Feat/added frontend UI and backend

[Prateekiiitg56]

PR Description

Summary

This PR delivers a Git-based storage adapter for immutable, versioned patient records (commit-per-save) and integrates it into a Flask “minimalist monolith” web app with upload/history/diff views. It also updates the UI to a consistent Alaska/aurora theme across all pages with a project-relevant navbar and this is just prototype like a quick view of how the overall theme will gonna be.Every feature is only listed for now ,they can be enhanced and be for efficient later.

Key Features

Git-backed storage (bhv/storage/git_adapter.py)

• Commit-per-save versioning for uploaded files
• History listing and content retrieval by commit SHA
• Conflict handling support (parent mismatch)

Flask app flow (bhv/full_app.py)

• / always renders the homepage (no redirect after login)
• /dashboard routes signed-in users to entries/admin appropriately
• Upload flow persists:
  • narrative metadata in DB
  • file bytes in Git storage
• Optional request debug logging gated behind BHV_REQUEST_DEBUG=1

Security / Auth

• CSRF protection enabled via Flask-WTF
• Upload form fixed to render CSRF token as a hidden input (no token shown on page)
• Google sign-in client id exposed to templates via app.config['GOOGLE_CLIENT_ID']
• Session cookie secure behavior configurable via SESSION_COOKIE_SECURE

UI/UX (templates/* + static/css/alaska.css)

• Global Alaska background and glass navbar styling across all pages
• Project-focused nav items: Home / Upload / Entries + Profile
• Sticky footer behavior for short pages

[gemini-code-assist]

Summary of Changes

Hello @Prateekiiitg56, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request delivers a significant upgrade to the application by introducing a robust Git-backed storage system for managing immutable, versioned patient records. It integrates this new storage into a fully functional Flask web application, complete with user authentication, file upload capabilities, and detailed version history and diff views. The user interface has been completely revamped with a modern, consistent theme, and several security enhancements have been implemented to ensure data integrity and user protection.

