Deploy MediBot from ac379a12

.env.example

@@ -0,0 +1,26 @@
+# ============================================================
+# MedOS HuggingFace Space — full backend configuration
+# ============================================================
+
+# --- LLM providers ---
+OLLABRIDGE_URL=https://ruslanmv-ollabridge.hf.space
+OLLABRIDGE_API_KEY=sk-ollabridge-your-key-here
+HF_TOKEN=hf_your-token-here
+DEFAULT_MODEL=free-best
+
+# --- Database (SQLite, persistent on HF Spaces /data/) ---
+DB_PATH=/data/medos.db
+
+# --- CORS (comma-separated Vercel frontend origins) ---
+ALLOWED_ORIGINS=https://your-vercel-app.vercel.app,http://localhost:3000
+
+# --- Medicine Scanner proxy ---
+# Token with "Make calls to Inference Providers" permission.
+# Used server-side only — never exposed to browser.
+# Create at: https://huggingface.co/settings/tokens/new?ownUserPermissions=inference.serverless.write&tokenType=fineGrained
+HF_TOKEN_INFERENCE=hf_your-inference-token-here
+SCANNER_URL=https://ruslanmv-medicine-scanner.hf.space
+
+# --- Application ---
+NODE_ENV=production
+PORT=7860

.gitignore

@@ -0,0 +1,6 @@
+node_modules/
+.next/
+out/
+.env
+.env.local
+*.tsbuildinfo

Dockerfile

@@ -0,0 +1,56 @@
+# ============================================================
+# MedOS HuggingFace Space — Production Dockerfile
+#
+# Enterprise architecture:
+#   web/                    = frontend source of truth
+#   9-HuggingFace-Global/   = backend + synced frontend
+#
+# Before deploying, run: bash scripts/sync-frontend.sh
+# This copies web/ frontend, rewrites API paths, then you push.
+# ============================================================
+
+# Stage 1: Install dependencies
+FROM node:18-alpine AS deps
+WORKDIR /app
+RUN apk add --no-cache python3 make g++
+COPY package.json ./
+RUN npm install --legacy-peer-deps && npm cache clean --force
+
+# Stage 2: Build
+FROM node:18-alpine AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV NODE_ENV=production
+
+RUN npm run build
+
+# Stage 3: Production runner
+FROM node:18-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV PORT=7860
+ENV HOSTNAME=0.0.0.0
+
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder --chown=nextjs:nodejs /app/data ./data
+
+RUN mkdir -p /data && chown nextjs:nodejs /data
+ENV DB_PATH=/data/medos.db
+
+USER nextjs
+EXPOSE 7860
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=90s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:7860/api/health || exit 1
+
+CMD ["node", "server.js"]

Makefile

@@ -0,0 +1,195 @@
+# =============================================================================
+# MedOS Global - Makefile
+# Free AI Medical Assistant for Hugging Face Spaces
+# =============================================================================
+
+SHELL := /bin/bash
+.DEFAULT_GOAL := help
+
+# Directories
+APP_DIR := 9-HuggingFace-Global
+NODE_MODULES := $(APP_DIR)/node_modules
+
+# Colors
+GREEN  := \033[0;32m
+YELLOW := \033[0;33m
+RED    := \033[0;31m
+NC     := \033[0m
+
+# =============================================================================
+# Help
+# =============================================================================
+
+.PHONY: help
+help: ## Show this help message
+	@echo ""
+	@echo "  MedOS Global - Development Commands"
+	@echo "  ===================================="
+	@echo ""
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "  $(GREEN)%-20s$(NC) %s\n", $$1, $$2}'
+	@echo ""
+
+# =============================================================================
+# Installation
+# =============================================================================
+
+.PHONY: install
+install: ## Install all dependencies
+	@echo "$(GREEN)Installing dependencies...$(NC)"
+	cd $(APP_DIR) && npm install
+	@echo "$(GREEN)Dependencies installed successfully.$(NC)"
+
+.PHONY: install-ci
+install-ci: ## Install dependencies for CI (clean, reproducible)
+	@echo "$(GREEN)Installing dependencies (CI mode)...$(NC)"
+	cd $(APP_DIR) && npm ci
+	@echo "$(GREEN)CI dependencies installed.$(NC)"
+
+.PHONY: clean
+clean: ## Remove node_modules and build artifacts
+	@echo "$(YELLOW)Cleaning build artifacts...$(NC)"
+	rm -rf $(APP_DIR)/node_modules
+	rm -rf $(APP_DIR)/.next
+	rm -rf $(APP_DIR)/out
+	@echo "$(GREEN)Clean complete.$(NC)"
+
+# =============================================================================
+# Quality Checks
+# =============================================================================
+
+.PHONY: lint
+lint: ## Run ESLint
+	@echo "$(GREEN)Running linter...$(NC)"
+	cd $(APP_DIR) && npx next lint
+
+.PHONY: type-check
+type-check: ## Run TypeScript type checking
+	@echo "$(GREEN)Running type checker...$(NC)"
+	cd $(APP_DIR) && npx tsc --noEmit
+
+.PHONY: format-check
+format-check: ## Check code formatting
+	@echo "$(GREEN)Checking code formatting...$(NC)"
+	cd $(APP_DIR) && npx prettier --check "**/*.{ts,tsx,js,json,css}" 2>/dev/null || echo "Prettier not configured - skipping"
+
+# =============================================================================
+# Testing
+# =============================================================================
+
+.PHONY: test
+test: test-unit test-structure test-providers test-i18n test-safety ## Run all tests
+	@echo "$(GREEN)All tests passed!$(NC)"
+
+.PHONY: test-unit
+test-unit: ## Run unit tests
+	@echo "$(GREEN)Running unit tests...$(NC)"
+	cd $(APP_DIR) && node --experimental-vm-modules ../tests/9-hf-global/run-tests.js
+
+.PHONY: test-structure
+test-structure: ## Verify folder structure and required files exist
+	@echo "$(GREEN)Verifying folder structure...$(NC)"
+	@test -f $(APP_DIR)/Dockerfile          || (echo "$(RED)FAIL: Dockerfile missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/package.json        || (echo "$(RED)FAIL: package.json missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/next.config.js      || (echo "$(RED)FAIL: next.config.js missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/tsconfig.json       || (echo "$(RED)FAIL: tsconfig.json missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/tailwind.config.ts  || (echo "$(RED)FAIL: tailwind.config.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/README.md           || (echo "$(RED)FAIL: README.md missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/layout.tsx      || (echo "$(RED)FAIL: app/layout.tsx missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/page.tsx        || (echo "$(RED)FAIL: app/page.tsx missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/globals.css     || (echo "$(RED)FAIL: app/globals.css missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/api/chat/route.ts    || (echo "$(RED)FAIL: chat API route missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/api/triage/route.ts  || (echo "$(RED)FAIL: triage API route missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/app/api/health/route.ts  || (echo "$(RED)FAIL: health API route missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/public/manifest.json     || (echo "$(RED)FAIL: manifest.json missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/public/sw.js             || (echo "$(RED)FAIL: sw.js missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/Dockerfile               || (echo "$(RED)FAIL: Dockerfile missing$(NC)" && exit 1)
+	@echo "$(GREEN)  Structure check passed (15/15 files verified).$(NC)"
+
+.PHONY: test-providers
+test-providers: ## Test provider modules exist and export correctly
+	@echo "$(GREEN)Verifying provider modules...$(NC)"
+	@test -f $(APP_DIR)/lib/providers/index.ts            || (echo "$(RED)FAIL: providers/index.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/providers/ollabridge.ts       || (echo "$(RED)FAIL: ollabridge.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/providers/huggingface-direct.ts || (echo "$(RED)FAIL: huggingface-direct.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/providers/cached-faq.ts       || (echo "$(RED)FAIL: cached-faq.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/providers/ollabridge-models.ts || (echo "$(RED)FAIL: ollabridge-models.ts missing$(NC)" && exit 1)
+	@echo "$(GREEN)  Provider modules verified (5/5).$(NC)"
+
+.PHONY: test-i18n
+test-i18n: ## Verify i18n translations exist (synced or in web/ source)
+	@echo "$(GREEN)Verifying i18n...$(NC)"
+	@if test -f $(APP_DIR)/lib/i18n.ts; then \
+		echo "$(GREEN)  Found synced lib/i18n.ts$(NC)"; \
+	elif test -f web/lib/i18n.ts; then \
+		echo "$(GREEN)  Found web/lib/i18n.ts (source of truth)$(NC)"; \
+	else \
+		echo "$(RED)FAIL: i18n.ts not found in lib/ or web/lib/$(NC)" && exit 1; \
+	fi
+
+.PHONY: test-safety
+test-safety: ## Verify safety modules exist
+	@echo "$(GREEN)Verifying safety modules...$(NC)"
+	@test -f $(APP_DIR)/lib/safety/triage.ts            || (echo "$(RED)FAIL: triage.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/safety/emergency-numbers.ts || (echo "$(RED)FAIL: emergency-numbers.ts missing$(NC)" && exit 1)
+	@test -f $(APP_DIR)/lib/safety/disclaimer.ts        || (echo "$(RED)FAIL: disclaimer.ts missing$(NC)" && exit 1)
+	@echo "$(GREEN)  Safety modules verified (3/3).$(NC)"
+
+# =============================================================================
+# Build
+# =============================================================================
+
+.PHONY: build
+build: ## Build the Next.js application
+	@echo "$(GREEN)Building application...$(NC)"
+	cd $(APP_DIR) && npm run build
+	@echo "$(GREEN)Build complete.$(NC)"
+
+.PHONY: docker-build
+docker-build: ## Build Docker image
+	@echo "$(GREEN)Building Docker image...$(NC)"
+	cd $(APP_DIR) && docker build -t medos-global .
+	@echo "$(GREEN)Docker image built successfully.$(NC)"
+
+.PHONY: docker-run
+docker-run: ## Run Docker container locally
+	@echo "$(GREEN)Starting MedOS on http://localhost:7860...$(NC)"
+	cd $(APP_DIR) && docker run -p 7860:7860 \
+		-e OLLABRIDGE_URL=$${OLLABRIDGE_URL:-https://ruslanmv-ollabridge-cloud.hf.space} \
+		-e HF_TOKEN=$${HF_TOKEN:-} \
+		medos-global
+
+# =============================================================================
+# Development
+# =============================================================================
+
+.PHONY: dev
+dev: ## Start development server on port 7860
+	@echo "$(GREEN)Starting dev server on http://localhost:7860...$(NC)"
+	cd $(APP_DIR) && npm run dev
+
+.PHONY: start
+start: ## Start production server on port 7860
+	cd $(APP_DIR) && npm run start
+
+# =============================================================================
+# Deployment
+# =============================================================================
+
+.PHONY: deploy-hf
+deploy-hf: ## Deploy to Hugging Face Spaces (requires HF_TOKEN)
+	@test -n "$(HF_TOKEN)" || (echo "$(RED)ERROR: HF_TOKEN is required. Set it with: make deploy-hf HF_TOKEN=hf_...$(NC)" && exit 1)
+	@echo "$(GREEN)Deploying to Hugging Face Spaces...$(NC)"
+	@bash scripts/deploy-hf.sh $(HF_TOKEN)
+
+# =============================================================================
+# CI Pipeline (combines all checks)
+# =============================================================================
+
+.PHONY: ci
+ci: install-ci test build ## Full CI pipeline: install, test, build
+	@echo "$(GREEN)CI pipeline passed successfully!$(NC)"
+
+.PHONY: check
+check: test-structure test-providers test-i18n test-safety ## Quick check (no install needed)
+	@echo "$(GREEN)All structural checks passed!$(NC)"

