# Sehat Sahoolat Project Handoff - 2026-05-27 ## Git Snapshot - Repository: `https://github.com/mujtabatariq18/sehat-sahoolat` - Local checkout: `E:\sehat-sahoolat-windows\sehat-sahoolat-windows-bundle` - Branch prepared for publish: `codex/windows-first-run-fixes` - Upstream before commit: even with `origin/codex/windows-first-run-fixes` - Evidence root: `run-logs/2026-05-26-cross-portal-qa/` - QA ledger: `obsidian-vault/06-QA/Cross-Portal-Module-QA.md` ## Scope Covered This handoff captures the current full-stack work across all four web surfaces and the Flutter mobile application: - Patient portal: auth/session flow, dashboard, appointments, booking, EMR, prescriptions, packages, profile/family, notifications, patient-facing AI/coach surfaces, and mobile-linked API behavior. - Doctor portal: auth, forced password change, appointment workspace, EMR review, video call screens, SOAP/Rx workflow, scribe, copilot, schedule, earnings, notifications, and branding. - Admin portal: CMS, doctor invite/verification, branding, notification/FCM settings, reports, finance, queue, packages, settings, and API proxy coverage. - Public site: CMS-driven pages, doctor/public package consistency, responsive navigation, primary link checks, branding, SEO schema, and portal link routing. - Flutter app: Android/iOS branding assets, Firebase/FCM setup, login persistence, patient dashboard modules, appointments, EMR, prescriptions, profile/family/packages/notifications, AI triage/coach widgets, video call shells, doctor/mobile extensions, and real-device/emulator QA evidence. ## Main Implementation Themes - Hardened cross-portal authentication and role-aware API behavior in backend guards, auth/session controllers, proxy clients, and portal shells. - Expanded backend clinical, appointment, reporting, notification, package, prescription, queue, video, scribe, and AI/copilot/coach modules with matching DTO/entity/spec updates. - Added and repaired migrations for package/family behavior, CMS/public content, sessions/security, doctor invite password policy, notification test mode, Firebase service-account storage, EMR/report/timeline fields, appointment lifecycle, and timezone/attachment support. - Improved admin configuration flows for branding, notification email test mode, FCM configuration, and doctor invitation/password onboarding. - Restored and extended public-site coverage as a fourth web portal rather than treating it as stale. - Added shared logo/dynamic branding support under `web/packages/ui` and per-portal `public/brand/logo2` assets. - Advanced the Flutter mobile app toward live patient and doctor workflows, including real login, API-backed appointment/EMR/prescription screens, push setup, mobile permissions, and emulator/phone validation artifacts. - Captured broad QA evidence and screenshots/logs under `run-logs/2026-05-26-cross-portal-qa/`. ## Verification Status Latest detailed QA status is maintained in `obsidian-vault/06-QA/Cross-Portal-Module-QA.md`. Verification run during this handoff: - `backend`: `npm run build` passed. - `backend`: `npm test -- --runInBand` passed, 45 test suites and 435 tests. - `web`: `npx turbo type-check` passed across `@sehat/admin-portal`, `@sehat/doctor-portal`, `@sehat/patient-portal`, `@sehat/public-site`, `@sehat/ui`, and `@sehat/design-tokens`. - `mobile`: `flutter analyze` passed with no issues. Current summarized status from that ledger: - Environment baseline: PASS - Auth, sessions, navigation: PARTIAL with automated pass coverage - Booking and queue: PARTIAL with automated pass coverage - Packages, payments, family, plan changes: PASS - Admin operations and doctor verification: PASS - Consultation, video, notes, prescriptions: PASS with live media pass - Clinical records, AI, refills, feedback, complaints: PARTIAL with automated pass coverage - Finance, reports, notifications, communications: PASS - Public site and CMS: PASS - Mobile app: PARTIAL with emulator/static pass; physical-phone APK work was paused by owner request - Automation backfill: PARTIAL; mobile real-login integration harness still has timeout risk while manual login passes ## Operational Notes - Docker-first backend bootstrap remains the practical local path: Postgres, Redis, Whisper, and backend via Docker; Next.js portals run on host ports `3001` to `3004`. - The known test accounts remain documented in `PROJECT_STATUS.md` and the QA ledger. - `mobile/android/app/google-services.json` is present for Firebase Android client configuration. Backend Firebase service-account material is not committed; `backend/secrets/` is ignored. - Large QA artifacts are intentionally present in `run-logs/` because the current handoff asks for committed evidence. Future cleanup should move bulky screenshots/logcats to external artifact storage only after confirming the team no longer needs them in Git history. ## Next Development Priorities 1. Finish the remaining partial live/manual route coverage for auth/session navigation. 2. Complete live patient AI/triage and health-coach provider testing. 3. Stabilize the mobile real-login integration harness, which still times out silently even though manual phone login passes. 4. Re-run full backend, web, and Flutter verification after fresh clone/install to prove the committed state is portable. 5. Keep future feature work aligned across all four web portals plus Flutter so appointment, package, clinical, notification, and finance state remains consistent everywhere.