if MDM step JSON parse fails, server returns 502 with
the consolidated finalNote in the error payload, but client doesn't
surface the partial result. Add a "MDM failed, retry" affordance.
- No e2e Playwright coverage for ED encounters or the new docs viewer.
14 KiB
Pediatric AI Scribe v6
AI-powered clinical documentation platform for pediatric medicine. Generates HPIs, hospital courses, chart reviews, SOAP notes, well/sick visit notes, and developmental milestone assessments from voice recordings or dictation.
Features
Clinical Documentation
- Live Encounter — record doctor-patient conversations, AI generates structured OLDCARTS HPI
- Voice Dictation — dictate narrative, AI cleans and restructures
- Hospital Course — paste progress notes, generates prose, day-by-day, organ-system (ICU), or psych format
- Chart Review / Precharting — summarize outpatient, subspecialty, and ED notes
- SOAP Notes — full SOAP or subjective-only from dictation
- Well Visit — AAP 2025 Bright Futures periodicity with vaccines, screenings, billing codes, SSHADESS (12+), milestones
- Sick Visit — quick documentation with auto-suggested ROS and PE from chief complaint
- Developmental Milestones — AAP/Nelson tracker (birth-11y) with narrative/structured/summary output
AI & Speech
- 5 AI Providers — OpenRouter, AWS Bedrock, Azure OpenAI, Google Vertex AI, LiteLLM
- 5 STT Providers — Google Gemini, Amazon Transcribe (Medical), OpenAI Whisper, Local Whisper, LiteLLM
- 3 TTS Providers — Google Cloud TTS, LiteLLM (OpenAI), ElevenLabs
- Browser Whisper — fully offline in-browser transcription via WebAssembly (HIPAA-safe)
- Per-tab model selector — choose fast vs. smart vs. premium models per task
- Physician memory system — Dragon-like learning from your corrections
Learning Hub
- Content Management — articles, clinical pearls, quizzes, presentations
- AI Content Generation — generate from topics, uploaded PDFs, or Nextcloud files
- Marp Presentations — slide editor with preview and PPTX export
- Semantic Search — vector-based search via pgvector embeddings
- Quiz System — MCQ, multi-select, true/false with scoring and progress tracking
Platform
- Multi-user with roles — admin, moderator, user
- OIDC/SSO — Azure AD, Okta, Keycloak, PocketID, Google
- 2FA — TOTP-based two-factor authentication
- Cloudflare Turnstile — bot protection on login, register, password reset
- Email verification — with customizable templates
- Nextcloud integration — WebDAV export
- S3 Document Storage — AWS S3, Backblaze B2, MinIO
- PWA — installable, works on mobile
- Admin Panel — user management, settings, prompt editor, model configuration, logs
Quick Start
1. Configure
cp .env.example .env
Edit .env — at minimum set:
AI_PROVIDER=litellm # or openrouter, bedrock, azure, vertex
LITELLM_API_BASE=https://your-litellm.example.com
LITELLM_API_KEY=sk-...
OPENAI_API_KEY=sk-... # for Whisper transcription (if not using LiteLLM STT)
JWT_SECRET=<64-char random> # openssl rand -hex 32
DB_PASSWORD=<strong password>
APP_URL=https://your-domain.com
2. Start
docker compose up -d
App runs on port 3552. First user to register becomes admin.
3. Admin CLI
docker exec pediatric-ai-scribe node admin-cli.js list-users
docker exec pediatric-ai-scribe node admin-cli.js create-admin admin@example.com password123 "Dr. Admin"
docker exec pediatric-ai-scribe node admin-cli.js make-admin user@example.com
docker exec pediatric-ai-scribe node admin-cli.js reset-password user@example.com newpassword
docker exec pediatric-ai-scribe node admin-cli.js toggle-registration
docker exec pediatric-ai-scribe node admin-cli.js stats
AI Provider Configuration
Switch providers by setting AI_PROVIDER in .env. No code changes needed.
| Provider | HIPAA | Config |
|---|---|---|
| LiteLLM | Depends on backend | LITELLM_API_BASE, LITELLM_API_KEY |
| AWS Bedrock | Yes (with BAA) | AWS_BEDROCK_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY |
| Azure OpenAI | Yes (with BAA) | AZURE_OPENAI_ENDPOINT, AZURE_OPENAI_API_KEY, AZURE_DEPLOYMENT_NAME |
| Google Vertex AI | Yes (with BAA) | GOOGLE_VERTEX_PROJECT, GOOGLE_VERTEX_LOCATION |
| OpenRouter | No | OPENROUTER_API_KEY |
Transcription (Speech-to-Text)
Set TRANSCRIBE_PROVIDER or let the app auto-detect.
