Kabyar — Admin Settings

🌐

Deployment Topology

Vercel infrastructure — serverless functions, edge, CDN

Healthy prod Vercel

▼

🌍

Vercel Edge CDN

● Active — 42 pages

📱

PWA (Service Worker)

● kabyar-v2 cached

⚡

/api/chat

● Serverless 60s

🎨

/api/image

● Serverless 60s

🎬

/api/video

● Serverless 60s

🩺

/api/health

● Health check

🗄️

localStorage

● Client-side, 5MB

🔑

Vercel Env Vars

● 3 keys secured

Cost: Vercel Hobby — free tier (100GB bandwidth, 100h serverless). Upgrade to Pro ($20/mo) for production scale.

Last deployed: —

🔄

Workflow Health

Key clinical & operational workflows — steps, status, metrics

5 Active 0 Degraded

▼

Core clinic workflows with real-time health status

🏥 Patient Registration → Consult

1

Patient arrives → Queue (queue.html)

2

Registration → Demographics (patients.html)

3

Triage → Vitals & urgency (patient-detail.html)

4

Consult → Ko AI-assist (chat.html)

5

Prescribe → Medication (medication.html)

Healthy ~15 min avg

🚨 Emergency Triage

1

Emergency arrival (emergency.html)

2

ABCDE assessment + vitals

3

Ko AI decision support (chat.html)

4

Stabilize or refer (community.html)

Healthy Critical path

📊 Daily Clinic Operations

1

Morning check-in (checkin.html)

2

Review queue & schedule (schedule.html)

3

See patients → Dashboard metrics (dashboard.html)

4

End-of-day summary → Reports (reports.html)

Healthy Daily cycle

🛡️

Compliance Checklist (PDPA-aligned)

Singapore Personal Data Protection Act controls — NOT legal advice

9/9 Controls Review quarterly

▼

⚠️ This is an implementation checklist, not legal advice. Consult a qualified data protection officer.

✓

Purpose Limitation

Data collected only for healthcare delivery. AI prompts scoped to clinical context. No secondary use without consent.

✓

Data Minimisation

Collect only required fields. PII not sent to AI providers. localStorage scoped to device. No telemetry.

✓

Access Control

RBAC roles defined (Admin/Manager/Nurse/CHW). Settings protected. Patient data gated by role.

✓

Audit Logging

Store.actionLog tracks create/update/delete with timestamp and actor. Admin settings changes logged.

✓

Data Retention Policy

Messages auto-trimmed at 50. Daily logs at 30 days. localStorage quota guard at 4MB. Manual export/clear available.

✓

Encryption (Transport)

HTTPS enforced via Vercel + HSTS header (max-age=63072000). TLS 1.2+ on all API calls.

✓

Security Headers

X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy, Permissions-Policy configured.

✓

Input Validation & Sanitisation

API: message count limits, prompt length caps, temp/token clamping. Client: sanitizeStr() for teaching inputs.

✓

Breach Response Readiness

Reset All Data available in Settings. localStorage wipe + reload. No server-side PII stored (client-only architecture).

✅

UAT Checklist

User acceptance test scenarios — happy path, negative, edge, role-based

0/21 Tested Sign-off required

▼

Click status to toggle pass/fail/pending

Happy Path (10)

HP-01: Patient registration + queue

Pending

HP-02: Vitals entry + triage

Pending

HP-03: Ko AI chat consultation

Pending

HP-04: Medication prescribe + refill

Pending

HP-05: Lab order + result entry

Pending

HP-06: Appointment scheduling

Pending

HP-07: Emergency triage workflow

Pending

HP-08: Daily wellness check-in

Pending

HP-09: Ko Image generation

Pending

HP-10: Dashboard metrics load

Pending

Negative Tests (8)

NEG-01: Empty chat submission

Pending

NEG-02: Oversized prompt (>4000 chars)

Pending

NEG-03: Invalid API method (GET→POST)

Pending

NEG-04: Network offline → SW fallback

Pending

NEG-05: localStorage full → quota guard

Pending

NEG-06: XSS in teaching input

Pending

NEG-07: API timeout (>35s)

Pending

NEG-08: Empty patient list state

Pending

Role-Based (3)

