Aurora v2 — complete platform overhaul (3-tier rewrite)#1
Open
sudoshi wants to merge 300 commits into
Open
Conversation
…ng, SVG chevron fix
…a palette Replaced 2197 occurrences of Parthenon hex color values across 68 files in frontend/src/ (excluding features/auth/ which is intentionally preserved). Mapping applied: - Surface colors: #0E0E11→#0A0A18, #151518→#10102A, #232328→#1C1C48, etc. - Text colors: #F0EDE8→#E8ECF4, #C5C0B8→#B4BAC8, #8A857D→#7A8298, etc. - Primary (crimson→teal): #9B1B30→#00D68F, #B82D42→#33E0A8, #6A1220→#00A56E - Accent (gold/teal→purple): #C9A227→#9D75F8, #2A9D8F→#9D75F8 - Critical: #E85A6B→#F0607A
…sible Sidebar.tsx was already rewritten to a fixed 64px rail with no collapse state. Cleaning up the store to match.
Fixed issues found during seeder execution:
- body_site -> body_part in imaging_studies
- measurement_name -> measurement_type in imaging_measurements
- variant_name -> variant, classification -> clinical_significance in genomic_variants
- condition_name -> concept_name in condition_eras
- resolved_date -> resolution_date in conditions
- performed_at -> performed_date in procedures
- visit_date -> admission_date, visit_end_date -> discharge_date in visits
- note_date -> authored_at in clinical_notes
- Removed non-existent columns: reason, indication, findings, notes (medications),
exon, detected_at, report_date, origin, sample_type (genomic_variants), unit (observations)
- Truncated abnormal_flag values to fit varchar(10)
- Fixed text values ('trace') in numeric columns to use value_text
- All 12 patients now seed successfully with ~1,455 total records
…tions 12 clinically defensible synthetic patients across 4 specialties: - Rare Disease: hATTR Amyloidosis, TSC (pediatric), CAPS - Pre-Surgical: Redo CABG+AVR, CRS-HIPEC, VHL+HHT Posterior Fossa - Oncology: EGFR Lung, BRAF CRC, BRCA1 TNBC - Undiagnosed: ECD, VEXAS, APS-1/APECED (pediatric) Each patient has: conditions, medications, procedures, lab measurements (longitudinal trending), observations, visits, clinical notes, imaging studies with series, genomic variants, condition/drug eras. Total: 12 patients, ~120 conditions, ~100 medications, ~440 lab values, ~230 visits across the dataset. Also includes performance optimizations: - Eager loading with withCount() on case/session/decision list endpoints - SecurityHeaders middleware added to API middleware group
…M Plex Mono Body background/text colors updated from Parthenon warm grey to Aurora cold blue-black. Removed IBM Plex Mono from Google Fonts (now self-hosted as Inter + JetBrains Mono via @font-face).
Replace generic placeholder cases with 12 clinically accurate cases matched to the synthetic demo patients: Rare Disease (4): hATTR cardiac progression, TSC pediatric multisystem, CAPS flare management, ECD diagnostic workup Surgical (3): Redo CABG+AVR, CRS-HIPEC candidacy, VHL+HHT posterior fossa Oncology (3): EGFR NSCLC resistance, BRAF CRC response, BRCA1 TNBC neoadjuvant Undiagnosed (2): VEXAS refractory cytopenias, APS-1/APECED pediatric Each case now has: patient_id linked to the demo patient, disease-specific clinical_question with real treatment dilemmas, detailed summary with labs/imaging/staging, and realistic scheduled_at dates.
- Download Inter Variable and JetBrains Mono fonts to backend/public/fonts/
(previously missing, served as HTML causing decode errors)
- Fix decisions API: frontend now uses /cases/{id}/decisions for case-scoped
queries and /decisions/dashboard for cross-case view
- Add DecisionController::dashboard() method for cross-case decision listing
- Update CSP to allow Google Fonts (fonts.googleapis.com, fonts.gstatic.com)
- All JS chunks verified serving with correct MIME type
- types/index.ts: TypeScript interfaces for PatientFingerprint, SimilaritySearchResponse, OutcomeTrajectory, FusionWeightConfig, FingerprintStats and supporting enums/types - api/fingerprintApi.ts: async API functions for all fingerprint endpoints (search, encode, outcomes, weights, stats) - hooks/useFingerprint.ts: TanStack Query hooks for all endpoints; useSimilarPatients has refetchOnWindowFocus:false + staleTime:5min to prevent duplicate audit log entries from POST search endpoint
Create 9 React components for the patient fingerprinting feature: - OutcomeBadge: color-coded outcome rating badge (green-to-red) - DimensionBar: horizontal similarity bar per dimension - DecisionTagChips: toggleable decision point tag selector with custom tags - FingerprintBanner: patient fingerprint status with dimension indicators - WeightControls: preset buttons + normalized range sliders for similarity weights - SimilarPatientCard: result card with composite score, dimension bars, outcome badge - OutcomeSidebar: outcome distribution, Abby's Insight, treatment rates, hindsight notes - OutcomeAssessmentModal: clinician outcome assessment form using Modal + Button UI - SimilarPatientsTab: main container composing all components in 70/30 layout Integrate SimilarPatientsTab into PatientProfilePage, replacing the old PatientsLikeThis component for the "Similar Patients" view mode.