Highlights

• Git-backed Storage Adapter: Introduced a new Git-based storage adapter (bhv/storage/git_adapter.py) for immutable, versioned patient records, supporting commit-per-save, history listing, content retrieval by commit SHA, and conflict handling.
• Flask Web Application: Developed a comprehensive Flask web application (bhv/full_app.py) that integrates the Git storage, providing routes for user authentication (signup, login, Google OAuth), file upload, viewing entry history, and diffing between versions.
• Unified UI/UX Theme: Implemented a consistent 'Alaska/aurora' theme across all pages, featuring a new global background, glass navbar styling, project-focused navigation, and a sticky footer, enhancing the overall user experience.
• Enhanced Security Features: Integrated CSRF protection via Flask-WTF, fixed upload forms to correctly render CSRF tokens, and enabled configurable secure session cookie behavior, improving the application's security posture.
• Database Abstraction: Created a flexible database layer (bhv/db.py) that can utilize MongoDB for persistence or fall back to TinyDB for zero-setup deployments, managing user and entry metadata.
• Comprehensive Documentation and Testing: Added detailed READMEs for the application and Git adapter, along with new integration and unit tests (tests/*) to ensure the stability and correctness of the new features and UI.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .env.example
  • Added example environment variables for Flask configuration, MongoDB, and Google OAuth.
• README_APP.md
  • Added a comprehensive README detailing features, quick start, project structure, configuration, API routes, security notes, testing, and development guidelines.
• README_GIT_ADAPTER.md
  • Added a README specific to the Git-backed storage adapter, explaining its key ideas and how to test it locally.
• bhv/init.py
  • Added __all__ declaration for app and storage.
• bhv/app.py
  • Added a standalone Flask app for the Git storage adapter demo, including routes for upload, history, file retrieval, and diffing, with conflict handling.
• bhv/db.py
  • Implemented a database abstraction layer supporting MongoDB (if MONGO_URI is set) or TinyDB as a fallback.
  • Added functions for user and entry management (create, get, list, update, delete).
• bhv/full_app.py
  • Implemented create_app function for app factory pattern, supporting testing and configurable upload folders.
  • Integrated session management, CSRF protection, and optional request debug logging.
  • Added Google OAuth for sign-in functionality.
  • Defined routes for user authentication (signup, login, logout), file management (upload, my entries, admin entries), and versioning (history, diff, file download).
  • Included logic for handling patient vs. admin roles and access control.
  • Utilized GitAdapter for file storage and difflib for showing file differences.
• bhv/storage/base.py
  • Defined an abstract StorageAdapter class with methods for save, save_with_parent, get, history, and head.
• bhv/storage/errors.py
  • Defined a custom Conflict exception for optimistic locking scenarios.
• bhv/storage/git_adapter.py
  • Implemented the GitAdapter class, providing Git-backed storage for patient records.
  • Each patient gets a separate Git repository, and each save creates a commit with metadata.
  • Included optimistic locking with save_with_parent to prevent concurrent modification issues.
• data/db.json
  • Added initial TinyDB data with example user accounts (patient and admin).
• pytest.ini
  • Added pytest configuration for test discovery and options.
• requirements.txt
  • Added new dependencies: Flask, GitPython, pymongo, python-dotenv, flask-wtf, flask-oauthlib, google-auth-oauthlib, pytest, tinydb.
• run.py
  • Added the main entry point for the Flask application, loading environment variables and running the app.
• scripts/check_cffi.py
  • Added a script to check CFFI and cryptography imports, useful for debugging environment issues.
• scripts/demo_run.py
  • Added a script to demonstrate the Git-backed storage adapter's functionality using the Flask test client, covering upload, update with parent, history, and diff.
• scripts/make_screenshots.py
  • Added a script to run the demo and generate PNG screenshots of the console output for documentation.
• static/css/alaska.css
  • Added a new CSS file for the 'Alaska' theme, defining a consistent UI/UX with a new color palette, typography, layout, and responsive design.
• static/img/alaska-3d.svg
  • Added an SVG image for a 3D Alaska-themed graphic.
• static/img/alaska-logo.svg
  • Added an SVG image for the Alaska BHV logo.
• static/img/favicon.svg
  • Added an SVG image for the favicon.
• static/img/hospital-icon.svg
  • Added an SVG image for a hospital icon.
• templates/admin.html
  • Added a new template for the admin dashboard to view all entries.
• templates/base.html
  • Updated the base template to include the new Alaska theme, project-relevant navbar, and sticky footer.
• templates/contact.html
  • Added a placeholder contact page.
• templates/diff.html
  • Added a new template to display unified diffs between file versions.
• templates/features.html
  • Added a placeholder features page.
• templates/history.html
  • Added a new template to display the commit history for a file, with links to download specific versions and view diffs.
• templates/home.html
  • Added a new home page template with a hero section and key feature highlights.
• templates/how_it_works.html
  • Added a placeholder 'How It Works' page.
• templates/index.html
  • Added a basic welcome page with signup/login links.
• templates/login.html
  • Added a login page with email/password and Google Sign-In options.
• templates/patient.html
  • Added a template for patients to view their own entries.
• templates/profile.html
  • Added a profile page displaying user information and recent entries.
• templates/signup.html
  • Added a signup page with email/password and Google Sign-In options, and role selection.
• templates/testimonials.html
  • Added a placeholder testimonials page.
• templates/upload.html
  • Added an upload form with file and narrative input, including CSRF token.
• tests/test_app_integration.py
  • Added integration tests for the bhv.app module, covering upload, history, and conflict handling.
• tests/test_full_app.py
  • Added integration tests for the full Flask application flow, including signup, login, upload, history, versioning, diff, admin access, and patient access control.
• tests/test_git_adapter.py
  • Added unit tests for the GitAdapter, covering save, history, and optimistic locking conflict scenarios.

Activity

• The pull request introduces a new Git-backed storage system, indicating a significant architectural change to how patient records are managed.
• A complete Flask web application has been developed to expose this new storage functionality through a user-friendly interface.
• The UI has undergone a major overhaul, adopting a new 'Alaska' theme for a modern and consistent look and feel.
• New security measures, including CSRF protection and Google OAuth integration, have been implemented.
• Extensive new test files have been added, demonstrating a commitment to code quality and ensuring the reliability of the new features.
• Detailed documentation, including comprehensive READMEs and demo scripts, has been provided to facilitate understanding and usage of the new system.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This is a substantial pull request that introduces a complete backend with a Git-based storage adapter and a new frontend UI. The overall architecture is well-thought-out, with a clear separation of concerns between the web app, database layer, and storage adapter. The use of a database abstraction layer and an abstract storage adapter class are great design choices. My review focuses on improving robustness, security, and maintainability. I've identified a few critical issues, such as a security risk with a committed data file, a CSS syntax error, and a missing import that would cause a runtime error. I've also provided suggestions to handle exceptions more gracefully, clean up dependencies, and improve the clarity of tests and documentation. Overall, this is a very impressive feature addition. Addressing these points will help make the application more secure and reliable.

[gemini-code-assist]

This file contains sensitive data, including user emails and hashed passwords. Committing such a file to version control, even with test data, is a significant security risk. It exposes user information and password hashes to anyone with access to the repository's history. This file should be removed from the repository and added to .gitignore to prevent accidental commits in the future.