ROLE-01: Admin → full settings access

Pending

ROLE-02: Nurse → patient data, no admin

Pending

ROLE-03: CHW → community view only

Pending

🔗

Integration API Catalogue

Endpoints, auth methods, rate limits, health status

4 Endpoints REST

▼

POST/api/chat

AI chat — DeepSeek-V3.2, grok-4, gpt-4o-mini multi-model fallback

Auth: Env Var (AZURE_AI_KEY_A/B) Timeout: 35s

Healthy Max 50 msgs, 4096 tokens

POST/api/image

AI image — MAI-Image-2e, FLUX.2-pro, FLUX.1-Kontext-pro

Auth: Env Var (AZURE_AI_KEY_A/B/IMG) Timeout: 50s

Healthy Max 4000 char prompt

POST/api/video

AI video — Sora-2 (restricted body: prompt, n, size)

Auth: Env Var (AZURE_AI_KEY_A) Timeout: 60s

Healthy Allowlisted fields only

GET/api/health

Health check — uptime, version, timestamp, environment

Auth: None (public) Timeout: 5s

Checking…

🤖

AI Assist Settings

Feature toggles, privacy, quiet mode, redaction controls

Enabled 4 Models

▼

Control how Ko AI assists across the application

AI Chat Enabled

Ko conversational AI via /api/chat

AI Image Generation

Ko Image via /api/image (FLUX, MAI)

AI Video Generation

Ko Video via /api/video (Sora-2)

Clinical Decision Support

Ko suggests diagnoses, drug checks, protocols

Inline Form Suggestions

Ko pre-fills forms based on context

🔒 Privacy Controls

Quiet Mode

Suppress proactive nudges — user-initiated only

PII Redaction

Strip patient names/IDs from AI prompts

Chat History Retention

Keep last 50 messages (auto-trimmed)

Don't Send to AI

Never send: passwords, keys, raw logs, credentials

Privacy note: AI requests go through /api/* proxy. No PII is stored server-side. All patient data remains in client localStorage. AI providers receive only clinical context, never raw patient identifiers.

👤

RBAC & Admin Users

Role matrix, admin management, least privilege, audit trail

4 Roles Least privilege

▼

Role-based access control matrix

Permission	Admin	Manager	Nurse	CHW
Admin Settings	✅	👁️	❌	❌
Patient Records	✅	✅	✅	👁️
Prescriptions	✅	✅	✅	❌
Lab Orders	✅	✅	✅	❌
Schedule Mgmt	✅	✅	✅	👁️
Finance/Billing	✅	✅	❌	❌
HR / Staff	✅	✅	❌	❌
Audit Logs	✅	👁️	❌	❌
Ko AI Chat	✅	✅	✅	✅
Community Health	✅	✅	👁️	✅
Data Export	✅	✅	❌	❌
Reset / Delete	✅	❌	❌	❌

✅ Full access 👁️ Read-only ❌ No access

Audit: All role changes logged to Store.actionLog with timestamp, actor, and previous value. Admin role changes require confirmation.

🚩

Feature Flags / Release Controls

Staged rollout, kill switch, read-only mode, config promotion

All Active prod

▼

AI Chat

Core conversational AI — multi-model fallback

AI Image Generation

FLUX / MAI image models

AI Video Generation

Sora-2 video synthesis

Telehealth

Video consultations via telehealth.html

Patient Portal

Self-service portal for patients

Multi-site Management

Cross-clinic data views

🛑 Kill Switch

Disable all AI features instantly

📖 Read-Only Mode

Prevent data writes — view-only access

Impact: Kill Switch disables /api/chat, /api/image, /api/video. Read-Only Mode prevents Store.save() writes. Both are instant — no deployment needed.

🗂️

Data Governance

Retention, export, delete, backup status, log redaction

Active localStorage

▼

Storage Used

Calculating…

Message Retention

Auto-trim at 50 messages

Active

Daily Log Retention

Auto-trim at 30 days

Active

Action Log Retention

Auto-trim at 50 entries

Active

Quota Guard

4MB limit with auto-trim on overflow

Active

Architecture: All data is client-side (localStorage). No server-side database. Backups are JSON exports. Data deletion is permanent and instant.

📡

Observability & Health

Health endpoints, service status, error tracking, performance

Checking… 4 endpoints

▼

Service Health

/api/health

—

Service Worker

kabyar-v2 — 42 pages cached

Active

Security Headers

5 headers: XFO, XCTO, HSTS, RP, PP

Active

PWA Manifest

Installable, standalone mode

Active

Client Metrics

Patients in Store

—

Appointments Today

—

Chat Messages

—

localStorage Size

—