README.md

@@ -0,0 +1,95 @@
+---
+title: "MediBot: Free AI Medical Assistant · 20 languages"
+emoji: "\U0001F3E5"
+colorFrom: blue
+colorTo: indigo
+sdk: docker
+app_port: 7860
+pinned: true
+license: apache-2.0
+short_description: "Free AI medical chatbot. 20 languages. No sign-up."
+tags:
+  - medical
+  - healthcare
+  - chatbot
+  - medical-ai
+  - health-assistant
+  - symptom-checker
+  - telemedicine
+  - who-guidelines
+  - cdc
+  - multilingual
+  - i18n
+  - rag
+  - llama-3.3
+  - llama-3.3-70b
+  - mixtral
+  - groq
+  - huggingface-inference
+  - pwa
+  - offline-first
+  - free
+  - no-signup
+  - privacy-first
+  - worldwide
+  - nextjs
+  - docker
+models:
+  - meta-llama/Llama-3.3-70B-Instruct
+  - meta-llama/Meta-Llama-3-8B-Instruct
+  - mistralai/Mixtral-8x7B-Instruct-v0.1
+  - Qwen/Qwen2.5-72B-Instruct
+  - deepseek-ai/DeepSeek-V3
+  - ruslanmv/Medical-Llama3-8B
+  - google/gemma-2-9b-it
+datasets:
+  - ruslanmv/ai-medical-chatbot
+---
+
+# MediBot — free AI medical assistant, worldwide
+
+> **Tell MediBot what's bothering you. In your language. Instantly. For free.**
+> No sign-up. No paywall. No data retention. Aligned with WHO · CDC · NHS guidelines.
+
+[![Try MediBot](https://img.shields.io/badge/Try_MediBot-Free_on_HuggingFace-blue?style=for-the-badge&logo=huggingface)](https://huggingface.co/spaces/ruslanmv/MediBot)
+[![Languages](https://img.shields.io/badge/languages-20-14B8A6?style=for-the-badge)](#)
+[![Free](https://img.shields.io/badge/price-free_forever-22C55E?style=for-the-badge)](#)
+[![No sign-up](https://img.shields.io/badge/account-not_required-3B82F6?style=for-the-badge)](#)
+
+## Why MediBot
+
+- **Free forever.** No API key, no sign-up, no paywall, no ads.
+- **20 languages, auto-detected.** English, Español, Français, Português, Deutsch, Italiano, العربية, हिन्दी, Kiswahili, 中文, 日本語, 한국어, Русский, Türkçe, Tiếng Việt, ไทย, বাংলা, اردو, Polski, Nederlands.
+- **Worldwide.** IP-based country detection picks your local emergency number (190+ countries) and adapts the answer to your region (°C/°F, metric/imperial, local guidance).
+- **Best free LLM on HuggingFace.** Powered by **Llama 3.3 70B via HF Inference Providers (Groq)** — fastest high-quality free tier available — with an automatic fallback chain across Cerebras, SambaNova, Together, and Mixtral.
+- **Grounded on WHO, CDC, NHS, NIH, ICD-11, BNF, EMA.** A structured system prompt aligns every answer with authoritative guidance.
+- **Red-flag triage.** Built-in symptom patterns detect cardiac, neurological, respiratory, obstetric, pediatric, and mental-health emergencies in every supported language — and immediately escalate to the local emergency number.
+- **Installable PWA.** Add to your phone's home screen and use it like a native app. Offline-capable with a cached FAQ fallback.
+- **Shareable.** Every AI answer gets a Share button that generates a clean deep link with a branded OG card preview — perfect for WhatsApp, Twitter, and Telegram.
+- **Private & anonymous.** Zero accounts. Zero server-side conversation storage. No IPs logged. Anonymous session counter only.
+- **Open source.** Fully transparent. [github.com/ruslanmv/ai-medical-chatbot](https://github.com/ruslanmv/ai-medical-chatbot)
+
+## How it works
+
+1. You type (or speak) a health question
+2. MedOS checks for emergency red flags first
+3. It searches a medical knowledge base for relevant context
+4. Your question + context go to **Llama 3.3 70B** (via Groq, free)
+5. You get a structured answer: Summary, Possible causes, Self-care, When to see a doctor
+
+If the main model is busy, MedOS automatically tries other free models until one responds.
+
+## Built with
+
+| Layer | Technology |
+|---|---|
+| Frontend | Next.js 14, React, Tailwind CSS |
+| AI Model | Llama 3.3 70B Instruct (via HuggingFace Inference + Groq) |
+| Fallbacks | Mixtral 8x7B, OllaBridge, cached FAQ |
+| Knowledge | Medical RAG from [ruslanmv/ai-medical-chatbot](https://github.com/ruslanmv/ai-medical-chatbot) dataset |
+| Gateway | [OllaBridge-Cloud](https://github.com/ruslanmv/ollabridge) |
+| Hosting | HuggingFace Spaces (Docker) |
+
+## License
+
+Apache 2.0 — free to use, modify, and distribute.

app/admin/page.tsx

@@ -0,0 +1,327 @@
+'use client';
+
+import { useEffect, useState, useCallback } from 'react';
+import {
+  Users,
+  Activity,
+  Database,
+  MessageCircle,
+  Shield,
+  Search,
+  Trash2,
+  ChevronLeft,
+  ChevronRight,
+  RefreshCw,
+  LogIn,
+  Lock,
+} from 'lucide-react';
+
+interface Stats {
+  totalUsers: number;
+  verifiedUsers: number;
+  adminUsers: number;
+  totalHealthData: number;
+  totalChats: number;
+  activeSessions: number;
+  healthBreakdown: Array<{ type: string; count: number }>;
+  registrations: Array<{ day: string; count: number }>;
+}
+
+interface UserRow {
+  id: string;
+  email: string;
+  displayName: string | null;
+  emailVerified: boolean;
+  isAdmin: boolean;
+  createdAt: string;
+  healthDataCount: number;
+  chatHistoryCount: number;
+}
+
+/**
+ * Admin dashboard — accessible ONLY at /admin on the HuggingFace Space.
+ * Not linked from the public UI. Requires admin login.
+ */
+export default function AdminPage() {
+  const [token, setToken] = useState('');
+  const [loggedIn, setLoggedIn] = useState(false);
+  const [email, setEmail] = useState('');
+  const [password, setPassword] = useState('');
+  const [loginError, setLoginError] = useState('');
+  const [stats, setStats] = useState<Stats | null>(null);
+  const [users, setUsers] = useState<UserRow[]>([]);
+  const [total, setTotal] = useState(0);
+  const [page, setPage] = useState(1);
+  const [search, setSearch] = useState('');
+  const [loading, setLoading] = useState(false);
+
+  const headers = useCallback(
+    () => ({ Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' }),
+    [token],
+  );
+
+  const fetchStats = useCallback(async () => {
+    const res = await fetch('/api/admin/stats', { headers: headers() });
+    if (res.ok) setStats(await res.json());
+    else if (res.status === 403) { setLoggedIn(false); setToken(''); }
+  }, [headers]);
+
+  const fetchUsers = useCallback(async () => {
+    setLoading(true);
+    const qs = new URLSearchParams({ page: String(page), limit: '20' });
+    if (search) qs.set('search', search);
+    const res = await fetch(`/api/admin/users?${qs}`, { headers: headers() });
+    if (res.ok) {
+      const data = await res.json();
+      setUsers(data.users);
+      setTotal(data.total);
+    }
+    setLoading(false);
+  }, [headers, page, search]);
+
+  useEffect(() => {
+    if (!loggedIn) return;
+    fetchStats();
+    fetchUsers();
+  }, [loggedIn, fetchStats, fetchUsers]);
+
+  const handleLogin = async () => {
+    setLoginError('');
+    const res = await fetch('/api/auth/login', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ email, password }),
+    });
+    const data = await res.json();
+    if (!res.ok) { setLoginError(data.error || 'Login failed'); return; }
+    // Verify this user is actually an admin.
+    const meRes = await fetch('/api/auth/me', {
+      headers: { Authorization: `Bearer ${data.token}` },
+    });
+    const me = await meRes.json();
+    if (!me.user) { setLoginError('Auth failed'); return; }
+    // Check admin flag by trying the admin API.
+    const adminCheck = await fetch('/api/admin/stats', {
+      headers: { Authorization: `Bearer ${data.token}` },
+    });
+    if (adminCheck.status === 403) { setLoginError('Not an admin account'); return; }
+    setToken(data.token);
+    setLoggedIn(true);
+  };
+
+  const handleDeleteUser = async (userId: string, userEmail: string) => {
+    if (!confirm(`Delete user ${userEmail} and ALL their data?`)) return;
+    await fetch(`/api/admin/users?id=${userId}`, { method: 'DELETE', headers: headers() });
+    fetchUsers();
+    fetchStats();
+  };
+
+  // Login screen
+  if (!loggedIn) {
+    return (
+      <div className="min-h-screen bg-slate-950 flex items-center justify-center p-4">
+        <div className="w-full max-w-sm">
+          <div className="text-center mb-8">
+            <div className="w-14 h-14 mx-auto mb-4 rounded-2xl bg-gradient-to-br from-red-500 to-orange-500 flex items-center justify-center">
+              <Lock size={24} className="text-white" />
+            </div>
+            <h1 className="text-2xl font-bold text-slate-100">Admin Panel</h1>
+            <p className="text-sm text-slate-400 mt-1">MedOS server administration</p>
+          </div>
+          {loginError && (
+            <div className="mb-4 p-3 rounded-xl bg-red-950/50 border border-red-700/50 text-sm text-red-300">
+              {loginError}
+            </div>
+          )}
+          <div className="space-y-3">
+            <input
+              type="email"
+              value={email}
+              onChange={(e) => setEmail(e.target.value)}
+              placeholder="Admin email"
+              className="w-full bg-slate-900 border border-slate-700 rounded-xl px-4 py-3 text-sm text-slate-100 placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-red-500/50"
+            />
+            <input
+              type="password"
+              value={password}
+              onChange={(e) => setPassword(e.target.value)}
+              placeholder="Password"
+              className="w-full bg-slate-900 border border-slate-700 rounded-xl px-4 py-3 text-sm text-slate-100 placeholder-slate-500 focus:outline-none focus:ring-2 focus:ring-red-500/50"
+              onKeyDown={(e) => e.key === 'Enter' && handleLogin()}
+            />
+            <button
+              onClick={handleLogin}
+              className="w-full py-3 bg-gradient-to-br from-red-500 to-orange-500 text-white rounded-xl font-bold text-sm hover:brightness-110 transition-all flex items-center justify-center gap-2"
+            >
+              <LogIn size={16} />
+              Sign in as Admin
+            </button>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  const totalPages = Math.ceil(total / 20);
+
+  return (
+    <div className="min-h-screen bg-slate-950 text-slate-100">
+      <header className="border-b border-slate-800 px-6 py-4 flex items-center justify-between">
+        <div className="flex items-center gap-3">
+          <div className="w-8 h-8 rounded-lg bg-gradient-to-br from-red-500 to-orange-500 flex items-center justify-center">
+            <Shield size={16} className="text-white" />
+          </div>
+          <h1 className="font-bold text-lg">MedOS Admin</h1>
+        </div>
+        <button
+          onClick={() => { fetchStats(); fetchUsers(); }}
+          className="flex items-center gap-1.5 px-3 py-1.5 rounded-lg bg-slate-800 text-slate-300 text-xs font-semibold hover:bg-slate-700"
+        >
+          <RefreshCw size={12} /> Refresh
+        </button>
+      </header>
+
+      <main className="max-w-6xl mx-auto px-4 sm:px-6 py-8">
+        {/* Stats grid */}
+        {stats && (
+          <div className="grid grid-cols-2 sm:grid-cols-3 lg:grid-cols-6 gap-3 mb-8">
+            <Stat icon={Users} label="Total users" value={stats.totalUsers} />
+            <Stat icon={Shield} label="Verified" value={stats.verifiedUsers} />
+            <Stat icon={Shield} label="Admins" value={stats.adminUsers} color="text-red-400" />
+            <Stat icon={Database} label="Health records" value={stats.totalHealthData} />
+            <Stat icon={MessageCircle} label="Conversations" value={stats.totalChats} />
+            <Stat icon={Activity} label="Active sessions" value={stats.activeSessions} />
+          </div>
+        )}
+
+        {/* Health data breakdown */}
+        {stats && stats.healthBreakdown.length > 0 && (
+          <div className="mb-8 p-4 rounded-2xl bg-slate-900 border border-slate-800">
+            <h3 className="text-xs font-bold uppercase tracking-wider text-slate-400 mb-3">Health data by type</h3>
+            <div className="flex flex-wrap gap-2">
+              {stats.healthBreakdown.map((b) => (
+                <span key={b.type} className="px-3 py-1.5 rounded-full bg-slate-800 text-sm font-medium text-slate-200">
+                  {b.type}: <strong>{b.count}</strong>
+                </span>
+              ))}
+            </div>
+          </div>
+        )}
+
+        {/* User management */}
+        <div className="rounded-2xl bg-slate-900 border border-slate-800 overflow-hidden">
+          <div className="p-4 border-b border-slate-800 flex items-center gap-3">
+            <h2 className="font-bold">Users ({total})</h2>
+            <div className="flex-1 relative ml-4">
+              <Search size={14} className="absolute left-3 top-1/2 -translate-y-1/2 text-slate-500" />
+              <input
+                value={search}
+                onChange={(e) => { setSearch(e.target.value); setPage(1); }}
+                placeholder="Search by email or name..."
+                className="w-full bg-slate-800 border border-slate-700 rounded-lg pl-9 pr-4 py-2 text-sm text-slate-100 placeholder-slate-500 focus:outline-none focus:ring-1 focus:ring-red-500/50"
+              />
+            </div>
+          </div>
+
+          <div className="overflow-x-auto">
+            <table className="w-full text-sm">
+              <thead>
+                <tr className="text-xs text-slate-400 uppercase tracking-wider border-b border-slate-800">
+                  <th className="text-left px-4 py-3">User</th>
+                  <th className="text-center px-4 py-3">Verified</th>
+                  <th className="text-center px-4 py-3">Role</th>
+                  <th className="text-center px-4 py-3">Health</th>
+                  <th className="text-center px-4 py-3">Chats</th>
+                  <th className="text-left px-4 py-3">Joined</th>
+                  <th className="text-right px-4 py-3">Actions</th>
+                </tr>
+              </thead>
+              <tbody>
+                {users.map((u) => (
+                  <tr key={u.id} className="border-b border-slate-800/50 hover:bg-slate-800/30">
+                    <td className="px-4 py-3">
+                      <div className="font-medium text-slate-100">{u.displayName || '—'}</div>
+                      <div className="text-xs text-slate-400">{u.email}</div>
+                    </td>
+                    <td className="px-4 py-3 text-center">
+                      <span className={`text-xs font-bold ${u.emailVerified ? 'text-emerald-400' : 'text-slate-500'}`}>
+                        {u.emailVerified ? 'Yes' : 'No'}
+                      </span>
+                    </td>
+                    <td className="px-4 py-3 text-center">
+                      {u.isAdmin ? (
+                        <span className="px-2 py-0.5 rounded-full text-[10px] font-bold bg-red-500/20 text-red-300 border border-red-500/30">
+                          ADMIN
+                        </span>
+                      ) : (
+                        <span className="text-xs text-slate-500">User</span>
+                      )}
+                    </td>
+                    <td className="px-4 py-3 text-center text-slate-300">{u.healthDataCount}</td>
+                    <td className="px-4 py-3 text-center text-slate-300">{u.chatHistoryCount}</td>
+                    <td className="px-4 py-3 text-slate-400 text-xs">
+                      {new Date(u.createdAt).toLocaleDateString()}
+                    </td>
+                    <td className="px-4 py-3 text-right">
+                      {!u.isAdmin && (
+                        <button
+                          onClick={() => handleDeleteUser(u.id, u.email)}
+                          className="p-1.5 rounded-lg text-slate-500 hover:text-red-400 hover:bg-red-500/10 transition-colors"
+                          title="Delete user"
+                        >
+                          <Trash2 size={14} />
+                        </button>
+                      )}
+                    </td>
+                  </tr>
+                ))}
+                {users.length === 0 && (
+                  <tr>
+                    <td colSpan={7} className="px-4 py-8 text-center text-slate-500">
+                      {loading ? 'Loading...' : 'No users found'}
+                    </td>
+                  </tr>
+                )}
+              </tbody>
+            </table>
+          </div>
+
+          {/* Pagination */}
+          {totalPages > 1 && (
+            <div className="flex items-center justify-between px-4 py-3 border-t border-slate-800">
+              <span className="text-xs text-slate-400">
+                Page {page} of {totalPages}
+              </span>
+              <div className="flex gap-1">
+                <button
+                  onClick={() => setPage(Math.max(1, page - 1))}
+                  disabled={page <= 1}
+                  className="p-1.5 rounded-lg bg-slate-800 text-slate-300 disabled:opacity-30"
+                >
+                  <ChevronLeft size={14} />
+                </button>
+                <button
+                  onClick={() => setPage(Math.min(totalPages, page + 1))}
+                  disabled={page >= totalPages}
+                  className="p-1.5 rounded-lg bg-slate-800 text-slate-300 disabled:opacity-30"
+                >
+                  <ChevronRight size={14} />
+                </button>
+              </div>
+            </div>
+          )}
+        </div>
+      </main>
+    </div>
+  );
+}
+
+function Stat({ icon: Icon, label, value, color }: { icon: any; label: string; value: number; color?: string }) {
+  return (
+    <div className="p-4 rounded-xl bg-slate-900 border border-slate-800">
+      <Icon size={16} className={color || 'text-slate-400'} />
+      <div className="text-2xl font-black mt-2">{value.toLocaleString()}</div>
+      <div className="text-[11px] text-slate-500 font-semibold">{label}</div>
+    </div>
+  );
+}

