Kabyar — Admin Settings

🌐

Deployment Topology

Cloudflare Pages — Workers Functions, D1 database, edge CDN

Healthy prod Cloudflare

▼

🌍

Cloudflare Edge CDN

● Active — 42 pages

📱

PWA (Service Worker)

● kabyar-v19 cached

⚡

/api/chat

● Serverless 60s

🎨

/api/image

● Serverless 60s

🎬

/api/video

● Serverless 60s

🩺

/api/health

● Health check

🗄️

Cloudflare D1

● kabyar-db, 22 tables

💾

localStorage

● Client-side L1 cache, 5MB

🔑

CF Pages Secrets

● 4 keys secured

Cost: Cloudflare Pages Free — unlimited bandwidth, 100K Worker requests/day, D1 5GB free. Workers Paid ($5/mo) for production scale.

Last deployed: —

🔄

Workflow Health

Key clinical & operational workflows — steps, status, metrics

5 Active 0 Degraded

▼

Core clinic workflows with real-time health status

🏥 Patient Registration → Consult

1

Patient arrives → Queue (queue.html)

2

Registration → Demographics (patients.html)

3

Triage → Vitals & urgency (patient-detail.html)

4

Consult → Ko AI-assist (chat.html)

5

Prescribe → Medication (medication.html)

Healthy ~15 min avg

🚨 Emergency Triage

1

Emergency arrival (emergency.html)

2

ABCDE assessment + vitals

3

Ko AI decision support (chat.html)

4

Stabilize or refer (community.html)

Healthy Critical path

📊 Daily Clinic Operations

1

Morning check-in (checkin.html)

2

Review queue & schedule (schedule.html)

3

See patients → Dashboard metrics (dashboard.html)

4

End-of-day summary → Reports (reports.html)

Healthy Daily cycle

🛡️

Compliance Checklist (PDPA-aligned)

Singapore Personal Data Protection Act controls — NOT legal advice

9/9 Controls Review quarterly

▼

⚠️ This is an implementation checklist, not legal advice. Consult a qualified data protection officer.

✓

Purpose Limitation

Data collected only for healthcare delivery. AI prompts scoped to clinical context. No secondary use without consent.

✓

Data Minimisation

Collect only required fields. PII not sent to AI providers. localStorage scoped to device. No telemetry.

✓

Access Control

RBAC roles defined (Admin/Manager/Nurse/CHW). Settings protected. Patient data gated by role.

✓

Audit Logging

Store.actionLog tracks create/update/delete with timestamp and actor. Admin settings changes logged.

✓

Data Retention Policy

Messages auto-trimmed at 50. Daily logs at 30 days. localStorage quota guard at 4MB. Manual export/clear available.

✓

Encryption (Transport)

HTTPS enforced via Vercel + HSTS header (max-age=63072000). TLS 1.2+ on all API calls.

✓

Security Headers

X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy, Permissions-Policy configured.

✓

Input Validation & Sanitisation

API: message count limits, prompt length caps, temp/token clamping. Client: sanitizeStr() for teaching inputs.

✓

Breach Response Readiness

Reset All Data available in Settings. localStorage wipe + reload. No server-side PII stored (client-only architecture).

✅

UAT Checklist

User acceptance test scenarios — happy path, negative, edge, role-based

0/21 Tested Sign-off required

▼

Click status to toggle pass/fail/pending

Happy Path (10)

HP-01: Patient registration + queue

Pending

HP-02: Vitals entry + triage

Pending

HP-03: Ko AI chat consultation

Pending

HP-04: Medication prescribe + refill

Pending

HP-05: Lab order + result entry

Pending

HP-06: Appointment scheduling

Pending

HP-07: Emergency triage workflow

Pending

HP-08: Daily wellness check-in

Pending

HP-09: Ko Image generation

Pending

HP-10: Dashboard metrics load

Pending

Negative Tests (8)

NEG-01: Empty chat submission

Pending

NEG-02: Oversized prompt (>4000 chars)

Pending

NEG-03: Invalid API method (GET→POST)

Pending

NEG-04: Network offline → SW fallback

Pending

NEG-05: localStorage full → quota guard

Pending

NEG-06: XSS in teaching input

Pending

NEG-07: API timeout (>35s)

Pending

NEG-08: Empty patient list state

Pending

Role-Based (3)

ROLE-01: Admin → full settings access

Pending

ROLE-02: Nurse → patient data, no admin

Pending

ROLE-03: CHW → community view only

Pending

🔗

Integration API Catalogue

Endpoints, auth methods, rate limits, health status

4 Endpoints REST

▼

POST/api/chat

AI chat — DeepSeek-V3.2, grok-4, gpt-4o-mini multi-model fallback

Auth: Env Var (AZURE_AI_KEY_A/B) Timeout: 35s

Healthy Max 50 msgs, 4096 tokens

POST/api/image

AI image — MAI-Image-2e, FLUX.2-pro, FLUX.1-Kontext-pro

Auth: Env Var (AZURE_AI_KEY_A/B/IMG) Timeout: 50s

Healthy Max 4000 char prompt

POST/api/video

AI video — Sora-2 (restricted body: prompt, n, size)

Auth: Env Var (AZURE_AI_KEY_A) Timeout: 60s

Healthy Allowlisted fields only

GET/api/health

Health check — uptime, version, timestamp, environment

Auth: None (public) Timeout: 5s

Checking…

🤖

AI Assist Settings

Feature toggles, privacy, quiet mode, redaction controls

Enabled 4 Models

▼

Control how Ko AI assists across the application

AI Chat Enabled

Ko conversational AI via /api/chat

AI Image Generation

Ko Image via /api/image (FLUX, MAI)

AI Video Generation

Ko Video via /api/video (Sora-2)

Clinical Decision Support

Ko suggests diagnoses, drug checks, protocols

Inline Form Suggestions

Ko pre-fills forms based on context

🔒 Privacy Controls

Quiet Mode

Suppress proactive nudges — user-initiated only

PII Redaction

Strip patient names/IDs from AI prompts

Chat History Retention

Keep last 50 messages (auto-trimmed)

Don't Send to AI

Never send: passwords, keys, raw logs, credentials

Privacy note: AI requests go through /api/* proxy. No PII is stored server-side. All patient data remains in client localStorage. AI providers receive only clinical context, never raw patient identifiers.

