Release: v1.1.6

.gitignore

@@ -1,3 +1,4 @@
 config/env/*
 !config/env/*.example
-.idea/
+.idea/
+.DS_Store

CLAUDE.md

@@ -147,6 +147,16 @@ Each module contains:
 - Auth endpoints via Djoser: `/auth/`
 - JWT token lifetime: 60 minutes (access), 1 day (refresh)
 
+#### API Documentation
+- Auto-generated using **drf-spectacular** (OpenAPI 3.0)
+- **Swagger UI**: `http://localhost:8000/api/docs/` — interactive API explorer
+- **ReDoc**: `http://localhost:8000/api/redoc/` — readable reference docs
+- **Raw schema**: `http://localhost:8000/api/schema/`
+- Configuration in `SPECTACULAR_SETTINGS` in `settings.py`
+- Views use `@extend_schema` decorators and `serializer_class` attributes for schema generation
+- JWT auth is configured in the schema — use `JWT <token>` (not `Bearer`) in Swagger UI's Authorize dialog
+- To document a new endpoint: add `serializer_class` to the view if it has one, or add `@extend_schema` with `inline_serializer` for views returning raw dicts
+
 #### Key Data Models
 - **Medication** (`api.views.listMeds.models`) - Medication catalog with benefits/risks
 - **MedRule** (`api.models.model_medRule`) - Include/Exclude rules for medications based on patient history

README.md

@@ -5,7 +5,7 @@ for patients with bipolar disorder, helping them shorten their journey to stabil
 
 ## Usage
 
-You can view the current build of the website here: [https://balancertestsite.com](https://balancertestsite.com/)
+You can view the current build of the website here: [https://balancerproject.org/](https://balancerproject.org/)
 
 ## Contributing 
 
@@ -53,7 +53,7 @@ The application supports connecting to PostgreSQL databases via:
 See [Database Connection Documentation](./docs/DATABASE_CONNECTION.md) for detailed configuration.
 
 **Local Development:**
-- Download a sample of papers to upload from [https://balancertestsite.com](https://balancertestsite.com/) 
+- Download a sample of papers to upload from [https://balancerproject.org/](https://balancerproject.org/) 
 - The email and password of `pgAdmin` are specified in `balancer-main/docker-compose.yml`
 - The first time you use `pgAdmin` after building the Docker containers you will need to register the server.
     - The `Host name/address` is the Postgres server service name in the Docker Compose file
@@ -74,6 +74,23 @@ df = pd.read_sql(query, engine)
 #### Django REST
 - The email and password are set in `server/api/management/commands/createsu.py`
 
+## API Documentation
+
+Interactive API docs are auto-generated using [drf-spectacular](https://drf-spectacular.readthedocs.io/) and available at:
+
+- **Swagger UI**: [http://localhost:8000/api/docs/](http://localhost:8000/api/docs/) — interactive explorer with "Try it out" functionality
+- **ReDoc**: [http://localhost:8000/api/redoc/](http://localhost:8000/api/redoc/) — clean, readable reference docs
+- **Raw schema**: [http://localhost:8000/api/schema/](http://localhost:8000/api/schema/) — OpenAPI 3.0 JSON/YAML
+
+### Testing authenticated endpoints
+
+Most endpoints require JWT authentication. To test them in Swagger UI:
+
+1. **Get a token**: Find the `POST /auth/jwt/create/` endpoint in Swagger UI, click **Try it out**, enter an authorized `email` and `password`, and click **Execute**. Copy the `access` token from the response.
+2. **Authorize**: Click the **Authorize** button (lock icon) at the top of the page. Enter `JWT <your-access-token>` in the value field. The prefix must be `JWT`, not `Bearer`.
+3. **Test endpoints**: All subsequent requests will include your token. Use **Try it out** on any protected endpoint.
+4. **Token refresh**: Access tokens expire after 60 minutes. Use `POST /auth/jwt/refresh/` with your `refresh` token, or repeat step 1.
+
 ## Architecture
 