app/api/admin/config/route.ts

@@ -0,0 +1,121 @@
+import { NextResponse } from 'next/server';
+import { requireAdmin } from '@/lib/auth-middleware';
+import { loadConfig, saveConfig, type ServerConfig } from '@/lib/server-config';
+
+/**
+ * Admin configuration management.
+ *
+ * GET  /api/admin/config — returns current server configuration (redacted secrets).
+ * PUT  /api/admin/config — updates server configuration (persisted to config file).
+ *
+ * Configuration is persisted to a JSON file on disk so it survives restarts.
+ * Environment variables take precedence over the config file on first boot.
+ *
+ * The storage/merge logic lives in @/lib/server-config so other admin routes
+ * (like /api/admin/fetch-models) can read the same source of truth.
+ */
+
+/** Redact sensitive fields for GET responses. */
+function redact(config: ServerConfig) {
+  const hasSecret = (v: string) => !!(v && v.length > 0);
+  const mask = (v: string) => (hasSecret(v) ? '••••••••' : '');
+  return {
+    smtp: {
+      host: config.smtp.host,
+      port: config.smtp.port,
+      user: config.smtp.user,
+      pass: mask(config.smtp.pass),
+      fromEmail: config.smtp.fromEmail,
+      recoveryEmail: config.smtp.recoveryEmail,
+      configured: !!(config.smtp.host && config.smtp.user && config.smtp.pass),
+    },
+    llm: {
+      defaultPreset: config.llm.defaultPreset,
+      ollamaUrl: config.llm.ollamaUrl,
+      hfDefaultModel: config.llm.hfDefaultModel,
+      hfToken: mask(config.llm.hfToken),
+      ollabridgeUrl: config.llm.ollabridgeUrl,
+      ollabridgeApiKey: mask(config.llm.ollabridgeApiKey),
+      openaiApiKey: mask(config.llm.openaiApiKey),
+      anthropicApiKey: mask(config.llm.anthropicApiKey),
+      groqApiKey: mask(config.llm.groqApiKey),
+      watsonxApiKey: mask(config.llm.watsonxApiKey),
+      watsonxProjectId: config.llm.watsonxProjectId,
+      watsonxUrl: config.llm.watsonxUrl,
+      // Computed status flags — derived server-side so UI can show chips.
+      ollabridgeConfigured: !!config.llm.ollabridgeUrl,
+      hfConfigured: hasSecret(config.llm.hfToken),
+      openaiConfigured: hasSecret(config.llm.openaiApiKey),
+      anthropicConfigured: hasSecret(config.llm.anthropicApiKey),
+      groqConfigured: hasSecret(config.llm.groqApiKey),
+      watsonxConfigured: hasSecret(config.llm.watsonxApiKey) && !!config.llm.watsonxProjectId,
+    },
+    app: config.app,
+  };
+}
+
+export async function GET(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  const config = loadConfig();
+  return NextResponse.json(redact(config));
+}
+
+export async function PUT(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  try {
+    const body = await req.json();
+    const current = loadConfig();
+
+    // Merge incoming changes (only update provided fields).
+    if (body.smtp) {
+      if (body.smtp.host !== undefined) current.smtp.host = body.smtp.host;
+      if (body.smtp.port !== undefined) current.smtp.port = parseInt(body.smtp.port, 10);
+      if (body.smtp.user !== undefined) current.smtp.user = body.smtp.user;
+      // Only update password if it's not the redacted placeholder.
+      if (body.smtp.pass !== undefined && body.smtp.pass !== '••••••••') {
+        current.smtp.pass = body.smtp.pass;
+      }
+      if (body.smtp.fromEmail !== undefined) current.smtp.fromEmail = body.smtp.fromEmail;
+      if (body.smtp.recoveryEmail !== undefined) current.smtp.recoveryEmail = body.smtp.recoveryEmail;
+    }
+
+    if (body.llm) {
+      // Non-secret fields — assign directly.
+      if (body.llm.defaultPreset !== undefined) current.llm.defaultPreset = body.llm.defaultPreset;
+      if (body.llm.ollamaUrl !== undefined) current.llm.ollamaUrl = body.llm.ollamaUrl;
+      if (body.llm.hfDefaultModel !== undefined) current.llm.hfDefaultModel = body.llm.hfDefaultModel;
+      if (body.llm.ollabridgeUrl !== undefined) current.llm.ollabridgeUrl = body.llm.ollabridgeUrl;
+      if (body.llm.watsonxProjectId !== undefined) current.llm.watsonxProjectId = body.llm.watsonxProjectId;
+      if (body.llm.watsonxUrl !== undefined) current.llm.watsonxUrl = body.llm.watsonxUrl;
+
+      // Secret fields — skip if value is the redacted placeholder.
+      const setSecret = (field: keyof ServerConfig['llm'], value: any) => {
+        if (value !== undefined && value !== '••••••••') {
+          (current.llm as any)[field] = value;
+        }
+      };
+      setSecret('hfToken', body.llm.hfToken);
+      setSecret('ollabridgeApiKey', body.llm.ollabridgeApiKey);
+      setSecret('openaiApiKey', body.llm.openaiApiKey);
+      setSecret('anthropicApiKey', body.llm.anthropicApiKey);
+      setSecret('groqApiKey', body.llm.groqApiKey);
+      setSecret('watsonxApiKey', body.llm.watsonxApiKey);
+    }
+
+    if (body.app) {
+      if (body.app.appUrl !== undefined) current.app.appUrl = body.app.appUrl;
+      if (body.app.allowedOrigins !== undefined) current.app.allowedOrigins = body.app.allowedOrigins;
+    }
+
+    saveConfig(current);
+
+    return NextResponse.json({ success: true, config: redact(current) });
+  } catch (error: any) {
+    console.error('[Admin Config]', error?.message);
+    return NextResponse.json({ error: error?.message || 'Failed to update config' }, { status: 500 });
+  }
+}