📝

Ko System Prompt

View, edit, and save Ko's personality & medical prompt — syncs to webapp + Telegram

loading…

▼

Edit Ko's system prompt below. Changes apply to both webapp and Telegram instantly. Leave empty to use the built-in default prompt.

0 chars

How it works: Custom prompt is stored in D1 database. Both webapp (ko-ai.js) and Telegram bot (telegram.js) load the latest prompt on every request. If no custom prompt is set, the hardcoded default is used. Max 50,000 characters.

👤

RBAC & Admin Users

Role matrix, admin management, least privilege, audit trail

4 Roles Least privilege

▼

Role-based access control matrix

Permission	Admin	Manager	Nurse	CHW
Admin Settings	✅	👁️	❌	❌
Patient Records	✅	✅	✅	👁️
Prescriptions	✅	✅	✅	❌
Lab Orders	✅	✅	✅	❌
Schedule Mgmt	✅	✅	✅	👁️
Finance/Billing	✅	✅	❌	❌
HR / Staff	✅	✅	❌	❌
Audit Logs	✅	👁️	❌	❌
Ko AI Chat	✅	✅	✅	✅
Community Health	✅	✅	👁️	✅
Data Export	✅	✅	❌	❌
Reset / Delete	✅	❌	❌	❌

✅ Full access 👁️ Read-only ❌ No access

Audit: All role changes logged to Store.actionLog with timestamp, actor, and previous value. Admin role changes require confirmation.

🚩

Feature Flags / Release Controls

Staged rollout, kill switch, read-only mode, config promotion

All Active prod

▼

AI Chat

Core conversational AI — multi-model fallback

AI Image Generation

FLUX / MAI image models

AI Video Generation

Sora-2 video synthesis

Telehealth

Video consultations via telehealth.html

Patient Portal

Self-service portal for patients

Multi-site Management

Cross-clinic data views

🛑 Kill Switch

Disable all AI features instantly

📖 Read-Only Mode

Prevent data writes — view-only access

Impact: Kill Switch disables /api/chat, /api/image, /api/video. Read-Only Mode prevents Store.save() writes. Both are instant — no deployment needed.

🗂️

Data Governance

Retention, export, delete, backup status, log redaction

Active localStorage

▼

Storage Used

Calculating…

Message Retention

Auto-trim at 50 messages

Active

Daily Log Retention

Auto-trim at 30 days

Active

Action Log Retention

Auto-trim at 50 entries

Active

Quota Guard

4MB limit with auto-trim on overflow

Active

📤 Import Data

🏥 Production Mode

Strip all demo data, disable demo seeding

Demo Data

—

📤 Export Production Data

Download only real (non-demo) data as JSON

📥 Import Production Data

Import cleaned JSON data for production use

Import

🎤 Ko Training Portal

Upload text & voice to train Ko's responses

Open Portal →

Architecture: Client data in localStorage (L1 cache) with D1 database as source of truth. Bi-directional sync via ko-sync.js. Backups are JSON exports. Data deletion is permanent and instant.

📡

Observability & Health

Deep health checks, D1 metrics, request tracking, GDPR audit, performance

Checking… v3.0.0 — Phase 5

▼

Service Health

/api/health

—

D1 Database

—

Ko AI Chat

—

Service Worker

kabyar-v20 — 44 pages cached

Active

Security Headers

7 headers: XFO, XCTO, HSTS, RP, PP, CSP, Server-Timing

Active

D1 Table Counts

Run Deep Check to load…

Live Metrics

Active Sessions

—

Audit Events (24h)

—

Region / Colo

—

Client Metrics

Patients in Store

—

Appointments Today

—

Chat Messages

—

localStorage Size

—

GDPR Compliance

Data Export API

/api/gdpr/export/:patientId — Article 15

Active

Data Erasure API

/api/gdpr/erase/:patientId — Article 17

Active

Consent Tracking

/api/gdpr/consent — granular consent records

Active

GDPR Audit Trail

All GDPR actions logged to audit_log

👤

User Management

Create, edit, and remove user accounts — roles & permissions

2 Users D1: — RBAC

▼

Active Users

Add New User

Session & Security

Session Timeout

Auto-logout after inactivity

Max Login Attempts

Lock after failed attempts

Require Password Change

Force password reset on next login

Login History

📱

App Version & Branding

Version control, app name, display settings

v1.0.0 Kabyar

▼

App Version

Displayed on login page

Clinic Name

Shown in headers and reports

Login Page

Require login for all pages

Current Session

—

📜

Activity Feed & Action Log

System-wide activity: logins, settings, clinical actions, errors

0 Events

▼

All 🔐 Auth 🏥 Clinical ⚙️ Settings ❌ Errors

📢

Broadcast Announcements

Send banners to all users across every page

0 Active

▼

New Announcement

Active Announcements

🧩

Dashboard Tile Manager

Reorder and control visibility of home page tiles per role

Home Layout

▼

Target Role

Configure tiles for this role