 The Balancer website is a Postgres, Django REST, and React project. The source code layout is:

docker-compose.yml

@@ -18,11 +18,6 @@ services:
     networks:
       app_net:
         ipv4_address: 192.168.0.2
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U balancer -d balancer_dev"]
-      interval: 5s
-      timeout: 5s
-      retries: 5
 
   pgadmin:
     image: dpage/pgadmin4

frontend/src/components/Footer/Footer.tsx

@@ -62,11 +62,11 @@ function Footer() {
           >
             Leave feedback
           </Link>
-          <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+          <a href="https://github.com/CodeForPhilly/balancer-main"
             target="_blank"
-            className="flex justify-center text-black hover:border-blue-600 hover:text-blue-600 hover:no-underline"
+            className="flex justify-center text-center text-black hover:border-blue-600 hover:text-blue-600 hover:no-underline"
           >
-            Donate
+            Support Development
           </a>
           <Link
             to="/help"

frontend/src/components/Header/Header.tsx

@@ -165,11 +165,11 @@ const Header: React.FC<LoginFormProps> = ({ isAuthenticated, isSuperuser }) => {
               Leave Feedback
             </Link>
             <a
-              href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+              href="https://github.com/CodeForPhilly/balancer-main"
               target="_blank"
               className="header-nav-item"
             >
-              Donate
+              Support Development
             </a>
             {isAuthenticated && isSuperuser && (
               <div

frontend/src/components/Header/MdNavBar.tsx

@@ -120,11 +120,11 @@ const MdNavBar = (props: LoginFormProps) => {
                         </Link>
                     </li>
                     <li className="border-b border-gray-300 p-4">
-                        <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw"
+                        <a href="https://github.com/CodeForPhilly/balancer-main"
                           target="_blank"
                           className="mr-9 text-black hover:border-b-2 hover:border-blue-600 hover:text-black hover:no-underline"
                         >
-                          Donate
+                          Support Development
                         </a>
                     </li>
                     {isAuthenticated &&

frontend/src/pages/About/About.tsx

@@ -77,9 +77,9 @@ function About() {
             </div>
           </div>
           <div className="mb-20 mt-5 flex flex-row flex-wrap justify-center gap-4">
-            <a href="https://www.flipcause.com/secure/cause_pdetails/MjMyMTIw" target="_blank">
+            <a href="https://github.com/CodeForPhilly/balancer-main" target="_blank">
               <button className="btnBlue transition-transform focus:outline-none focus:ring focus:ring-blue-200">
-                Donate
+                Support Development
               </button>
             </a>
 

frontend/src/pages/DocumentManager/UploadFile.tsx

@@ -1,5 +1,5 @@
 import React, { useState, useRef } from "react";
-import axios from "axios";
+import { adminApi } from "../../api/apiClient";
 import TypingAnimation from "../../components/Header/components/TypingAnimation.tsx";
 import Layout from "../Layout/Layout.tsx";
 
@@ -22,14 +22,9 @@ const UploadFile: React.FC = () => {
     formData.append("file", file);
 
     try {
-      const response = await axios.post(
+      const response = await adminApi.post(
         `/api/v1/api/uploadFile`,
         formData,
-        {
-          headers: {
-            "Content-Type": "multipart/form-data"
-          },
-        }
       );
       console.log("File uploaded successfully", response.data);
     } catch (error) {

frontend/src/pages/Files/ListOfFiles.tsx

@@ -61,7 +61,7 @@ const ListOfFiles: React.FC<{ showTable?: boolean }> = ({
   const handleDownload = async (guid: string, fileName: string) => {
     try {
       setDownloading(guid);
-      const { data } = await publicApi.get(`/v1/api/uploadFile/${guid}`, { responseType: 'blob' });
+      const { data } = await publicApi.get(`/api/v1/api/uploadFile/${guid}`, { responseType: 'blob' });
 