app/api/admin/fetch-models/route.ts

@@ -0,0 +1,423 @@
+import { NextResponse } from 'next/server';
+import { requireAdmin } from '@/lib/auth-middleware';
+import { loadConfig } from '@/lib/server-config';
+
+/**
+ * GET /api/admin/fetch-models — Aggregate available models from every
+ * configured provider into one list for the admin model picker.
+ *
+ * Queries, in parallel:
+ *   - OllaBridge Cloud            /v1/models         (OpenAI-compatible)
+ *   - HuggingFace Inference       /v1/models         (via router.huggingface.co)
+ *   - Groq                        /openai/v1/models  (free/cheap tier)
+ *   - OpenAI                      /v1/models         (paid enterprise)
+ *   - Anthropic                   /v1/models         (paid enterprise)
+ *   - IBM WatsonX                 /ml/v1/foundation_model_specs (paid enterprise)
+ *
+ * Each provider block returns:
+ *   { provider, configured, ok, error?, models: [{id, name, ownedBy, context?}] }
+ *
+ * Providers that aren't configured still appear in the response so the UI
+ * can show them as "not configured" with a link to set them up. This keeps
+ * the client-side model picker uniform across providers.
+ *
+ * Admin-only endpoint.
+ */
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+interface ModelInfo {
+  id: string;
+  name: string;
+  ownedBy?: string;
+  context?: number;
+  pricing?: 'free' | 'paid' | 'cheap' | 'local';
+}
+
+interface ProviderBlock {
+  provider: string;
+  label: string;
+  configured: boolean;
+  ok: boolean;
+  error?: string;
+  pricing: 'free' | 'paid' | 'cheap' | 'local';
+  models: ModelInfo[];
+}
+
+/** Default 10s timeout for any provider discovery call. */
+function withTimeout(ms = 10000) {
+  return AbortSignal.timeout(ms);
+}
+
+async function safeJson(res: Response): Promise<any> {
+  try {
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+
+// ---- Provider fetchers ---------------------------------------------------
+
+async function fetchOllaBridge(
+  url: string,
+  apiKey: string,
+): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'ollabridge',
+    label: 'OllaBridge Cloud',
+    configured: !!url,
+    ok: false,
+    pricing: 'free',
+    models: [],
+  };
+  if (!url) {
+    block.error = 'Not configured — set OllaBridge URL in Server tab';
+    return block;
+  }
+  try {
+    const cleanBase = url.replace(/\/+$/, '');
+    const res = await fetch(`${cleanBase}/v1/models`, {
+      headers: apiKey ? { Authorization: `Bearer ${apiKey}` } : {},
+      signal: withTimeout(),
+    });
+    if (!res.ok) {
+      block.error = `HTTP ${res.status}`;
+      return block;
+    }
+    const data = await safeJson(res);
+    const list = Array.isArray(data?.data) ? data.data : [];
+    block.models = list.map((m: any) => ({
+      id: String(m.id ?? 'unknown'),
+      name: String(m.id ?? 'unknown'),
+      ownedBy: m.owned_by || 'ollabridge',
+      pricing:
+        String(m.id ?? '').startsWith('free-')
+          ? 'free'
+          : String(m.id ?? '').startsWith('cheap-')
+            ? 'cheap'
+            : 'local',
+    }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+  }
+  return block;
+}
+
+async function fetchHuggingFace(token: string): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'huggingface',
+    label: 'HuggingFace Inference',
+    configured: !!token,
+    ok: false,
+    pricing: 'free',
+    models: [],
+  };
+  if (!token) {
+    block.error = 'Not configured — set HF token in Server tab';
+    // Still provide the curated fallback chain as suggestions so users can
+    // pick a model even before the token is set.
+    block.models = CURATED_HF_MODELS.map((id) => ({
+      id,
+      name: id.split('/').pop() || id,
+      ownedBy: id.split('/')[0],
+      pricing: 'free',
+    }));
+    return block;
+  }
+  try {
+    const res = await fetch('https://router.huggingface.co/v1/models', {
+      headers: { Authorization: `Bearer ${token}` },
+      signal: withTimeout(),
+    });
+    if (!res.ok) {
+      block.error = `HTTP ${res.status}`;
+      // Still return curated list so the UI has something to show.
+      block.models = CURATED_HF_MODELS.map((id) => ({
+        id,
+        name: id.split('/').pop() || id,
+        ownedBy: id.split('/')[0],
+        pricing: 'free',
+      }));
+      return block;
+    }
+    const data = await safeJson(res);
+    const list = Array.isArray(data?.data) ? data.data : [];
+    block.models = list
+      .filter((m: any) => typeof m?.id === 'string')
+      .map((m: any) => ({
+        id: String(m.id),
+        name: String(m.id).split('/').pop() || String(m.id),
+        ownedBy: m.owned_by || String(m.id).split('/')[0],
+        pricing: 'free' as const,
+      }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+    block.models = CURATED_HF_MODELS.map((id) => ({
+      id,
+      name: id.split('/').pop() || id,
+      ownedBy: id.split('/')[0],
+      pricing: 'free',
+    }));
+  }
+  return block;
+}
+
+/** Verified-working free HF models (from lib/providers/huggingface-direct.ts). */
+const CURATED_HF_MODELS = [
+  'meta-llama/Llama-3.3-70B-Instruct',
+  'Qwen/Qwen2.5-72B-Instruct',
+  'Qwen/Qwen3-235B-A22B',
+  'google/gemma-3-27b-it',
+  'meta-llama/Llama-3.1-70B-Instruct',
+  'deepseek-ai/DeepSeek-V3-0324',
+];
+
+async function fetchGroq(apiKey: string): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'groq',
+    label: 'Groq (Free tier)',
+    configured: !!apiKey,
+    ok: false,
+    pricing: 'free',
+    models: [],
+  };
+  if (!apiKey) {
+    block.error = 'Not configured — add Groq API key in Server tab';
+    return block;
+  }
+  try {
+    const res = await fetch('https://api.groq.com/openai/v1/models', {
+      headers: { Authorization: `Bearer ${apiKey}` },
+      signal: withTimeout(),
+    });
+    if (!res.ok) {
+      block.error = `HTTP ${res.status}`;
+      return block;
+    }
+    const data = await safeJson(res);
+    const list = Array.isArray(data?.data) ? data.data : [];
+    block.models = list.map((m: any) => ({
+      id: String(m.id ?? 'unknown'),
+      name: String(m.id ?? 'unknown'),
+      ownedBy: m.owned_by || 'groq',
+      context: typeof m.context_window === 'number' ? m.context_window : undefined,
+      pricing: 'free',
+    }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+  }
+  return block;
+}
+
+async function fetchOpenAI(apiKey: string): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'openai',
+    label: 'OpenAI (Paid)',
+    configured: !!apiKey,
+    ok: false,
+    pricing: 'paid',
+    models: [],
+  };
+  if (!apiKey) {
+    block.error = 'Not configured — add OpenAI API key in Server tab';
+    return block;
+  }
+  try {
+    const res = await fetch('https://api.openai.com/v1/models', {
+      headers: { Authorization: `Bearer ${apiKey}` },
+      signal: withTimeout(),
+    });
+    if (!res.ok) {
+      block.error = `HTTP ${res.status}`;
+      return block;
+    }
+    const data = await safeJson(res);
+    const list = Array.isArray(data?.data) ? data.data : [];
+    // Filter to chat-capable GPT models — the full list is noisy.
+    block.models = list
+      .filter((m: any) => {
+        const id = String(m?.id || '');
+        return /^(gpt-|o1-|o3-|chatgpt)/i.test(id);
+      })
+      .map((m: any) => ({
+        id: String(m.id),
+        name: String(m.id),
+        ownedBy: m.owned_by || 'openai',
+        pricing: 'paid' as const,
+      }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+  }
+  return block;
+}
+
+async function fetchAnthropic(apiKey: string): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'anthropic',
+    label: 'Anthropic Claude (Paid)',
+    configured: !!apiKey,
+    ok: false,
+    pricing: 'paid',
+    models: [],
+  };
+  if (!apiKey) {
+    block.error = 'Not configured — add Anthropic API key in Server tab';
+    // Provide curated list as placeholder.
+    block.models = CURATED_ANTHROPIC_MODELS;
+    return block;
+  }
+  try {
+    const res = await fetch('https://api.anthropic.com/v1/models', {
+      headers: {
+        'x-api-key': apiKey,
+        'anthropic-version': '2023-06-01',
+      },
+      signal: withTimeout(),
+    });
+    if (!res.ok) {
+      block.error = `HTTP ${res.status}`;
+      block.models = CURATED_ANTHROPIC_MODELS;
+      return block;
+    }
+    const data = await safeJson(res);
+    const list = Array.isArray(data?.data) ? data.data : [];
+    block.models = list.map((m: any) => ({
+      id: String(m.id ?? 'unknown'),
+      name: String(m.display_name || m.id || 'unknown'),
+      ownedBy: 'anthropic',
+      pricing: 'paid' as const,
+    }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+    block.models = CURATED_ANTHROPIC_MODELS;
+  }
+  return block;
+}
+
+/** Fallback list so the UI can show Claude options even without a key. */
+const CURATED_ANTHROPIC_MODELS: ModelInfo[] = [
+  { id: 'claude-opus-4-6', name: 'Claude Opus 4.6', ownedBy: 'anthropic', pricing: 'paid' },
+  { id: 'claude-sonnet-4-6', name: 'Claude Sonnet 4.6', ownedBy: 'anthropic', pricing: 'paid' },
+  { id: 'claude-haiku-4-5-20251001', name: 'Claude Haiku 4.5', ownedBy: 'anthropic', pricing: 'paid' },
+];
+
+async function fetchWatsonx(
+  apiKey: string,
+  projectId: string,
+  baseUrl: string,
+): Promise<ProviderBlock> {
+  const block: ProviderBlock = {
+    provider: 'watsonx',
+    label: 'IBM WatsonX (Paid)',
+    configured: !!(apiKey && projectId),
+    ok: false,
+    pricing: 'paid',
+    models: [],
+  };
+  if (!apiKey || !projectId) {
+    block.error = 'Not configured — add WatsonX API key and project ID in Server tab';
+    block.models = CURATED_WATSONX_MODELS;
+    return block;
+  }
+  try {
+    // WatsonX requires exchanging the API key for an IAM bearer token first.
+    const iamRes = await fetch('https://iam.cloud.ibm.com/identity/token', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        grant_type: 'urn:ibm:params:oauth:grant-type:apikey',
+        apikey: apiKey,
+      }),
+      signal: withTimeout(),
+    });
+    if (!iamRes.ok) {
+      block.error = `IAM token failed: HTTP ${iamRes.status}`;
+      block.models = CURATED_WATSONX_MODELS;
+      return block;
+    }
+    const iamData = await safeJson(iamRes);
+    const bearer = iamData?.access_token;
+    if (!bearer) {
+      block.error = 'IAM response missing access_token';
+      block.models = CURATED_WATSONX_MODELS;
+      return block;
+    }
+
+    // Discover available foundation models.
+    const cleanBase = baseUrl.replace(/\/+$/, '');
+    const modelsRes = await fetch(
+      `${cleanBase}/ml/v1/foundation_model_specs?version=2024-05-01&limit=200`,
+      {
+        headers: { Authorization: `Bearer ${bearer}` },
+        signal: withTimeout(),
+      },
+    );
+    if (!modelsRes.ok) {
+      block.error = `HTTP ${modelsRes.status}`;
+      block.models = CURATED_WATSONX_MODELS;
+      return block;
+    }
+    const data = await safeJson(modelsRes);
+    const list = Array.isArray(data?.resources) ? data.resources : [];
+    block.models = list.map((m: any) => ({
+      id: String(m.model_id ?? 'unknown'),
+      name: String(m.label || m.model_id || 'unknown'),
+      ownedBy: m.provider || 'ibm',
+      pricing: 'paid' as const,
+    }));
+    block.ok = true;
+  } catch (e: any) {
+    block.error = e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed';
+    block.models = CURATED_WATSONX_MODELS;
+  }
+  return block;
+}
+
+/** Common WatsonX foundation models as a fallback list. */
+const CURATED_WATSONX_MODELS: ModelInfo[] = [
+  { id: 'ibm/granite-3-8b-instruct', name: 'Granite 3 8B Instruct', ownedBy: 'ibm', pricing: 'paid' },
+  { id: 'meta-llama/llama-3-3-70b-instruct', name: 'Llama 3.3 70B', ownedBy: 'meta', pricing: 'paid' },
+  { id: 'mistralai/mistral-large', name: 'Mistral Large', ownedBy: 'mistralai', pricing: 'paid' },
+];
+
+// ---- Route handler -------------------------------------------------------
+
+export async function GET(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  const config = loadConfig();
+  const { llm } = config;
+
+  // Run every discovery call in parallel so the slowest provider sets the
+  // total latency floor, not the sum of all calls.
+  const [ollabridge, huggingface, groq, openai, anthropic, watsonx] = await Promise.all([
+    fetchOllaBridge(llm.ollabridgeUrl, llm.ollabridgeApiKey),
+    fetchHuggingFace(llm.hfToken),
+    fetchGroq(llm.groqApiKey),
+    fetchOpenAI(llm.openaiApiKey),
+    fetchAnthropic(llm.anthropicApiKey),
+    fetchWatsonx(llm.watsonxApiKey, llm.watsonxProjectId, llm.watsonxUrl),
+  ]);
+
+  const providers = [ollabridge, huggingface, groq, openai, anthropic, watsonx];
+  const totalModels = providers.reduce((sum, p) => sum + p.models.length, 0);
+  const okCount = providers.filter((p) => p.ok).length;
+
+  return NextResponse.json({
+    providers,
+    summary: {
+      providers: providers.length,
+      providersOk: okCount,
+      totalModels,
+      fetchedAt: new Date().toISOString(),
+    },
+  });
+}

app/api/admin/llm-health/route.ts

@@ -0,0 +1,127 @@
+import { NextResponse } from 'next/server';
+import { requireAdmin } from '@/lib/auth-middleware';
+import { loadConfig } from '@/lib/server-config';
+
+/**
+ * GET /api/admin/llm-health — Test all LLM providers and models.
+ *
+ * Sends a minimal "Say OK" prompt to each model in the fallback chain
+ * and reports which ones are alive, their latency, and any errors.
+ * Admin-only endpoint.
+ *
+ * Token resolution order:
+ *   1. admin config file (set via /api/admin/config PUT)
+ *   2. HF_TOKEN environment variable
+ * This way an admin can fix a misconfigured Space without redeploying.
+ */
+
+const HF_BASE_URL = 'https://router.huggingface.co/v1';
+
+/** All models to test — matches the presets fallback chain. */
+const MODELS_TO_TEST = [
+  'meta-llama/Llama-3.3-70B-Instruct:sambanova',
+  'meta-llama/Llama-3.3-70B-Instruct:together',
+  'meta-llama/Llama-3.3-70B-Instruct',
+  'Qwen/Qwen2.5-72B-Instruct',
+  'Qwen/Qwen3-235B-A22B',
+  'google/gemma-3-27b-it',
+  'meta-llama/Llama-3.1-70B-Instruct',
+  'Qwen/Qwen3-32B',
+  'deepseek-ai/DeepSeek-V3-0324',
+  'deepseek-ai/DeepSeek-R1',
+  'Qwen/Qwen3-30B-A3B',
+  'Qwen/Qwen2.5-Coder-32B-Instruct',
+];
+
+async function testModel(model: string, token: string): Promise<{
+  model: string;
+  status: 'ok' | 'error';
+  latencyMs: number;
+  response?: string;
+  error?: string;
+  httpStatus?: number;
+}> {
+  const start = Date.now();
+  try {
+    const res = await fetch(`${HF_BASE_URL}/chat/completions`, {
+      method: 'POST',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        model,
+        messages: [{ role: 'user', content: 'Say OK' }],
+        max_tokens: 5,
+        temperature: 0.1,
+        stream: false,
+      }),
+      signal: AbortSignal.timeout(15000),
+    });
+
+    const latencyMs = Date.now() - start;
+
+    if (res.ok) {
+      const data = await res.json();
+      const content = data?.choices?.[0]?.message?.content?.trim() || '';
+      return { model, status: 'ok', latencyMs, response: content.slice(0, 30) };
+    } else {
+      const text = await res.text().catch(() => '');
+      const errorMsg = text.slice(0, 100);
+      return { model, status: 'error', latencyMs, error: errorMsg, httpStatus: res.status };
+    }
+  } catch (e: any) {
+    return {
+      model,
+      status: 'error',
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (15s)' : (e?.message || 'Unknown error').slice(0, 100),
+    };
+  }
+}
+
+export async function GET(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  // Prefer admin-configured token, fall back to env var.
+  const config = loadConfig();
+  const token = config.llm.hfToken || process.env.HF_TOKEN || '';
+
+  if (!token) {
+    // Still return a well-formed response so the UI can render an empty-state
+    // Provider Status panel with a helpful error banner.
+    return NextResponse.json({
+      error: 'HF_TOKEN not configured — set it in Admin → Server → HuggingFace.',
+      models: MODELS_TO_TEST.map((model) => ({
+        model,
+        status: 'error' as const,
+        latencyMs: 0,
+        error: 'No HF token configured',
+      })),
+      summary: {
+        total: MODELS_TO_TEST.length,
+        ok: 0,
+        error: MODELS_TO_TEST.length,
+        testedAt: new Date().toISOString(),
+      },
+    });
+  }
+
+  // Test all models in parallel for speed.
+  const results = await Promise.all(
+    MODELS_TO_TEST.map((model) => testModel(model, token))
+  );
+
+  const ok = results.filter((r) => r.status === 'ok').length;
+
+  return NextResponse.json({
+    models: results,
+    summary: {
+      total: results.length,
+      ok,
+      error: results.length - ok,
+      testedAt: new Date().toISOString(),
+    },
+  });
+}

app/api/admin/reset-password/route.ts

@@ -0,0 +1,62 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import bcrypt from 'bcryptjs';
+import { getDb } from '@/lib/db';
+import { requireAdmin } from '@/lib/auth-middleware';
+
+const Schema = z.object({
+  userId: z.string().min(1),
+  newPassword: z.string().min(6, 'Password must be at least 6 characters'),
+});
+
+/**
+ * POST /api/admin/reset-password — Admin-initiated password reset.
+ *
+ * Allows admins to manually reset a user's password. This is the
+ * industry-standard approach for user management: the admin sets a
+ * temporary password and instructs the user to change it on login.
+ *
+ * Security measures:
+ * - Requires admin authentication
+ * - Passwords are bcrypt-hashed
+ * - All existing sessions for the user are invalidated
+ * - Cannot reset your own password (use profile instead)
+ */
+export async function POST(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  try {
+    const body = await req.json();
+    const { userId, newPassword } = Schema.parse(body);
+
+    const db = getDb();
+
+    // Verify user exists.
+    const user = db.prepare('SELECT id, email FROM users WHERE id = ?').get(userId) as any;
+    if (!user) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 });
+    }
+
+    // Hash new password.
+    const hash = bcrypt.hashSync(newPassword, 10);
+
+    // Update password and invalidate all sessions.
+    const tx = db.transaction(() => {
+      db.prepare('UPDATE users SET password = ?, updated_at = datetime(\'now\') WHERE id = ?').run(hash, userId);
+      db.prepare('DELETE FROM sessions WHERE user_id = ?').run(userId);
+    });
+    tx();
+
+    return NextResponse.json({
+      success: true,
+      message: `Password reset for ${user.email}. All sessions invalidated.`,
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: error.errors[0]?.message || 'Invalid input' }, { status: 400 });
+    }
+    console.error('[Admin Reset Password]', error?.message);
+    return NextResponse.json({ error: 'Failed to reset password' }, { status: 500 });
+  }
+}

app/api/admin/stats/route.ts

@@ -0,0 +1,46 @@
+import { NextResponse } from 'next/server';
+import { getDb } from '@/lib/db';
+import { requireAdmin } from '@/lib/auth-middleware';
+
+/**
+ * GET /api/admin/stats — aggregate platform statistics (admin only).
+ */
+export async function GET(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  const db = getDb();
+
+  const totalUsers = (db.prepare('SELECT COUNT(*) as c FROM users').get() as any).c;
+  const verifiedUsers = (db.prepare('SELECT COUNT(*) as c FROM users WHERE email_verified = 1').get() as any).c;
+  const adminUsers = (db.prepare('SELECT COUNT(*) as c FROM users WHERE is_admin = 1').get() as any).c;
+  const totalHealthData = (db.prepare('SELECT COUNT(*) as c FROM health_data').get() as any).c;
+  const totalChats = (db.prepare('SELECT COUNT(*) as c FROM chat_history').get() as any).c;
+  const activeSessions = (db.prepare("SELECT COUNT(*) as c FROM sessions WHERE expires_at > datetime('now')").get() as any).c;
+
+  // Health data breakdown by type.
+  const healthBreakdown = db
+    .prepare('SELECT type, COUNT(*) as count FROM health_data GROUP BY type ORDER BY count DESC')
+    .all() as any[];
+
+  // Registrations over time (last 30 days).
+  const registrations = db
+    .prepare(
+      `SELECT date(created_at) as day, COUNT(*) as count
+       FROM users
+       WHERE created_at > datetime('now', '-30 days')
+       GROUP BY day ORDER BY day`,
+    )
+    .all() as any[];
+
+  return NextResponse.json({
+    totalUsers,
+    verifiedUsers,
+    adminUsers,
+    totalHealthData,
+    totalChats,
+    activeSessions,
+    healthBreakdown,
+    registrations,
+  });
+}