[gemini-code-assist]

There are a couple of issues in this block:

1. The color property is set twice (lines 141 and 142). The second one will always override the first.
2. The rules on lines 149-151 are outside of any CSS selector, which is a syntax error. They will be ignored by the browser. These rules might belong inside a pseudo-class selector like :hover for .site-nav a.
3. border-bottom-color is declared twice on lines 150 and 151.

[gemini-code-assist]

The Response class is used on line 347 but is not imported from flask. This will cause a NameError at runtime. Please add it to the import statement.

Suggested change

	from flask import Flask, render_template, request, redirect, url_for, session, send_from_directory, flash
	from flask import Flask, render_template, request, redirect, url_for, session, send_from_directory, flash, Response

[gemini-code-assist]

Importing ObjectId within a function is inefficient and not standard practice. This import should be moved to the module level, inside the if MONGO_URI: block (e.g., at line 7), to be imported only once. This applies to the same import on lines 40 and 44.

[gemini-code-assist]

If an admin user submits the upload form without providing a patient_id, request.form.get('patient_id') will return None. This will cause os.path.join(patient_id, filename) on the next line to raise a TypeError. You should add a check to ensure patient_id is present for admin uploads.

Suggested change

	patient_id = user.get('email') if user.get('role')=='patient' else request.form.get('patient_id')
	patient_id = user.get('email') if user.get('role')=='patient' else request.form.get('patient_id')
	if user.get('role') == 'admin' and not patient_id:
	flash('Patient ID is required for admin uploads.')
	return redirect(url_for('upload'))

[gemini-code-assist]

Catching a broad Exception can hide underlying issues and make debugging difficult. It's better to catch the specific exceptions that id_token.verify_oauth2_token can raise, such as ValueError for an invalid token.

Suggested change

	except Exception as e:
	except ValueError as e:

[gemini-code-assist]

Catching a broad Exception here can mask the actual problem. It's better to catch the specific UnicodeDecodeError that can occur during decoding. This would make the error handling more precise.

Suggested change

	except Exception:
	except UnicodeDecodeError:

[gemini-code-assist]

Catching a broad Exception can hide unexpected errors and make debugging more difficult. It's better to catch more specific exceptions that GitPython might raise, such as git.exc.GitCommandError. This applies to other broad except blocks in this file as well (e.g., lines 59, 84, 117, 139).

[gemini-code-assist]

The flask-oauthlib library is included as a dependency, but it appears to be unused in the project. This library is also considered outdated and is unmaintained. It should be removed to keep the project's dependencies clean and avoid potential security vulnerabilities from unmaintained packages.

[gemini-code-assist]

While this try/except block works for testing that an exception is raised, the idiomatic way to test for exceptions with pytest is to use the pytest.raises context manager. This makes the test more concise and clearly states the intent.

Suggested change

	try:
	adapter.save_with_parent(rel, b'three', user_id='u3', action='edit', parent='deadbeef')
	assert False, "Expected conflict"
	except Conflict:
	pass
	from bhv.storage.errors import Conflict
	import pytest
	with pytest.raises(Conflict):
	adapter.save_with_parent(rel, b'three', user_id='u3', action='edit', parent='deadbeef')

[Copilot]

Pull request overview

Adds a Git-backed, commit-per-save storage adapter and integrates it into a Flask “minimalist monolith” with upload/history/diff views, along with a new Alaska-themed UI and initial test coverage.

Changes:

• Introduce GitAdapter + storage interface/exceptions for versioned file storage.
• Add/expand Flask app routes for auth, upload, entries, history, diff, and download; add templates + Alaska CSS/theme assets.
• Add pytest config and multiple unit/integration tests; add demo/screenshot scripts and documentation.

Reviewed changes

Copilot reviewed 35 out of 44 changed files in this pull request and generated 31 comments.