| Provider | HIPAA | Config |
|---|---|---|
| Google Gemini | Yes | GOOGLE_VERTEX_PROJECT, GOOGLE_STT_MODEL |
| Amazon Transcribe | Yes | AWS creds + TRANSCRIBE_PROVIDER=aws |
| Amazon Transcribe Medical | Yes | AWS_TRANSCRIBE_MEDICAL=true, AWS_TRANSCRIBE_SPECIALTY=PRIMARYCARE |
| Local Whisper | Yes (offline) | TRANSCRIBE_PROVIDER=local, WHISPER_BINARY, WHISPER_MODEL_SIZE |
| OpenAI Whisper | No | OPENAI_API_KEY |
| LiteLLM | Depends | TRANSCRIBE_PROVIDER=litellm, LITELLM_STT_MODEL |
| Browser Whisper | Yes (client-side) | No config needed — toggle in user settings |
Text-to-Speech
| Provider | HIPAA | Config |
|---|---|---|
| Google Cloud TTS | Yes | GOOGLE_VERTEX_PROJECT, GOOGLE_TTS_VOICE |
| LiteLLM | Depends | LITELLM_TTS_MODEL, LITELLM_TTS_VOICE |
| ElevenLabs | No | ELEVENLABS_API_KEY |
OpenID Connect / SSO
Supports Azure AD, Okta, Keycloak, PocketID, Google, and any OIDC-compliant provider.
- Register callback URL:
https://your-domain.com/api/auth/oidc/callback - Admin Panel > Settings > Configure OIDC (Issuer URL, Client ID, Client Secret)
- Users are auto-created and linked by email on first SSO login
See docs/openid-setup.md for provider-specific guides.
Cloudflare Turnstile (Bot Protection)
Optional CAPTCHA on login, registration, and password reset forms.
TURNSTILE_SITE_KEY=0x4AAA...
TURNSTILE_SECRET_KEY=0x4AAA...
Without SMTP, email verification is skipped and users are auto-verified.
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USER=your-email@gmail.com
SMTP_PASS=your-app-password
SMTP_FROM=noreply@yourdomain.com
Maintenance CLI
After a Postgres image upgrade (major version bump or silent base-layer change), btree indexes on text columns can become inconsistent with the new ICU/glibc library. The app auto-detects this at startup and reindexes on drift, but you can also trigger it manually:
# Health check — no writes
docker exec pediatric-ai-scribe npm run maint:check
# Rebuild all indexes + refresh collation + ANALYZE
docker exec pediatric-ai-scribe npm run maint:reindex
Run maint:reindex any time after:
- Upgrading the Postgres image (major or minor)
- Restoring from a dump created on a different Linux distro
- Seeing "invalid credentials" on credentials you know are correct
- Seeing
0 rowsreturned from a lookup that should match
The reindex takes seconds on a small DB and a minute or two on larger ones. Safe to run while the app is serving traffic, though queries may slow briefly.
Docker Hub
docker pull danielonyejesi/pediatric-ai-scribe-v3:latest
Minimal compose without building:
services:
app:
image: danielonyejesi/pediatric-ai-scribe-v3:latest
ports:
- "3552:3000"
env_file: .env
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
postgres:
image: pgvector/pgvector:pg16
environment:
POSTGRES_DB: pedscribe
POSTGRES_USER: pedscribe
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- pgdata:/var/lib/postgresql/data
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U pedscribe"]
interval: 10s
retries: 5
volumes:
pgdata:
HIPAA Notice
This application processes data through third-party AI APIs.
- All connections use HTTPS/TLS
- Authentication required for all AI endpoints
- 2FA and SSO available
- Cloudflare Turnstile bot protection
- AWS Bedrock, Azure OpenAI, and Google Vertex AI offer BAAs
- OpenRouter and ElevenLabs do NOT offer BAAs
- Browser Whisper and Local Whisper keep audio fully private
Do not use real PHI without executed BAAs with all providers in your deployment.
Documentation
See docs/ for the full documentation set.
Application logic — start here if you're new to the codebase
docs/logic/ is a deep, dev-friendly walkthrough of how each part of the app actually works. ~8,300 lines of "how it works and why" — read the index first to know what's there:
- docs/logic/README.md — index + recommended reading order
- docs/logic/architecture.md — frontend IIFE pattern, lazy tab loading, backend route convention, schema, encryption, sacred zones
- docs/logic/clinical-notes.md — every note tab (HPI, dictation, sick, well, SOAP, hospital, chart, notes) with the shared record→generate→save lifecycle
- docs/logic/ed-encounters.md — multi-stage ED notes, per-stage don't-miss, consolidate→MDM finalize. Worked example of how a clinical workflow is composed in this codebase.