app/api/admin/test-connection/route.ts

@@ -0,0 +1,243 @@
+import { NextResponse } from 'next/server';
+import { requireAdmin } from '@/lib/auth-middleware';
+import { loadConfig } from '@/lib/server-config';
+
+/**
+ * POST /api/admin/test-connection — Test connectivity to a named provider.
+ *
+ * Body: { provider: "ollabridge" | "huggingface" | "openai" | "anthropic"
+ *                  | "groq" | "watsonx" }
+ *
+ * Response:
+ *   { ok: boolean, provider, latencyMs, status?, error?, details? }
+ *
+ * Used by the "Test Connection" button on each provider card. Mirrors the
+ * `ollabridge pair` CLI check — validates that credentials are good and
+ * that the provider's /v1/models (or equivalent) endpoint responds.
+ *
+ * Admin-only.
+ */
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+type Provider = 'ollabridge' | 'huggingface' | 'openai' | 'anthropic' | 'groq' | 'watsonx';
+
+interface TestResult {
+  ok: boolean;
+  provider: Provider;
+  latencyMs: number;
+  status?: number;
+  error?: string;
+  details?: string;
+}
+
+async function testOllaBridge(url: string, apiKey: string): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!url) {
+    return { ok: false, latencyMs: 0, error: 'URL not configured' };
+  }
+  try {
+    const cleanBase = url.replace(/\/+$/, '');
+    const res = await fetch(`${cleanBase}/v1/models`, {
+      headers: apiKey ? { Authorization: `Bearer ${apiKey}` } : {},
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) {
+      return { ok: false, latencyMs, status: res.status, error: `HTTP ${res.status}` };
+    }
+    const data = await res.json().catch(() => null);
+    const count = Array.isArray(data?.data) ? data.data.length : 0;
+    return {
+      ok: true,
+      latencyMs,
+      status: res.status,
+      details: `${count} model${count === 1 ? '' : 's'} available`,
+    };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+async function testHuggingFace(token: string): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!token) return { ok: false, latencyMs: 0, error: 'HF token not configured' };
+  try {
+    // whoami-v2 validates that the token has API access; it's cheaper
+    // than hitting the router and gives a clear permission error.
+    const res = await fetch('https://huggingface.co/api/whoami-v2', {
+      headers: { Authorization: `Bearer ${token}` },
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) {
+      return { ok: false, latencyMs, status: res.status, error: `HTTP ${res.status}` };
+    }
+    const data = await res.json().catch(() => null);
+    return {
+      ok: true,
+      latencyMs,
+      status: res.status,
+      details: data?.name ? `Authenticated as ${data.name}` : 'Token valid',
+    };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+async function testOpenAI(apiKey: string): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!apiKey) return { ok: false, latencyMs: 0, error: 'OpenAI API key not configured' };
+  try {
+    const res = await fetch('https://api.openai.com/v1/models', {
+      headers: { Authorization: `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) return { ok: false, latencyMs, status: res.status, error: `HTTP ${res.status}` };
+    const data = await res.json().catch(() => null);
+    const count = Array.isArray(data?.data) ? data.data.length : 0;
+    return { ok: true, latencyMs, status: res.status, details: `${count} models visible` };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+async function testAnthropic(apiKey: string): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!apiKey) return { ok: false, latencyMs: 0, error: 'Anthropic API key not configured' };
+  try {
+    const res = await fetch('https://api.anthropic.com/v1/models', {
+      headers: {
+        'x-api-key': apiKey,
+        'anthropic-version': '2023-06-01',
+      },
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) return { ok: false, latencyMs, status: res.status, error: `HTTP ${res.status}` };
+    const data = await res.json().catch(() => null);
+    const count = Array.isArray(data?.data) ? data.data.length : 0;
+    return { ok: true, latencyMs, status: res.status, details: `${count} models visible` };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+async function testGroq(apiKey: string): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!apiKey) return { ok: false, latencyMs: 0, error: 'Groq API key not configured' };
+  try {
+    const res = await fetch('https://api.groq.com/openai/v1/models', {
+      headers: { Authorization: `Bearer ${apiKey}` },
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) return { ok: false, latencyMs, status: res.status, error: `HTTP ${res.status}` };
+    const data = await res.json().catch(() => null);
+    const count = Array.isArray(data?.data) ? data.data.length : 0;
+    return { ok: true, latencyMs, status: res.status, details: `${count} models visible` };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+async function testWatsonx(
+  apiKey: string,
+  projectId: string,
+  _baseUrl: string,
+): Promise<Omit<TestResult, 'provider'>> {
+  const start = Date.now();
+  if (!apiKey || !projectId) {
+    return { ok: false, latencyMs: 0, error: 'Missing API key or project ID' };
+  }
+  try {
+    const res = await fetch('https://iam.cloud.ibm.com/identity/token', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        grant_type: 'urn:ibm:params:oauth:grant-type:apikey',
+        apikey: apiKey,
+      }),
+      signal: AbortSignal.timeout(10000),
+    });
+    const latencyMs = Date.now() - start;
+    if (!res.ok) return { ok: false, latencyMs, status: res.status, error: `IAM HTTP ${res.status}` };
+    const data = await res.json().catch(() => null);
+    if (!data?.access_token) return { ok: false, latencyMs, error: 'No access_token in IAM response' };
+    return { ok: true, latencyMs, status: 200, details: 'IAM token valid' };
+  } catch (e: any) {
+    return {
+      ok: false,
+      latencyMs: Date.now() - start,
+      error: e?.name === 'TimeoutError' ? 'Timeout (10s)' : e?.message?.slice(0, 100) || 'Request failed',
+    };
+  }
+}
+
+export async function POST(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  let body: any;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: 'Invalid JSON body' }, { status: 400 });
+  }
+
+  const provider = body?.provider as Provider;
+  if (!provider) {
+    return NextResponse.json({ error: 'Missing provider field' }, { status: 400 });
+  }
+
+  const config = loadConfig();
+  const { llm } = config;
+
+  let result: Omit<TestResult, 'provider'>;
+  switch (provider) {
+    case 'ollabridge':
+      result = await testOllaBridge(llm.ollabridgeUrl, llm.ollabridgeApiKey);
+      break;
+    case 'huggingface':
+      result = await testHuggingFace(llm.hfToken);
+      break;
+    case 'openai':
+      result = await testOpenAI(llm.openaiApiKey);
+      break;
+    case 'anthropic':
+      result = await testAnthropic(llm.anthropicApiKey);
+      break;
+    case 'groq':
+      result = await testGroq(llm.groqApiKey);
+      break;
+    case 'watsonx':
+      result = await testWatsonx(llm.watsonxApiKey, llm.watsonxProjectId, llm.watsonxUrl);
+      break;
+    default:
+      return NextResponse.json({ error: `Unknown provider: ${provider}` }, { status: 400 });
+  }
+
+  return NextResponse.json({ provider, ...result });
+}

app/api/admin/users/route.ts

@@ -0,0 +1,78 @@
+import { NextResponse } from 'next/server';
+import { getDb } from '@/lib/db';
+import { requireAdmin } from '@/lib/auth-middleware';
+
+/**
+ * GET /api/admin/users — list all registered users (admin only).
+ * Query params: ?page=1&limit=50&search=term
+ */
+export async function GET(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  const url = new URL(req.url);
+  const page = Math.max(1, parseInt(url.searchParams.get('page') || '1', 10));
+  const limit = Math.min(100, Math.max(1, parseInt(url.searchParams.get('limit') || '50', 10)));
+  const search = url.searchParams.get('search')?.trim();
+  const offset = (page - 1) * limit;
+
+  const db = getDb();
+
+  const where = search ? "WHERE email LIKE ? OR display_name LIKE ?" : "";
+  const params = search ? [`%${search}%`, `%${search}%`] : [];
+
+  const total = (db.prepare(`SELECT COUNT(*) as c FROM users ${where}`).get(...params) as any).c;
+
+  const rows = db
+    .prepare(
+      `SELECT id, email, display_name, email_verified, is_admin, created_at
+       FROM users ${where}
+       ORDER BY created_at DESC LIMIT ? OFFSET ?`,
+    )
+    .all(...params, limit, offset) as any[];
+
+  // Health data count per user.
+  const users = rows.map((r) => {
+    const healthCount = (
+      db.prepare('SELECT COUNT(*) as c FROM health_data WHERE user_id = ?').get(r.id) as any
+    ).c;
+    const chatCount = (
+      db.prepare('SELECT COUNT(*) as c FROM chat_history WHERE user_id = ?').get(r.id) as any
+    ).c;
+    return {
+      id: r.id,
+      email: r.email,
+      displayName: r.display_name,
+      emailVerified: !!r.email_verified,
+      isAdmin: !!r.is_admin,
+      createdAt: r.created_at,
+      healthDataCount: healthCount,
+      chatHistoryCount: chatCount,
+    };
+  });
+
+  return NextResponse.json({ users, total, page, limit });
+}
+
+/**
+ * DELETE /api/admin/users?id=<userId> — delete a user (admin only).
+ * CASCADE deletes all their health data, chat history, and sessions.
+ */
+export async function DELETE(req: Request) {
+  const admin = requireAdmin(req);
+  if (!admin) return NextResponse.json({ error: 'Admin access required' }, { status: 403 });
+
+  const url = new URL(req.url);
+  const userId = url.searchParams.get('id');
+  if (!userId) return NextResponse.json({ error: 'Missing user id' }, { status: 400 });
+
+  // Prevent deleting yourself.
+  if (userId === admin.id) {
+    return NextResponse.json({ error: 'Cannot delete your own admin account' }, { status: 400 });
+  }
+
+  const db = getDb();
+  db.prepare('DELETE FROM users WHERE id = ?').run(userId);
+
+  return NextResponse.json({ success: true });
+}

app/api/auth/delete-account/route.ts

@@ -0,0 +1,80 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb } from '@/lib/db';
+import { requireAdmin } from '@/lib/auth-middleware';
+
+const Schema = z.object({
+  userId: z.string().min(1),
+  confirmEmail: z.string().email(),
+});
+
+/**
+ * POST /api/auth/delete-account — ADMIN-ONLY account deletion.
+ *
+ * Only admins can delete accounts. This prevents:
+ *   - Hackers with stolen tokens from destroying user data
+ *   - Automated scripts mass-deleting accounts
+ *   - Accidental self-deletion
+ *
+ * Requires both userId AND confirmEmail to match (double verification).
+ * Uses CASCADE deletes via foreign keys — one operation wipes everything.
+ *
+ * For GDPR: users REQUEST deletion via support/admin panel.
+ * Admin reviews and executes. This is the industry standard for
+ * healthcare apps (MyChart, Epic, Cerner all require admin action).
+ */
+export async function POST(req: Request) {
+  // ADMIN ONLY — reject all non-admin requests
+  const admin = requireAdmin(req);
+  if (!admin) {
+    return NextResponse.json(
+      { error: 'Admin access required. Users must request account deletion through the admin.' },
+      { status: 403 },
+    );
+  }
+
+  try {
+    const body = await req.json();
+    const { userId, confirmEmail } = Schema.parse(body);
+
+    const db = getDb();
+
+    // Verify user exists and email matches (double check)
+    const user = db.prepare('SELECT id, email, is_admin FROM users WHERE id = ?').get(userId) as any;
+    if (!user) {
+      return NextResponse.json({ error: 'User not found' }, { status: 404 });
+    }
+
+    if (user.email.toLowerCase() !== confirmEmail.toLowerCase()) {
+      return NextResponse.json(
+        { error: 'Email confirmation does not match. Deletion aborted.' },
+        { status: 400 },
+      );
+    }
+
+    // Prevent deleting admin accounts (safety net)
+    if (user.is_admin) {
+      return NextResponse.json(
+        { error: 'Cannot delete admin accounts via this endpoint.' },
+        { status: 403 },
+      );
+    }
+
+    // CASCADE deletes handle: sessions, health_data, chat_history
+    db.prepare('DELETE FROM users WHERE id = ?').run(userId);
+
+    console.log(`[Account Deletion] Admin ${admin.email} deleted user ${user.email} (${userId})`);
+
+    return NextResponse.json({
+      success: true,
+      message: `Account ${user.email} and all associated data permanently deleted.`,
+      deletedBy: admin.email,
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid request. Provide userId and confirmEmail.' }, { status: 400 });
+    }
+    console.error('[Delete Account]', error?.message);
+    return NextResponse.json({ error: 'Failed to delete account' }, { status: 500 });
+  }
+}

app/api/auth/forgot-password/route.ts

@@ -0,0 +1,44 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb, genVerificationCode, resetExpiry } from '@/lib/db';
+import { sendPasswordResetEmail } from '@/lib/email';
+
+const Schema = z.object({
+  email: z.string().email(),
+});
+
+/**
+ * POST /api/auth/forgot-password — sends a reset code to the user's email.
+ *
+ * Always returns 200 even if the email doesn't exist (prevents email enumeration).
+ */
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { email } = Schema.parse(body);
+
+    const db = getDb();
+    const user = db.prepare('SELECT id, email FROM users WHERE email = ?').get(email.toLowerCase()) as any;
+
+    if (user) {
+      const code = genVerificationCode();
+      db.prepare(
+        `UPDATE users SET reset_token = ?, reset_expires = ?, updated_at = datetime('now')
+         WHERE id = ?`,
+      ).run(code, resetExpiry(), user.id);
+
+      await sendPasswordResetEmail(user.email, code);
+    }
+
+    // Always return success to prevent email enumeration.
+    return NextResponse.json({
+      message: 'If that email is registered, a reset code has been sent.',
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid email' }, { status: 400 });
+    }
+    console.error('[Auth ForgotPassword]', error?.message);
+    return NextResponse.json({ error: 'Request failed' }, { status: 500 });
+  }
+}