       const url = window.URL.createObjectURL(new Blob([data]));
       const link = document.createElement("a");
@@ -82,7 +82,7 @@ const ListOfFiles: React.FC<{ showTable?: boolean }> = ({
   const handleOpen = async (guid: string) => {
     try {
       setOpening(guid);
-      const { data } = await publicApi.get(`/v1/api/uploadFile/${guid}`, { responseType: 'arraybuffer' });
+      const { data } = await publicApi.get(`/api/v1/api/uploadFile/${guid}`, { responseType: 'arraybuffer' });
 
       const file = new Blob([data], { type: 'application/pdf' });
       const fileURL = window.URL.createObjectURL(file);

server/api/views/ai_promptStorage/views.py

@@ -1,10 +1,12 @@
 from rest_framework import status
 from rest_framework.decorators import api_view
 from rest_framework.response import Response
+from drf_spectacular.utils import extend_schema
 from .models import AI_PromptStorage
 from .serializers import AI_PromptStorageSerializer
 
 
+@extend_schema(request=AI_PromptStorageSerializer, responses={201: AI_PromptStorageSerializer})
 @api_view(['POST'])
 # @permission_classes([IsAuthenticated])
 def store_prompt(request):
@@ -21,6 +23,7 @@ def store_prompt(request):
     return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
+@extend_schema(responses={200: AI_PromptStorageSerializer(many=True)})
 @api_view(['GET'])
 def get_all_prompts(request):
     """

server/api/views/ai_settings/views.py

@@ -2,10 +2,12 @@
 from rest_framework.decorators import api_view, permission_classes
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
+from drf_spectacular.utils import extend_schema
 from .models import AI_Settings
 from .serializers import AISettingsSerializer
 
 
+@extend_schema(request=AISettingsSerializer, responses={200: AISettingsSerializer(many=True), 201: AISettingsSerializer})
 @api_view(['GET', 'POST'])
 @permission_classes([IsAuthenticated])
 def settings_view(request):

server/api/views/assistant/sanitizer.py

@@ -1,26 +1,76 @@
 import re
 import logging
+
 logger = logging.getLogger(__name__)
 def sanitize_input(user_input:str) -> str:
     """
     Sanitize user input to prevent injection attacks and remove unwanted characters.
+
     Args:
         user_input (str): The raw input string from the user.
+
     Returns:
         str: The sanitized input string.
     """
     try:
-        # Remove any script tags
-        sanitized = re.sub(r'<script.*?>.*?</script>', '', user_input, flags=re.IGNORECASE)
-        # Remove any HTML tags
+        sanitized = user_input
+
+        # Remove any style tags
+        sanitized = re.sub(r'<style.*?>.*?</style>', '', sanitized, flags=re.IGNORECASE)
+
+        # Remove any HTML/script tags
         sanitized = re.sub(r'<.*?>', '', sanitized)
+
+        # Remove Phone Numbers
+        sanitized = re.sub(r'\+?\d[\d -]{8,}\d', '[Phone Number]', sanitized)
+
+        # Remove Email Addresses
+        sanitized = re.sub(r'[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}', '[Email Address]', sanitized)
+
+        # Remove Medical Record Numbers (simple pattern)
+        sanitized = re.sub(r'\bMRN[:\s]*\d+\b', '[Medical Record Number]', sanitized, flags=re.IGNORECASE)
+
+        # Normalize pronouns
+        sanitized = normalize_pronouns(sanitized)
+
         # Escape special characters
-        sanitized = re.sub(r'["\'\\]', '', sanitized)
+        sanitized = re.sub(r'\s+', '', sanitized)
+
         # Limit length to prevent buffer overflow attacks
-        max_length = 1000
+        max_length = 5000
         if len(sanitized) > max_length:
             sanitized = sanitized[:max_length]
+
         return sanitized.strip()
     except Exception as e:
         logger.error(f"Error sanitizing input: {e}")
-        return ""
+        return ""
+
+def normalize_pronouns(text:str) -> str:
+    """
+    Normalize first and second person pronouns to third person clinical language.
+
+    Converts patient centric pronouns to a more neutral form.
+    Args:
+        text (str): The input text containing pronouns.
+    Returns:
+        str: The text with normalized pronouns.
+    """
+    # Normalize first person possessives: I, me, my, mine -> the patient
+    text = re.sub(r'\bMy\b', 'The patient\'s', text)
+    text = re.sub(r'\bmy\b', 'the patient\'s', text)
+
+    # First person subject: I -> the patient
+    text = re.sub(r'\bI\b', 'the patient', text)
+
+    # First person object: me -> the patient
+    text = re.sub(r'\bme\b', 'the patient', text)
+
+    # First person reflexive: myself -> the patient
+    text = re.sub(r'\bmyself\b', 'the patient', text)
+
+    # Second person: you, your -> the clinician
+    text = re.sub(r'\bYour\b', 'the clinician', text)
+    return text
+
+