Show a summary per file

File	Description
tests/test_git_adapter.py	Unit tests for GitAdapter save/history/conflict behavior
tests/test_full_app.py	Integration tests for Flask full app flows
tests/test_app_integration.py	Integration tests for the legacy/demo API app (bhv.app)
templates/base.html	Global layout + navbar/footer
templates/home.html	Themed homepage hero + highlights section
templates/index.html	Simple landing page template (may be legacy)
templates/signup.html	Signup page + Google sign-in
templates/login.html	Login page + Google sign-in
templates/upload.html	Upload form with CSRF token hidden input
templates/patient.html	Patient entries list + download/delete actions
templates/admin.html	Admin entries list + download/delete actions
templates/profile.html	Profile view with recent files
templates/history.html	History view with per-commit download + diff links
templates/diff.html	Unified diff display
templates/features.html	Informational page
templates/how_it_works.html	Informational page
templates/testimonials.html	Informational page
templates/contact.html	Informational page
static/css/alaska.css	New Alaska/aurora theme styling
static/img/favicon.svg	App favicon
static/img/alaska-logo.svg	Navbar/logo asset
static/img/alaska-3d.svg	Decorative asset
static/img/hospital-icon.svg	Decorative icon asset
scripts/demo_run.py	Demo script to exercise upload/history/diff
scripts/make_screenshots.py	Generates screenshots from demo output
scripts/check_cffi.py	Diagnostic script for cffi/cryptography environment
scripts/screenshots/initial_and_edit.png	Generated screenshot artifact
scripts/screenshots/history.png	Generated screenshot artifact
scripts/screenshots/diff.png	Generated screenshot artifact
bhv/storage/base.py	StorageAdapter interface
bhv/storage/errors.py	Conflict exception type
bhv/storage/git_adapter.py	Git-backed storage implementation
bhv/db.py	MongoDB/TinyDB abstraction for users/entries
bhv/app.py	Legacy/demo API app using GitAdapter
bhv/full_app.py	Main Flask app factory + routes (auth/upload/history/diff/download)
bhv/init.py	Package marker/exports
run.py	Entry point to run the full app
requirements.txt	Runtime + test dependencies
pytest.ini	Pytest configuration
data/db.json	TinyDB data file (currently populated)
README_GIT_ADAPTER.md	Git adapter documentation
README_APP.md	Full app documentation
.env.example	Environment variable template

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In save(), repo, lock, full_path, and the os.makedirs(...) call are computed but then ignored because the method immediately delegates to save_with_parent, which repeats the same work. This duplication adds maintenance cost and makes it easier for the two paths to diverge—consider removing the unused setup in save() and just delegating after validating the path.

Suggested change

	patient_id = parts[0]
	repo = self._ensure_repo(patient_id)
	lock = self._locks[patient_id]
	full_path = os.path.join(repo.working_tree_dir, *parts[1:])
	os.makedirs(os.path.dirname(full_path), exist_ok=True)
	# Default save uses no parent check
	# Default save uses no parent check; repository and path setup are handled by save_with_parent

[Copilot]

Same issue as above: these /upload calls are missing a multipart file object + content_type='multipart/form-data', so they won't populate request.files and won't actually test versioning/diff behavior.

[Copilot]

CSRF token is currently rendered as plain text ({{ csrf_token() }}) instead of being submitted as a form field. With CSRF enabled, this form will fail validation. Render it as a hidden input (or use Flask-WTF form helpers like form.hidden_tag()).

[Copilot]

entry_delete deletes by entry_id with no server-side authorization beyond “logged in”. A patient can craft a POST to delete other patients’ entries. Add an ownership/admin check (e.g., load the entry and ensure user.role == 'admin' or entry.patient_id == user.email) before calling delete_entry.

Suggested change

	delete_entry(entry_id)
	flash('Deleted')
	return redirect(url_for('admin') if user.get('role')=='admin' else url_for('my_entries'))
	entry = get_entry(entry_id)
	if not entry:
	flash('Entry not found')
	return redirect(url_for('admin') if user.get('role') == 'admin' else url_for('my_entries'))
	# authorization: only admins or the owning patient may delete
	if user.get('role') != 'admin' and entry.get('patient_id') != user.get('email'):
	flash('Forbidden')
	return redirect(url_for('index'))
	delete_entry(entry_id)
	flash('Deleted')
	return redirect(url_for('admin') if user.get('role') == 'admin' else url_for('my_entries'))

[Copilot]

Use pytest.raises(Conflict) instead of try/except + assert False; the current pattern can hide assertion failures and produces less helpful errors when the exception isn't raised.

[Copilot]

Import of 'cryptography' is not used.

Suggested change

	print("cryptography OK")
	print("cryptography:", getattr(cryptography, "__file__", "no file"), getattr(cryptography, "__version__", "n/a"))

[Copilot]

Import of '_cffi_backend' is not used.

[Copilot]

Import of 'get_entry' is not used.
Import of 'update_entry' is not used.

Suggested change

	from .db import init_db, create_user, get_user_by_email, create_entry, list_entries_for_patient, list_all_entries, get_entry, delete_entry, update_entry
	from .db import init_db, create_user, get_user_by_email, create_entry, list_entries_for_patient, list_all_entries, delete_entry

[Copilot]

Import of 'os' is not used.

[Copilot]

Import of 'init_db' is not used.