app/api/auth/login/route.ts

@@ -0,0 +1,62 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import bcrypt from 'bcryptjs';
+import { getDb, genToken, sessionExpiry, pruneExpiredSessions } from '@/lib/db';
+import { checkRateLimit, getClientIp } from '@/lib/rate-limit';
+
+const Schema = z.object({
+  email: z.string().email(),
+  password: z.string().min(1),
+});
+
+export async function POST(req: Request) {
+  // Rate limit: 10 login attempts per minute per IP
+  const ip = getClientIp(req);
+  const rl = checkRateLimit(`login:${ip}`, 10, 60_000);
+  if (!rl.allowed) {
+    return NextResponse.json(
+      { error: 'Too many login attempts. Please wait a moment.' },
+      { status: 429, headers: { 'Retry-After': String(Math.ceil(rl.retryAfterMs / 1000)) } },
+    );
+  }
+
+  try {
+    const body = await req.json();
+    const { email, password } = Schema.parse(body);
+
+    const db = getDb();
+    pruneExpiredSessions();
+
+    const user = db
+      .prepare('SELECT id, email, password, display_name, email_verified, is_admin FROM users WHERE email = ?')
+      .get(email.toLowerCase()) as any;
+
+    if (!user || !bcrypt.compareSync(password, user.password)) {
+      return NextResponse.json({ error: 'Invalid email or password' }, { status: 401 });
+    }
+
+    const token = genToken();
+    db.prepare('INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)').run(
+      token,
+      user.id,
+      sessionExpiry(),
+    );
+
+    return NextResponse.json({
+      user: {
+        id: user.id,
+        email: user.email,
+        displayName: user.display_name,
+        emailVerified: !!user.email_verified,
+        isAdmin: !!user.is_admin,
+      },
+      token,
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid input' }, { status: 400 });
+    }
+    console.error('[Auth Login]', error?.message);
+    return NextResponse.json({ error: 'Login failed' }, { status: 500 });
+  }
+}

app/api/auth/logout/route.ts

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server';
+import { getDb } from '@/lib/db';
+
+export async function POST(req: Request) {
+  const h = req.headers.get('authorization');
+  const token = h && h.startsWith('Bearer ') ? h.slice(7).trim() : null;
+
+  if (token) {
+    const db = getDb();
+    db.prepare('DELETE FROM sessions WHERE token = ?').run(token);
+  }
+
+  return NextResponse.json({ success: true });
+}

app/api/auth/me/route.ts

@@ -0,0 +1,32 @@
+import { NextResponse } from 'next/server';
+import { getDb, pruneExpiredSessions } from '@/lib/db';
+
+export async function GET(req: Request) {
+  const h = req.headers.get('authorization');
+  const token = h && h.startsWith('Bearer ') ? h.slice(7).trim() : null;
+  if (!token) return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+
+  const db = getDb();
+  pruneExpiredSessions();
+
+  const row = db
+    .prepare(
+      `SELECT u.id, u.email, u.display_name, u.email_verified, u.is_admin, u.created_at
+       FROM sessions s JOIN users u ON u.id = s.user_id
+       WHERE s.token = ? AND s.expires_at > datetime('now')`,
+    )
+    .get(token) as any;
+
+  if (!row) return NextResponse.json({ error: 'Session expired' }, { status: 401 });
+
+  return NextResponse.json({
+    user: {
+      id: row.id,
+      email: row.email,
+      displayName: row.display_name,
+      emailVerified: !!row.email_verified,
+      isAdmin: !!row.is_admin,
+      createdAt: row.created_at,
+    },
+  });
+}

app/api/auth/register/route.ts

@@ -0,0 +1,68 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import bcrypt from 'bcryptjs';
+import { getDb, genId, genToken, genVerificationCode, codeExpiry, sessionExpiry } from '@/lib/db';
+import { sendVerificationEmail } from '@/lib/email';
+import { checkRateLimit, getClientIp } from '@/lib/rate-limit';
+
+const Schema = z.object({
+  email: z.string().email().max(255),
+  password: z.string().min(6).max(128),
+  displayName: z.string().max(50).optional(),
+});
+
+export async function POST(req: Request) {
+  // Rate limit: 5 registrations per minute per IP
+  const ip = getClientIp(req);
+  const rl = checkRateLimit(`register:${ip}`, 5, 60_000);
+  if (!rl.allowed) {
+    return NextResponse.json(
+      { error: 'Too many registration attempts. Please wait.' },
+      { status: 429, headers: { 'Retry-After': String(Math.ceil(rl.retryAfterMs / 1000)) } },
+    );
+  }
+
+  try {
+    const body = await req.json();
+    const { email, password, displayName } = Schema.parse(body);
+
+    const db = getDb();
+
+    const existing = db.prepare('SELECT id FROM users WHERE email = ?').get(email);
+    if (existing) {
+      return NextResponse.json({ error: 'An account with this email already exists' }, { status: 409 });
+    }
+
+    const id = genId();
+    const hash = bcrypt.hashSync(password, 10);
+    const code = genVerificationCode();
+    const expires = codeExpiry();
+
+    db.prepare(
+      `INSERT INTO users (id, email, password, display_name, verification_code, verification_expires)
+       VALUES (?, ?, ?, ?, ?, ?)`,
+    ).run(id, email.toLowerCase(), hash, displayName || null, code, expires);
+
+    // Auto-login
+    const token = genToken();
+    db.prepare('INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)').run(token, id, sessionExpiry());
+
+    // Send verification email (best-effort, don't block registration)
+    sendVerificationEmail(email, code).catch(() => {});
+
+    return NextResponse.json(
+      {
+        user: { id, email: email.toLowerCase(), displayName, emailVerified: false },
+        token,
+        message: 'Account created. Check your email for a verification code.',
+      },
+      { status: 201 },
+    );
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid input', details: error.errors }, { status: 400 });
+    }
+    console.error('[Auth Register]', error?.message);
+    return NextResponse.json({ error: 'Registration failed' }, { status: 500 });
+  }
+}

app/api/auth/resend-verification/route.ts

@@ -0,0 +1,28 @@
+import { NextResponse } from 'next/server';
+import { getDb, genVerificationCode, codeExpiry } from '@/lib/db';
+import { authenticateRequest } from '@/lib/auth-middleware';
+import { sendVerificationEmail } from '@/lib/email';
+
+/**
+ * POST /api/auth/resend-verification — resend the 6-digit verification code.
+ */
+export async function POST(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+
+  const db = getDb();
+  const row = db.prepare('SELECT email, email_verified FROM users WHERE id = ?').get(user.id) as any;
+
+  if (!row) return NextResponse.json({ error: 'User not found' }, { status: 404 });
+  if (row.email_verified) return NextResponse.json({ message: 'Email already verified' });
+
+  const code = genVerificationCode();
+  db.prepare(
+    `UPDATE users SET verification_code = ?, verification_expires = ?, updated_at = datetime('now')
+     WHERE id = ?`,
+  ).run(code, codeExpiry(), user.id);
+
+  await sendVerificationEmail(row.email, code);
+
+  return NextResponse.json({ message: 'Verification code sent' });
+}

app/api/auth/reset-password/route.ts

@@ -0,0 +1,63 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import bcrypt from 'bcryptjs';
+import { getDb, genToken, sessionExpiry } from '@/lib/db';
+
+const Schema = z.object({
+  email: z.string().email(),
+  code: z.string().length(6),
+  newPassword: z.string().min(6).max(128),
+});
+
+/**
+ * POST /api/auth/reset-password — reset password with the 6-digit code.
+ * On success, auto-logs the user in and returns a session token.
+ */
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { email, code, newPassword } = Schema.parse(body);
+
+    const db = getDb();
+    const user = db
+      .prepare('SELECT id, reset_token, reset_expires FROM users WHERE email = ?')
+      .get(email.toLowerCase()) as any;
+
+    if (
+      !user ||
+      user.reset_token !== code ||
+      !user.reset_expires ||
+      new Date(user.reset_expires) < new Date()
+    ) {
+      return NextResponse.json({ error: 'Invalid or expired reset code' }, { status: 400 });
+    }
+
+    const hash = bcrypt.hashSync(newPassword, 10);
+    db.prepare(
+      `UPDATE users SET password = ?, reset_token = NULL, reset_expires = NULL, updated_at = datetime('now')
+       WHERE id = ?`,
+    ).run(hash, user.id);
+
+    // Invalidate all existing sessions for this user (security best practice).
+    db.prepare('DELETE FROM sessions WHERE user_id = ?').run(user.id);
+
+    // Auto-login with new session.
+    const token = genToken();
+    db.prepare('INSERT INTO sessions (token, user_id, expires_at) VALUES (?, ?, ?)').run(
+      token,
+      user.id,
+      sessionExpiry(),
+    );
+
+    return NextResponse.json({
+      message: 'Password reset successfully',
+      token,
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid input', details: error.errors }, { status: 400 });
+    }
+    console.error('[Auth ResetPassword]', error?.message);
+    return NextResponse.json({ error: 'Reset failed' }, { status: 500 });
+  }
+}

app/api/auth/verify-email/route.ts

@@ -0,0 +1,58 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb } from '@/lib/db';
+import { authenticateRequest } from '@/lib/auth-middleware';
+import { sendWelcomeEmail } from '@/lib/email';
+
+const Schema = z.object({
+  code: z.string().length(6),
+});
+
+/**
+ * POST /api/auth/verify-email — verify email with 6-digit code.
+ * Requires auth (the user must be logged in to verify their own email).
+ */
+export async function POST(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+
+  try {
+    const body = await req.json();
+    const { code } = Schema.parse(body);
+
+    const db = getDb();
+    const row = db
+      .prepare(
+        `SELECT verification_code, verification_expires, email, email_verified
+         FROM users WHERE id = ?`,
+      )
+      .get(user.id) as any;
+
+    if (!row) return NextResponse.json({ error: 'User not found' }, { status: 404 });
+    if (row.email_verified) return NextResponse.json({ message: 'Email already verified' });
+
+    if (
+      row.verification_code !== code ||
+      !row.verification_expires ||
+      new Date(row.verification_expires) < new Date()
+    ) {
+      return NextResponse.json({ error: 'Invalid or expired code' }, { status: 400 });
+    }
+
+    db.prepare(
+      `UPDATE users SET email_verified = 1, verification_code = NULL, verification_expires = NULL, updated_at = datetime('now')
+       WHERE id = ?`,
+    ).run(user.id);
+
+    // Send welcome email
+    sendWelcomeEmail(row.email).catch(() => {});
+
+    return NextResponse.json({ message: 'Email verified successfully', emailVerified: true });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json({ error: 'Invalid code format' }, { status: 400 });
+    }
+    console.error('[Auth Verify]', error?.message);
+    return NextResponse.json({ error: 'Verification failed' }, { status: 500 });
+  }
+}

app/api/chat-history/route.ts

@@ -0,0 +1,95 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb, genId } from '@/lib/db';
+import { authenticateRequest } from '@/lib/auth-middleware';
+
+/**
+ * GET  /api/chat-history           → list conversations (newest first, max 100)
+ * POST /api/chat-history           → save a conversation
+ * DELETE /api/chat-history?id=<id> → delete one conversation
+ */
+
+export async function GET(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  const db = getDb();
+  const rows = db
+    .prepare(
+      'SELECT id, preview, topic, created_at FROM chat_history WHERE user_id = ? ORDER BY created_at DESC LIMIT 100',
+    )
+    .all(user.id) as any[];
+
+  return NextResponse.json({
+    conversations: rows.map((r) => ({
+      id: r.id,
+      preview: r.preview,
+      topic: r.topic,
+      createdAt: r.created_at,
+    })),
+  });
+}
+
+const SaveSchema = z.object({
+  preview: z.string().max(200),
+  messages: z.array(
+    z.object({
+      role: z.enum(['user', 'assistant', 'system']),
+      content: z.string(),
+    }),
+  ),
+  topic: z.string().max(50).optional(),
+});
+
+export async function POST(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  try {
+    const body = await req.json();
+    const { preview, messages, topic } = SaveSchema.parse(body);
+
+    const db = getDb();
+    const id = genId();
+
+    db.prepare(
+      'INSERT INTO chat_history (id, user_id, preview, messages, topic) VALUES (?, ?, ?, ?, ?)',
+    ).run(id, user.id, preview, JSON.stringify(messages), topic || null);
+
+    return NextResponse.json({ id }, { status: 201 });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid input', details: error.errors },
+        { status: 400 },
+      );
+    }
+    console.error('[Chat History POST]', error?.message);
+    return NextResponse.json({ error: 'Save failed' }, { status: 500 });
+  }
+}
+
+export async function DELETE(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  const url = new URL(req.url);
+  const id = url.searchParams.get('id');
+  if (!id) {
+    return NextResponse.json({ error: 'Missing id' }, { status: 400 });
+  }
+
+  const db = getDb();
+  db.prepare('DELETE FROM chat_history WHERE id = ? AND user_id = ?').run(
+    id,
+    user.id,
+  );
+
+  return NextResponse.json({ success: true });
+}