server/api/views/assistant/views.py

@@ -10,6 +10,8 @@
 from rest_framework.permissions import AllowAny
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
+from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework import serializers as drf_serializers
 
 from openai import OpenAI
 
@@ -113,6 +115,21 @@ def invoke_functions_from_response(
 class Assistant(APIView):
     permission_classes = [AllowAny]
 
+    @extend_schema(
+        request=inline_serializer(name='AssistantRequest', fields={
+            'message': drf_serializers.CharField(help_text='User message to send to the assistant'),
+            'previous_response_id': drf_serializers.CharField(required=False, allow_null=True, help_text='ID of previous response for conversation continuity'),
+        }),
+        responses={
+            200: inline_serializer(name='AssistantResponse', fields={
+                'response_output_text': drf_serializers.CharField(),
+                'final_response_id': drf_serializers.CharField(),
+            }),
+            500: inline_serializer(name='AssistantError', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     def post(self, request):
         try:
             user = request.user

server/api/views/conversations/views.py

@@ -16,6 +16,8 @@
 from .models import Conversation, Message
 from .serializers import ConversationSerializer
 from ...services.tools.tools import tools, execute_tool
+from drf_spectacular.utils import extend_schema, inline_serializer
+from rest_framework import serializers as drf_serializers
 
 
 @csrf_exempt
@@ -95,6 +97,21 @@ def destroy(self, request, *args, **kwargs):
         self.perform_destroy(instance)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @extend_schema(
+        request=inline_serializer(name='ContinueConversationRequest', fields={
+            'message': drf_serializers.CharField(help_text='User message to continue the conversation'),
+            'page_context': drf_serializers.CharField(required=False, help_text='Optional page context'),
+        }),
+        responses={
+            200: inline_serializer(name='ContinueConversationResponse', fields={
+                'response': drf_serializers.CharField(),
+                'title': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='ContinueConversationBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     @action(detail=True, methods=['post'])
     def continue_conversation(self, request, pk=None):
         conversation = self.get_object()
@@ -123,6 +140,20 @@ def continue_conversation(self, request, pk=None):
 
         return Response({"response": chatgpt_response, "title": conversation.title})
 
+    @extend_schema(
+        request=inline_serializer(name='UpdateTitleRequest', fields={
+            'title': drf_serializers.CharField(help_text='New conversation title'),
+        }),
+        responses={
+            200: inline_serializer(name='UpdateTitleResponse', fields={
+                'status': drf_serializers.CharField(),
+                'title': drf_serializers.CharField(),
+            }),
+            400: inline_serializer(name='UpdateTitleBadRequest', fields={
+                'error': drf_serializers.CharField(),
+            }),
+        }
+    )
     @action(detail=True, methods=['patch'])
     def update_title(self, request, pk=None):
         conversation = self.get_object()