johan
/
inou
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
inou/TODO.md

6.3 KiB
Raw Blame History

inou TODO

🔴 Priority: Privacy Policy - App Store Compliance

Before Apple/Google app review, the privacy policy needs these additions:

  1. Backup retention timeframe - "Permanently destroyed" — within what timeframe do backups cycle out?

  2. Breach notification - What happens if there is a security incident? Are users notified? Within what timeframe?

DICOM Parser

  • findTag matches wrong location for some Siemens MRI filesreadStringTag(0x0018, 0x0015) (Body Part Examined) returns pixel/binary data on Dec 2025 Siemens MAGNETOM Sola MRIs. Likely hitting a private tag or nested sequence. Corrupts body_part and summary fields on affected studies/series. Visible as binary garbage in MCP responses. Need to validate VR before reading, or skip binary VRs for string tags.

Image Viewing

  • Zoom/crop for large images — X-rays can be 2836x2336+ pixels. Full-res fetch fails via MCP (too large for base64). Need ability to request a cropped region or scaled version.

Upload Flow

  • Clinical context on upload (optional) — When uploading a study, allow user to add "what happened" / reason for imaging. Helps with AI analysis and second opinions.

Portal UI

  • Drag & drop upload on dossier page — Immich-style: whole page is a drop target. Drop a PDF anywhere → small floating progress widget in bottom-right corner shows upload + processing status (OCR → extracting → done). Dismiss when done, new data appears on page. No page navigation needed. Upload page remains for DICOM folders, genome files, batch uploads.
  • Language picker on login/landing page — Currently cannot change language when not logged in. Need language picker on landing page to allow users to select language before registration.
  • Restyle upload health data page — Visual refresh needed, uses old container class
  • Improve genome import speed — Currently slow due to tier creation and encryption overhead
  • Add error display to audit log template — Like login.tmpl has

Translations

  • Relation labels need translations in all languages — Keys: rel_parent_simple, rel_child_simple, rel_spouse_simple, rel_sibling_simple, rel_guardian_simple, rel_caregiver_simple, rel_coach_simple, rel_doctor_simple, rel_friend_simple, rel_other_simple. Check all 15 language YAML files have these.

Code Cleanup

  • Remove obsolete main.go — Root main.go has old DICOM import code from initial commit, not built by Makefile, should be deleted
  • Audit remaining os.ReadFile usage — Verified that all os.ReadFile calls are for uploads folder, config files, PDFs, etc. (not object storage). All object storage access now goes through mandatory RBAC functions in lib/v2.go.

Other

  • FIPS 140-3 compliance for bridge builds

API Cleanup

  • Rename API parameters from _guid to _id — dossier_guid, study_guid, series_guid become dossier_id, study_id, series_id. Affects viewer and MCP endpoints. Breaking change.

Prompts System

  • Prompts from others — Support for prompts assigned by someone else (e.g., trainer tells me to do 20 pushups tomorrow). Needs sender/assignee model.

  • Prompts about others — Track events for dependents (e.g., "my son had 2 seizures"). Link prompt to a different dossier than the responder.

  • Dossier colors — Assign a color to each dossier to visually distinguish them when showing prompts from multiple dossiers in one list.

  • Medical context categories — Support for "concerns", "complaints", "active disease", etc. Richer categorization beyond current vital/exercise/medication/supplement/symptom/note.

Homepage / Messaging

  • Add "contested data" angle to homepage messaging

    The current homepage focuses on data being scattered — across doctors, labs, portals, devices. That's true and compelling.

    But there's a deeper problem we're not articulating: medical data isn't just scattered, it's contested. Doctors disagree. Radiologists misread scans. Second opinions contradict first opinions. The German specialist says one thing, the American says another.

    The patient/caregiver is the only one who sees all the opinions, tracks the contradictions, and has to decide what to believe. They're not just collecting data — they're arbitrating between conflicting interpretations.

    This is the reality for anyone with a complex case: you end up with a folder of reports that contradict each other, and no one helps you make sense of that. You become the de facto medical project manager, holding the thread that no single doctor holds.

    AI's role isn't just "connect scattered data" — it's "help you track who said what, where they disagree, and what the evidence actually shows." That's what the independent neuroradiology review demonstrated: the original report said severe injury, the images showed normal findings, and someone had to call that out.

    Possible additions to homepage:

    • "Your MRI was read in 10 minutes... and maybe read wrong"
    • "Multiple specialists who contradict each other"
    • "AI helps you track who said what — and who got it wrong"
    • The caregiver-as-arbiter angle: you're not just a patient, you're the only one synthesizing all the opinions

Cloud Import

  • Import from Google Drive / OneDrive / Dropbox share links

    Real users (like Tatiana) already have their medical files organized in cloud storage. They're not starting from scratch — they have folders of DICOMs, lab PDFs, genetics files, radiology reports from hospitals in different countries.

    The friction isn't "upload to inou" — it's "go find your files first." Flip it: let them paste a share link, we pull everything.

    Simple MVP:

    1. User pastes a share link (Google Drive, OneDrive, Dropbox)
    2. Server downloads the folder contents
    3. Auto-detect file types: DICOM → imaging, .txt with rsIDs → genetics, PDF → documents
    4. Preview: "Found 3 MRI studies, 1 DNA file, 12 PDFs — select what to import"
    5. User confirms → imported into their dossier

    Key insight: international families with care across borders use cloud storage AS their medical record system. CDs are dying. Patient portals don't work across countries. Their Google Drive folder IS the source of truth.

    Future: full OAuth "Connect your cloud" with folder picker and sync. But start with paste-a-link.

    For now: do manual imports when users share links.