- docs/logic/bedside-and-calculators.md — Bedside emergencies module (ES-module pocket of the frontend), pediatric calculators, PE Guide, suture selector. Lists every clinical formula that must NOT be modified without test vectors.
- docs/logic/ai-and-voice.md —
callAI5-provider routing, prompt centralization with DB overrides,wrapUserText+INJECTION_GUARD, server STT routing, browser Whisper, the helper trio (refine/billing/don't-miss). - docs/logic/auth-admin-learning.md — local + OIDC auth, 2FA, sessions, OpenBao secret loading, Admin panel, Learning Hub.
Operational + reference
- Architecture Overview — high-level (the deep version is in docs/logic/architecture.md)
- API Reference
- Database Schema
- Authentication & Security
- AI Providers & Models
- Speech (STT/TTS)
- Learning Hub & CMS
- Configuration Reference
- Deployment Guide
- Developer Guide (short)
- Developer Guide (extended)
- Browser Whisper Setup · Troubleshooting
- Embeddings Setup
- OpenID Connect Setup
- Transcription Options
- Features Explained
- Improvement Roadmap
Development
npm install
cp .env.example .env # edit with your keys
# Requires PostgreSQL with pgvector
node server.js
Testing
Two layers, both zero-config after the initial setup.
Unit tests — pure dose math (Node built-in)
npm test
Runs node --test test/ against public/js/calc-math.js — pure functions for
APLS / Best Guess weight, Parkland, Holliday-Segar 4-2-1, PRAM, Westley,
epi (anaphylaxis vs arrest vs NRP, different concentrations), RSI drugs,
min SBP, ETT sizing, Lund-Browder TBSA. 36 assertions, no dependencies.
End-to-end tests — Playwright smoke suite
Runs a headless Chromium against the live app. 128 tests covering every calculator tab, every Bedside sub-pill + widget, auth-gated pages (encounter, well visit, charts, vaccines, catch-up, learning hub, dictation, settings, FAQ), at both desktop and mobile (Pixel 5) viewports.
# First-time setup: spin up the auth-less test container (port 3553)
docker compose -f docker-compose.yml -f docker-compose.e2e.yml up -d pediatric-scribe-e2e
# Then run the full suite (runs inside an official Playwright container)
npm run e2e
The runner script (scripts/e2e.sh) uses mcr.microsoft.com/playwright so you
don't need Node or browsers on the host.
Test environment:
pediatric-ai-scribe(port 3552) — your normal apppediatric-ai-scribe-e2e(port 3553) — identical image, but withTURNSTILE_SECRET_KEY=""andSMTP_HOST=""so Playwright can log in without a bot challenge. Shares the same Postgres + pgdata volume.- Test user:
e2e-user@ped-ai.test(auto-verified on first register) - Harness page:
public/e2e-harness.htmlloads the calculators component without the auth wall for smoke tests that don't need a logged-in session.
Viewing failures — Playwright writes e2e/test-results/<test-name>/
with:
test-failed-1.png— screenshot at the point of failuretrace.zip— full action trace (replay withnpx playwright show-trace)error-context.md— DOM snapshot and console logs
Everything but the specs and config is gitignored under e2e/.
Files:
e2e/tests/bedside-smoke.spec.js— 26 tests for the Bedside modulee2e/tests/top-calculators.spec.js— 27 tests for BP / BMI / Growth / Bili / Vitals / BSA / Dose / Resus / GCS / Equipmente2e/tests/auth-gated-smoke.spec.js— 11 tests for the auth-gated tabse2e/playwright.config.js— runs all the above under bothchromium(Desktop Chrome) andmobile-chrome(Pixel 5) projects
Writing a new test:
const { test, expect } = require('@playwright/test');
test('my new smoke test', async ({ page }) => {
await page.goto('/e2e-harness.html'); // bypasses auth for calculators
await page.waitForFunction(() => window.__harnessReady === true);
await page.click('button.calc-nav-pill[data-calc="bedside"]');
await expect(page.locator('#calc-bedside')).toBeVisible();
});
For auth-gated routes, use the login fixture in auth-gated-smoke.spec.js
as a template — it caches the token at module scope so you don't hit the
login rate-limit.