…ncer types Create JSON templates for 20 clinically plausible synthetic patients (NSCLC x5, RCC x5, Breast x5, PDAC x5) with full data density: - 8-15 genomic variants per patient with actionable mutations - 2-4 imaging studies with RECIST measurements and segmentations - 6-10 lab measurements across multiple timepoints - 3-5 visits per patient - Complete outcome trajectories with 5 sub-scores + clinician assessment Outcome distribution: 4 Excellent, 7 Good, 4 Mixed, 5 Poor Deliberate similarity clusters: BRAF V600E in NSCLC-01/02/05 Cross-type bridge: PDAC-04 MSI-H shares IO characteristics
- Fix AI service URL config key (services.ai.url → services.ai.base_url) - Register Spatie permission middleware aliases in bootstrap/app.php - Add COALESCE to pgvector similarity query for NULL candidate vectors - Clean up explanation output from generate_concept_mapping - Add container_name to all Docker Compose services Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ion fixes - Dashboard recent cases table now scrollable (max-height 480px, sticky header) - Dashboard API returns 20 recent cases (was 10) - Cases list page shows 24 per page (was 12) - Created 20 clinical cases for golden cohort patients Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Unicode emojis rendered inconsistently across browsers. Replaced with Dna, Box, and Hospital icons from Lucide with dimension-specific colors (purple genomic, blue volumetric, green clinical). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OHIF static files in backend/public/ohif/ were unreachable because the catchall location / proxied everything to Vite. Added explicit /ohif/ location with try_files fallback to index.html for SPA routing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update base64 auth header to match current Orthanc password - Expand formatStudy isIndexed check to include dicom-web endpoints - Update sync script default password to current value - Add ORTHANC env vars to backend/.env for future use
- Fix OHIF viewer 404 by using root + named location fallback instead of alias (prevents try_files from escaping to catch-all) - Add sudo usage note to CLAUDE.md (sudo-rs, no -A support) - Add comprehensive tumor volumetrics implementation plan covering 5 phases: volume extraction, longitudinal tracking, AI segmentation, frontend visualization, and MedGemma integration
Auto-fix ~25 files (concat_space, ordered_imports, no_unused_imports, class_attributes_separation, etc.) introduced by the fingerprint, patient-flag/task, and golden-cohort work. Pint --test now passes on 259 files, so the Backend Lint job stops failing and the gated Backend Tests / E2E / Deploy jobs can run.
…Laravel CVE composer update symfony/* + guzzlehttp/psr7 (31 in-minor patch bumps, no major upgrades): symfony 7.4.x -> 7.4.13, polyfills -> 1.38.x, guzzle/psr7 2.8.0 -> 2.11.0. Clears 13 of 14 advisories (CRLF/SSRF/header-injection in http-foundation, http-kernel, mailer, mime, routing, yaml, psr7). The 14th (CVE-2026-48019, Laravel CRLF in the default email rule) has no fix on the 11.x line — only 12.60+/13.10+ — so it is documented in an config.audit.ignore entry pending a tracked Laravel 12 upgrade. composer audit now exits 0.
Strategy to make Aurora best-in-class for complex care coordination across four populations (cancer, complex surgical, complex medical, rare disease). Thesis: generalize the case into a longitudinal patient track + configurable board-template engine (horizontal MDT OS), then ship population packs. Reflects steering decisions: rare disease as lead vertical, AI+evidence emphasis, standards/RWE-first posture. Includes the rare-disease lead initiative spec (diagnostic-odyssey state machine, Phenopackets v2, VRS/ACMG engine, automated reanalysis loop, Matchmaker Exchange node), Abby agentic-MDT architecture, standards spine, federation/RWE model, and evidence/trust program. Grounded in deep research across competitive, surgical, medical, rare-disease, standards, and clinical-AI domains.
Plan 1 of 5 for the rare-disease lead initiative (strategy section 5). TDD task breakdown for the diagnostic-odyssey state machine, HPO deep phenotyping with negation/onset/severity, and GA4GH Phenopackets v2 export. Backend-only, fully testable via Pest; grounded in existing Aurora patterns (app schema, ApiResponse, Form Requests, factory conventions).