app/api/chat/route.ts

@@ -0,0 +1,173 @@
+import { NextRequest } from 'next/server';
+import { z } from 'zod';
+import { streamWithFallback, type ChatMessage } from '@/lib/providers';
+import { triageMessage } from '@/lib/safety/triage';
+import { getEmergencyInfo } from '@/lib/safety/emergency-numbers';
+import { buildRAGContext } from '@/lib/rag/medical-kb';
+import { buildMedicalSystemPrompt } from '@/lib/medical-knowledge';
+
+const RequestSchema = z.object({
+  messages: z.array(
+    z.object({
+      role: z.enum(['system', 'user', 'assistant']),
+      content: z.string(),
+    })
+  ),
+  model: z.string().optional().default('qwen2.5:1.5b'),
+  language: z.string().optional().default('en'),
+  countryCode: z.string().optional().default('US'),
+});
+
+export async function POST(request: NextRequest) {
+  const routeStartedAt = Date.now();
+  try {
+    const body = await request.json();
+    const { messages, model, language, countryCode } = RequestSchema.parse(body);
+
+    // Single-line JSON payload so the HF Space logs API (SSE) can be grepped
+    // with a simple prefix match. Every stage below tags itself `[Chat]`.
+    console.log(
+      `[Chat] route.enter ${JSON.stringify({
+        turns: messages.length,
+        model,
+        language,
+        countryCode,
+        userAgent: request.headers.get('user-agent')?.slice(0, 80) || null,
+      })}`,
+    );
+
+    // Step 1: Emergency triage on the latest user message
+    const lastUserMessage = messages.filter((m) => m.role === 'user').pop();
+    if (lastUserMessage) {
+      const triage = triageMessage(lastUserMessage.content);
+      console.log(
+        `[Chat] route.triage ${JSON.stringify({
+          isEmergency: triage.isEmergency,
+          userChars: lastUserMessage.content.length,
+        })}`,
+      );
+
+      if (triage.isEmergency) {
+        const emergencyInfo = getEmergencyInfo(countryCode);
+        const emergencyResponse = [
+          `**EMERGENCY DETECTED**\n\n`,
+          `${triage.guidance}\n\n`,
+          `**Call emergency services NOW:**\n`,
+          `- Emergency: **${emergencyInfo.emergency}** (${emergencyInfo.country})\n`,
+          `- Ambulance: **${emergencyInfo.ambulance}**\n`,
+          emergencyInfo.crisisHotline
+            ? `- Crisis Hotline: **${emergencyInfo.crisisHotline}**\n`
+            : '',
+          `\nDo not delay. Every minute matters.`,
+        ].join('');
+
+        const encoder = new TextEncoder();
+        const stream = new ReadableStream({
+          start(controller) {
+            const data = JSON.stringify({
+              choices: [{ delta: { content: emergencyResponse } }],
+              provider: 'triage',
+              model: 'emergency-detection',
+              isEmergency: true,
+            });
+            controller.enqueue(encoder.encode(`data: ${data}\n\n`));
+            controller.enqueue(encoder.encode('data: [DONE]\n\n'));
+            controller.close();
+          },
+        });
+
+        return new Response(stream, {
+          headers: {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive',
+          },
+        });
+      }
+    }
+
+    // Step 2: Build RAG context from the medical knowledge base.
+    const ragStart = Date.now();
+    const ragContext = lastUserMessage
+      ? buildRAGContext(lastUserMessage.content)
+      : '';
+    console.log(
+      `[Chat] route.rag ${JSON.stringify({
+        chars: ragContext.length,
+        latencyMs: Date.now() - ragStart,
+      })}`,
+    );
+
+    // Step 3: Build a structured, locale-aware system prompt that grounds
+    // the model in WHO/CDC/NHS guidance and pins the response language,
+    // country, emergency number, and measurement system. This replaces
+    // the old inline "respond in X language" instruction.
+    const emergencyInfo = getEmergencyInfo(countryCode);
+    const systemPrompt = buildMedicalSystemPrompt({
+      country: countryCode,
+      language,
+      emergencyNumber: emergencyInfo.emergency,
+    });
+
+    // Step 4: Assemble the final message list: system prompt first, then
+    // the conversation history, with the last user turn augmented by the
+    // retrieved RAG context (kept inline so the model treats it as recent
+    // reference material rather than a background instruction).
+    const priorMessages = messages.slice(0, -1);
+    const finalUserContent = [
+      lastUserMessage?.content || '',
+      ragContext
+        ? `\n\n[Reference material retrieved from the medical knowledge base — use if relevant]\n${ragContext}`
+        : '',
+    ].join('');
+
+    const augmentedMessages: ChatMessage[] = [
+      { role: 'system' as const, content: systemPrompt },
+      ...priorMessages,
+      { role: 'user' as const, content: finalUserContent },
+    ];
+
+    // Step 4: Stream response via the provider fallback chain.
+    console.log(
+      `[Chat] route.provider.dispatch ${JSON.stringify({
+        systemPromptChars: systemPrompt.length,
+        totalMessages: augmentedMessages.length,
+        preparedInMs: Date.now() - routeStartedAt,
+      })}`,
+    );
+    const stream = await streamWithFallback(augmentedMessages, model);
+    console.log(
+      `[Chat] route.stream.opened ${JSON.stringify({
+        totalMs: Date.now() - routeStartedAt,
+      })}`,
+    );
+
+    return new Response(stream, {
+      headers: {
+        'Content-Type': 'text/event-stream',
+        'Cache-Control': 'no-cache',
+        Connection: 'keep-alive',
+      },
+    });
+  } catch (error) {
+    console.error(
+      `[Chat] route.error ${JSON.stringify({
+        totalMs: Date.now() - routeStartedAt,
+        name: (error as any)?.name,
+        message: String((error as any)?.message || error).slice(0, 200),
+      })}`,
+    );
+
+    if (error instanceof z.ZodError) {
+      return new Response(
+        JSON.stringify({ error: 'Invalid request', details: error.errors }),
+        { status: 400, headers: { 'Content-Type': 'application/json' } }
+      );
+    }
+
+    return new Response(
+      JSON.stringify({ error: 'Internal server error' }),
+      { status: 500, headers: { 'Content-Type': 'application/json' } }
+    );
+  }
+}

app/api/geo/route.ts

@@ -0,0 +1,142 @@
+import { NextResponse } from 'next/server';
+import { getEmergencyInfo } from '@/lib/safety/emergency-numbers';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+/**
+ * IP-based country + language + emergency number detection.
+ *
+ * Privacy posture:
+ *  - Platform geo headers are read first (zero external calls, zero PII).
+ *  - If nothing is present we fall back to ipapi.co (free, no key), but
+ *    ONLY for public IPs — RFC1918, loopback, and link-local are never
+ *    sent outbound.
+ *  - The client IP is never logged or returned.
+ */
+
+const GEO_HEADERS = [
+  'x-vercel-ip-country',
+  'cf-ipcountry',
+  'x-nf-country',
+  'cloudfront-viewer-country',
+  'x-appengine-country',
+  'fly-client-ip-country',
+  'x-forwarded-country',
+] as const;
+
+// Country → best-effort primary language out of the ones MedOS ships.
+// Kept local to this file so we don't bloat lib/i18n for a single use.
+const COUNTRY_TO_LANGUAGE: Record<string, string> = {
+  US: 'en', GB: 'en', CA: 'en', AU: 'en', NZ: 'en', IE: 'en', ZA: 'en',
+  NG: 'en', KE: 'en', GH: 'en', UG: 'en', SG: 'en', MY: 'en', IN: 'en',
+  PK: 'en', BD: 'en', LK: 'en', PH: 'en',
+  ES: 'es', MX: 'es', AR: 'es', CO: 'es', CL: 'es', PE: 'es', VE: 'es',
+  EC: 'es', GT: 'es', CU: 'es', BO: 'es', DO: 'es', HN: 'es', PY: 'es',
+  SV: 'es', NI: 'es', CR: 'es', PA: 'es', UY: 'es', PR: 'es',
+  BR: 'pt', PT: 'pt', AO: 'pt', MZ: 'pt',
+  FR: 'fr', BE: 'fr', LU: 'fr', MC: 'fr', SN: 'fr', CI: 'fr', CM: 'fr',
+  CD: 'fr', HT: 'fr', DZ: 'fr', TN: 'fr', MA: 'ar',
+  DE: 'de', AT: 'de', CH: 'de', LI: 'de',
+  IT: 'it', SM: 'it', VA: 'it',
+  NL: 'nl', SR: 'nl',
+  PL: 'pl',
+  RU: 'ru', BY: 'ru', KZ: 'ru', KG: 'ru',
+  TR: 'tr',
+  SA: 'ar', AE: 'ar', EG: 'ar', JO: 'ar', IQ: 'ar', SY: 'ar', LB: 'ar',
+  YE: 'ar', LY: 'ar', OM: 'ar', QA: 'ar', KW: 'ar', BH: 'ar', SD: 'ar',
+  PS: 'ar',
+  CN: 'zh', TW: 'zh', HK: 'zh',
+  JP: 'ja',
+  KR: 'ko',
+  TH: 'th',
+  VN: 'vi',
+  TZ: 'sw',
+};
+
+function pickHeaderCountry(req: Request): string | null {
+  for (const h of GEO_HEADERS) {
+    const v = req.headers.get(h);
+    if (v && v.length >= 2 && v.toUpperCase() !== 'XX') {
+      return v.toUpperCase().slice(0, 2);
+    }
+  }
+  return null;
+}
+
+function extractClientIp(req: Request): string | null {
+  const xff = req.headers.get('x-forwarded-for');
+  if (xff) {
+    const first = xff.split(',')[0]?.trim();
+    if (first) return first;
+  }
+  return req.headers.get('x-real-ip');
+}
+
+function isPrivateIp(ip: string): boolean {
+  if (!ip) return true;
+  if (ip === '::1' || ip === '127.0.0.1' || ip.startsWith('fe80:')) return true;
+  const m = ip.match(/^(\d+)\.(\d+)\.(\d+)\.(\d+)$/);
+  if (!m) return false;
+  const a = parseInt(m[1], 10);
+  const b = parseInt(m[2], 10);
+  if (a === 10) return true;
+  if (a === 127) return true;
+  if (a === 169 && b === 254) return true;
+  if (a === 172 && b >= 16 && b <= 31) return true;
+  if (a === 192 && b === 168) return true;
+  return false;
+}
+
+async function lookupIpapi(ip: string): Promise<string | null> {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 1500);
+    const res = await fetch(`https://ipapi.co/${encodeURIComponent(ip)}/country/`, {
+      signal: controller.signal,
+      headers: { 'User-Agent': 'MedOS-Geo/1.0' },
+    });
+    clearTimeout(timeout);
+    if (!res.ok) return null;
+    const text = (await res.text()).trim().toUpperCase();
+    if (/^[A-Z]{2}$/.test(text)) return text;
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+export async function GET(req: Request): Promise<Response> {
+  let country = pickHeaderCountry(req);
+  let source: 'header' | 'ipapi' | 'default' = country ? 'header' : 'default';
+
+  if (!country) {
+    const ip = extractClientIp(req);
+    if (ip && !isPrivateIp(ip)) {
+      const looked = await lookupIpapi(ip);
+      if (looked) {
+        country = looked;
+        source = 'ipapi';
+      }
+    }
+  }
+
+  const finalCountry = country || 'US';
+  const info = getEmergencyInfo(finalCountry);
+  const language = COUNTRY_TO_LANGUAGE[finalCountry] ?? 'en';
+
+  return NextResponse.json(
+    {
+      country: finalCountry,
+      language,
+      emergencyNumber: info.emergency,
+      source,
+    },
+    {
+      headers: {
+        'Cache-Control': 'private, max-age=3600',
+        'X-Robots-Tag': 'noindex',
+      },
+    },
+  );
+}

app/api/health-data/route.ts

@@ -0,0 +1,113 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb, genId } from '@/lib/db';
+import { authenticateRequest } from '@/lib/auth-middleware';
+
+/**
+ * GET  /api/health-data          → fetch all health data for the user
+ * GET  /api/health-data?type=vital → filter by type
+ * POST /api/health-data/sync     → bulk sync from client localStorage
+ */
+export async function GET(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  const db = getDb();
+  const url = new URL(req.url);
+  const type = url.searchParams.get('type');
+
+  const rows = type
+    ? db
+        .prepare('SELECT * FROM health_data WHERE user_id = ? AND type = ? ORDER BY updated_at DESC')
+        .all(user.id, type)
+    : db
+        .prepare('SELECT * FROM health_data WHERE user_id = ? ORDER BY updated_at DESC')
+        .all(user.id);
+
+  // Parse the JSON `data` field back into objects.
+  const items = (rows as any[]).map((r) => ({
+    id: r.id,
+    type: r.type,
+    data: JSON.parse(r.data),
+    createdAt: r.created_at,
+    updatedAt: r.updated_at,
+  }));
+
+  return NextResponse.json({ items });
+}
+
+/**
+ * POST /api/health-data — upsert a single health-data record.
+ */
+const UpsertSchema = z.object({
+  id: z.string().optional(),
+  type: z.enum([
+    'medication',
+    'medication_log',
+    'appointment',
+    'vital',
+    'record',
+    'conversation',
+  ]),
+  data: z.record(z.any()),
+});
+
+export async function POST(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  try {
+    const body = await req.json();
+    const { id, type, data } = UpsertSchema.parse(body);
+
+    const db = getDb();
+    const itemId = id || genId();
+    const json = JSON.stringify(data);
+
+    // Upsert: insert or replace. SQLite's ON CONFLICT handles this cleanly.
+    db.prepare(
+      `INSERT INTO health_data (id, user_id, type, data, updated_at)
+       VALUES (?, ?, ?, ?, datetime('now'))
+       ON CONFLICT(id) DO UPDATE SET data = excluded.data, updated_at = datetime('now')`,
+    ).run(itemId, user.id, type, json);
+
+    return NextResponse.json({ id: itemId, type }, { status: 201 });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid input', details: error.errors },
+        { status: 400 },
+      );
+    }
+    console.error('[Health Data POST]', error?.message);
+    return NextResponse.json({ error: 'Save failed' }, { status: 500 });
+  }
+}
+
+/**
+ * DELETE /api/health-data?id=<id> — delete one record.
+ */
+export async function DELETE(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  const url = new URL(req.url);
+  const id = url.searchParams.get('id');
+  if (!id) {
+    return NextResponse.json({ error: 'Missing id' }, { status: 400 });
+  }
+
+  const db = getDb();
+  db.prepare('DELETE FROM health_data WHERE id = ? AND user_id = ?').run(
+    id,
+    user.id,
+  );
+
+  return NextResponse.json({ success: true });
+}