…ntime Bring Aurora to the Parthenon auth/admin baseline (additive; local email/password login unchanged). OIDC is disabled by default (OIDC_ENABLED=false) so all new routes 404 until configured. Backend: - AuthDriverRegistry + LocalCredentials/AuthentikOidc drivers (identity resolution only; Sanctum token issuance stays in controllers). - OIDC services: discovery/JWKS (cached, short timeouts), token validator (signature/issuer/audience/expiry/nonce), PKCE + single-use server-side state/exchange codes, reconciliation (group-gated, additive-only, must_change_password=false, never grants super-admin). - OidcController: providers/redirect/callback/exchange; no Sanctum token in callback URL; 404 when disabled. login() now uses the local driver. - Admin AuthProviderController (super-admin only) with secret masking on read and mask-sentinel handling so updates never clobber stored secrets. - Migrations: auth_provider_settings (encrypted text), user_external_identities, oidc_email_aliases. Dual token/access_token response keys. Frontend: - OIDC callback page + /auth/callback route; discovery-driven SSO button; token ?? access_token storage; RequireSuperAdmin guard + super-admin gating for the Auth Providers admin surface. Tests: - 24 new backend cases (token validation, reconciliation, handshake, routes, last-super-admin protection) + existing OIDC/admin-provider tests. - Fix a flaky db:seed-in-beforeEach pattern across 7 feature tests (PendingCommand did not execute in time -> superuser unseeded). Adds firebase/php-jwt for ID-token validation.
External steps for Phase 10 (Authentik provider creation, prod env, deploy order, smoke checks, failure modes) + Acumenus-wide standardization registry.
…ror) Unquoted space-containing value broke 'php artisan key:generate' in CI's Prepare-env step (Failed to parse dotenv ... unexpected whitespace), which skipped migrations + Pest. Quote it so the env file parses.
- PhenopacketExporter: emit frequency as a bare OntologyClass per GA4GH Phenopackets v2 (was incorrectly wrapped in an ontologyClass envelope) - StorePhenotypeFeatureRequest: reject duplicate (odyssey_id, hpo_id) with 422 instead of a raw 500 from the unique constraint - ClinicalPatient: add odysseys() relation; DiagnosticOdysseyController::index now uses it instead of an inline hasMany (repo convention) - tests: cover duplicate-HPO 422 and the v2 frequency shape
…_path Root cause of the ~22 CI-masked Backend Test failures: the pgsql search_path was 'app,clinical,public' — missing 'dev'. Laravel could not see the legacy dev-schema tables (dev.events, dev.patients, pivots), so Schema::hasTable returned false and RefreshDatabase's migrate:fresh could not manage them; the Event tests failed and CaseDiscussion/AuthService failed as PG transaction-poisoning cascades. - config/database.php: search_path 'app,clinical,dev,public' (dev after clinical so ClinicalPatient's unqualified 'patients' still resolves to clinical.patients). - Track the create_dev_tables migration (was untracked) so a fresh CI DB gets the dev schema + tables. - Wire the Event routes (index/show/store/update/destroy + upcoming). - phpunit.xml pins DB_DATABASE=aurora_test; Pest fakeIsolatedLocalDisk helper for case-document upload tests; Event/CaseDiscussion service + test refactors (CaseDiscussion now uses ClinicalPatient + 'content'). Full backend suite: 293 passed, 0 failed, 0 skipped.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Aurora v2 — complete platform overhaul
This PR brings the entire v2 rewrite (
v2/phase-0-scaffold) tomain. It is a ground-up modernization of Aurora into a 3-tier clinical collaboration / molecular tumor board platform.Scope: 282 commits · 1,044 files · +158k / −22k lines.
Architecture (3-tier split)
frontend/— React + TypeScript + Vite SPA (Tailwind, Zustand, TanStack Query, Zod). 14 feature modules: auth, dashboard, cases, patient-profile, genomics, imaging, fingerprint, abby-ai, collaboration, decisions, administration, settings, copilot, commons.backend/— Laravel API (Sanctum auth, Spatie RBAC). ~24 controllers, service layer, Form Requests,ApiResponseenvelope, Adapter pattern for clinical data (FHIR / OMOP / Manual).ai/— FastAPI service (agency, routers, knowledge, memory, routing) for genomic annotation and fingerprint encoding.Major features delivered
PatientFingerprint/OutcomeTrajectory/SimilaritySearch/FusionWeightConfigmodels,FingerprintController(9 endpoints) + FastAPI router (5 endpoints), Similar-Patients UI.formatStudyindexed-status logic.Testing
CI
ecf86e3) to clear the Backend Lint gate that was previously failing and skipping Backend Tests / E2E / Deploy.Test plan
Known follow-ups (not in this PR)
ci.ymlhardening (removingcontinue-on-errorfrom Pest/Vitest/Ruff/mypy/audits) is staged locally but intentionally not included — land it once Backend Tests are confirmed green.backend/public/build/is now gitignored; stale tracked copies + an untrackedfrontend/build/should be cleaned in a follow-upchore:..claude/CLAUDE.mdand.claude/rules/auth-system.mdstill reference the oldresources/js/...layout; auth moved tofrontend/src/features/auth/.