app/api/health-data/sync/route.ts

@@ -0,0 +1,75 @@
+import { NextResponse } from 'next/server';
+import { z } from 'zod';
+import { getDb, genId } from '@/lib/db';
+import { authenticateRequest } from '@/lib/auth-middleware';
+
+/**
+ * POST /api/health-data/sync — bulk sync from client localStorage.
+ *
+ * The client sends its entire localStorage health dataset (medications,
+ * appointments, vitals, records, medication_logs, conversations). The
+ * server upserts each item. This runs on:
+ *   - First login (migrates existing guest data to the account)
+ *   - Periodic background sync while logged in
+ *
+ * Idempotent: calling it twice with the same data is safe.
+ */
+
+const ItemSchema = z.object({
+  id: z.string(),
+  type: z.enum([
+    'medication',
+    'medication_log',
+    'appointment',
+    'vital',
+    'record',
+    'conversation',
+  ]),
+  data: z.record(z.any()),
+});
+
+const SyncSchema = z.object({
+  items: z.array(ItemSchema).max(5000),
+});
+
+export async function POST(req: Request) {
+  const user = authenticateRequest(req);
+  if (!user) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+  }
+
+  try {
+    const body = await req.json();
+    const { items } = SyncSchema.parse(body);
+
+    const db = getDb();
+
+    const upsert = db.prepare(
+      `INSERT INTO health_data (id, user_id, type, data, updated_at)
+       VALUES (?, ?, ?, ?, datetime('now'))
+       ON CONFLICT(id) DO UPDATE SET data = excluded.data, updated_at = datetime('now')`,
+    );
+
+    // Run as a single transaction for speed (1000+ items in <50ms).
+    const tx = db.transaction(() => {
+      for (const item of items) {
+        upsert.run(item.id, user.id, item.type, JSON.stringify(item.data));
+      }
+    });
+    tx();
+
+    return NextResponse.json({
+      synced: items.length,
+      message: `${items.length} items synced`,
+    });
+  } catch (error: any) {
+    if (error instanceof z.ZodError) {
+      return NextResponse.json(
+        { error: 'Invalid input', details: error.errors },
+        { status: 400 },
+      );
+    }
+    console.error('[Health Data Sync]', error?.message);
+    return NextResponse.json({ error: 'Sync failed' }, { status: 500 });
+  }
+}

app/api/health/route.ts

@@ -0,0 +1,10 @@
+import { NextResponse } from 'next/server';
+
+export async function GET() {
+  return NextResponse.json({
+    status: 'healthy',
+    service: 'medos-global',
+    timestamp: new Date().toISOString(),
+    version: '1.0.0',
+  });
+}

app/api/models/route.ts

@@ -0,0 +1,14 @@
+import { NextResponse } from 'next/server';
+import { fetchAvailableModels } from '@/lib/providers/ollabridge-models';
+
+export async function GET() {
+  try {
+    const models = await fetchAvailableModels();
+    return NextResponse.json({ models });
+  } catch {
+    return NextResponse.json(
+      { models: [], error: 'Failed to fetch models' },
+      { status: 200 } // Return 200 with empty array — non-critical endpoint
+    );
+  }
+}

app/api/nearby/route.ts

@@ -0,0 +1,94 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * POST /api/nearby — Proxy to MetaEngine Nearby Finder.
+ * GET  /api/nearby — Health check.
+ *
+ * Calls the Gradio API endpoint (2-step: submit → fetch result).
+ * Handles sleeping Spaces, timeouts, and Overpass errors gracefully.
+ */
+
+const NEARBY_URL =
+  process.env.NEARBY_URL || 'https://ruslanmv-metaengine-nearby.hf.space';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { lat, lon, radius_m = 3000, entity_type = 'all', limit = 25 } = body;
+
+    // Step 1: Submit to Gradio API
+    const submitRes = await fetch(`${NEARBY_URL}/gradio_api/call/search_ui`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        data: [String(lat), String(lon), radius_m, entity_type, limit],
+      }),
+      signal: AbortSignal.timeout(30000),
+    });
+
+    if (!submitRes.ok) {
+      const ct = submitRes.headers.get('content-type') || '';
+      if (!ct.includes('json')) {
+        return NextResponse.json(
+          { error: 'Nearby finder is waking up. Please try again in a moment.', count: 0, results: [] },
+          { status: 503 },
+        );
+      }
+      return NextResponse.json({ error: 'Search submission failed', count: 0, results: [] }, { status: 502 });
+    }
+
+    const { event_id } = await submitRes.json();
+    if (!event_id) {
+      return NextResponse.json({ error: 'No event ID received', count: 0, results: [] }, { status: 502 });
+    }
+
+    // Step 2: Fetch result via SSE
+    const resultRes = await fetch(
+      `${NEARBY_URL}/gradio_api/call/search_ui/${event_id}`,
+      { signal: AbortSignal.timeout(30000) },
+    );
+
+    const text = await resultRes.text();
+
+    // Parse SSE data line: "data: [summary, table, json_string]"
+    const dataLine = text.split('\n').find((l: string) => l.startsWith('data: '));
+    if (!dataLine) {
+      return NextResponse.json({ error: 'Empty response from search', count: 0, results: [] });
+    }
+
+    const gradioData = JSON.parse(dataLine.slice(6));
+    // gradioData = [summary_text, table_array, json_string]
+    const jsonStr = gradioData?.[2];
+    if (!jsonStr) {
+      return NextResponse.json({ error: 'No results', count: 0, results: [] });
+    }
+
+    try {
+      const parsed = JSON.parse(jsonStr);
+      return NextResponse.json(parsed);
+    } catch {
+      // If the json_str is an error message, return it
+      return NextResponse.json({ error: jsonStr, count: 0, results: [] });
+    }
+  } catch (error: any) {
+    console.error('[Nearby Proxy]', error?.name, error?.message?.slice(0, 100));
+    const msg =
+      error?.name === 'TimeoutError' || error?.name === 'AbortError'
+        ? 'Search timed out. The service may be starting up — please try again.'
+        : 'Nearby finder unavailable. Please try again.';
+    return NextResponse.json({ error: msg, count: 0, results: [] }, { status: 502 });
+  }
+}
+
+export async function GET() {
+  try {
+    const res = await fetch(NEARBY_URL, { signal: AbortSignal.timeout(8000) });
+    if (res.ok) return NextResponse.json({ status: 'ok' });
+    return NextResponse.json({ status: 'waking' }, { status: 503 });
+  } catch {
+    return NextResponse.json({ status: 'sleeping' }, { status: 503 });
+  }
+}

app/api/og/route.tsx

@@ -0,0 +1,207 @@
+import { ImageResponse } from 'next/og';
+
+export const runtime = 'edge';
+
+/**
+ * Dynamic Open Graph image endpoint.
+ *
+ * Every share on Twitter / WhatsApp / LinkedIn / Telegram / iMessage
+ * renders a branded 1200x630 card. The query becomes the card title so
+ * a link like `https://ruslanmv-medibot.hf.space/?q=chest+pain` previews
+ * as a premium, unique image instead of the default favicon blob.
+ *
+ * Usage from the client: `/api/og?q=<question>&lang=<code>`
+ * The endpoint also handles missing parameters gracefully (returns a
+ * default brand card).
+ */
+export async function GET(req: Request): Promise<Response> {
+  try {
+    const { searchParams } = new URL(req.url);
+    const rawQuery = (searchParams.get('q') || '').trim();
+    const lang = (searchParams.get('lang') || 'en').slice(0, 5);
+
+    // Hard-limit title length so long queries don't overflow.
+    const title =
+      rawQuery.length > 120 ? rawQuery.slice(0, 117) + '…' : rawQuery;
+
+    const subtitle = title
+      ? 'Ask MedOS — free, private, in your language'
+      : 'Free AI medical assistant — 20 languages, no sign-up';
+
+    const headline = title || 'Tell me what\'s bothering you.';
+
+    return new ImageResponse(
+      (
+        <div
+          style={{
+            width: '100%',
+            height: '100%',
+            display: 'flex',
+            flexDirection: 'column',
+            padding: '72px',
+            background:
+              'radial-gradient(1200px 800px at 10% -10%, rgba(59,130,246,0.35), transparent 60%),' +
+              'radial-gradient(1000px 600px at 110% 10%, rgba(20,184,166,0.30), transparent 60%),' +
+              'linear-gradient(180deg, #0B1220 0%, #0E1627 100%)',
+            color: '#F8FAFC',
+            fontFamily: 'sans-serif',
+            position: 'relative',
+          }}
+        >
+          {/* Top bar: brand mark + language chip */}
+          <div
+            style={{
+              display: 'flex',
+              alignItems: 'center',
+              justifyContent: 'space-between',
+              marginBottom: '48px',
+            }}
+          >
+            <div style={{ display: 'flex', alignItems: 'center', gap: '18px' }}>
+              <div
+                style={{
+                  width: '72px',
+                  height: '72px',
+                  borderRadius: '22px',
+                  background: 'linear-gradient(135deg, #3B82F6 0%, #14B8A6 100%)',
+                  display: 'flex',
+                  alignItems: 'center',
+                  justifyContent: 'center',
+                  fontSize: '44px',
+                  boxShadow: '0 20px 60px -10px rgba(59,130,246,0.65)',
+                }}
+              >
+                ♥
+              </div>
+              <div style={{ display: 'flex', flexDirection: 'column' }}>
+                <div
+                  style={{
+                    fontSize: '40px',
+                    fontWeight: 800,
+                    letterSpacing: '-0.02em',
+                    lineHeight: 1,
+                  }}
+                >
+                  MedOS
+                </div>
+                <div
+                  style={{
+                    fontSize: '16px',
+                    color: '#14B8A6',
+                    fontWeight: 700,
+                    textTransform: 'uppercase',
+                    letterSpacing: '0.18em',
+                    marginTop: '6px',
+                  }}
+                >
+                  Worldwide medical AI
+                </div>
+              </div>
+            </div>
+
+            <div
+              style={{
+                display: 'flex',
+                alignItems: 'center',
+                gap: '10px',
+                padding: '10px 18px',
+                borderRadius: '9999px',
+                background: 'rgba(255,255,255,0.08)',
+                border: '1px solid rgba(255,255,255,0.18)',
+                fontSize: '18px',
+                color: '#CBD5E1',
+                fontWeight: 600,
+              }}
+            >
+              <span
+                style={{
+                  width: '8px',
+                  height: '8px',
+                  borderRadius: '9999px',
+                  background: '#22C55E',
+                }}
+              />
+              {lang.toUpperCase()} · FREE · NO SIGN-UP
+            </div>
+          </div>
+
+          {/* Main content */}
+          <div
+            style={{
+              display: 'flex',
+              flexDirection: 'column',
+              flex: 1,
+              justifyContent: 'center',
+            }}
+          >
+            {title && (
+              <div
+                style={{
+                  fontSize: '22px',
+                  fontWeight: 700,
+                  color: '#14B8A6',
+                  textTransform: 'uppercase',
+                  letterSpacing: '0.18em',
+                  marginBottom: '22px',
+                }}
+              >
+                Ask MedOS
+              </div>
+            )}
+            <div
+              style={{
+                fontSize: title ? '68px' : '84px',
+                fontWeight: 800,
+                lineHeight: 1.1,
+                letterSpacing: '-0.025em',
+                color: '#F8FAFC',
+                maxWidth: '1000px',
+              }}
+            >
+              {title ? `"${headline}"` : headline}
+            </div>
+            <div
+              style={{
+                fontSize: '26px',
+                color: '#94A3B8',
+                marginTop: '28px',
+                fontWeight: 500,
+              }}
+            >
+              {subtitle}
+            </div>
+          </div>
+
+          {/* Footer: trust strip */}
+          <div
+            style={{
+              display: 'flex',
+              alignItems: 'center',
+              gap: '28px',
+              fontSize: '18px',
+              color: '#94A3B8',
+              fontWeight: 600,
+              borderTop: '1px solid rgba(255,255,255,0.1)',
+              paddingTop: '28px',
+            }}
+          >
+            <span style={{ color: '#14B8A6', fontWeight: 700 }}>
+              ✓ Aligned with WHO · CDC · NHS
+            </span>
+            <span>·</span>
+            <span>Private &amp; anonymous</span>
+            <span>·</span>
+            <span>24/7</span>
+          </div>
+        </div>
+      ),
+      {
+        width: 1200,
+        height: 630,
+      },
+    );
+  } catch {
+    // Never 500 an OG endpoint — social crawlers will blacklist the domain.
+    return new Response('OG image generation failed', { status: 500 });
+  }
+}

app/api/rag/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { searchMedicalKB } from '@/lib/rag/medical-kb';
+
+export async function POST(request: NextRequest) {
+  try {
+    const { query, topN = 3 } = await request.json();
+
+    if (!query || typeof query !== 'string') {
+      return NextResponse.json(
+        { error: 'Query is required' },
+        { status: 400 }
+      );
+    }
+
+    const results = searchMedicalKB(query, topN);
+
+    return NextResponse.json({
+      results: results.map((r) => ({
+        topic: r.topic,
+        context: r.context,
+      })),
+      count: results.length,
+    });
+  } catch {
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    );
+  }
+}

app/api/scan/route.ts

@@ -0,0 +1,80 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * POST /api/scan — Server-side proxy to the Medicine Scanner Space.
+ *
+ * Why proxy instead of calling from the browser:
+ *   - HF_TOKEN_INFERENCE stays server-side (never in the JS bundle)
+ *   - Same-origin request from the browser (no CORS preflight)
+ *   - Backend injects the token and forwards to the Scanner Space
+ *   - If the Scanner Space is sleeping, this request wakes it
+ *
+ * The Scanner Space receives:
+ *   - The image as multipart/form-data (passthrough)
+ *   - Authorization: Bearer header with the inference token
+ *   - Returns structured JSON with medicine data
+ */
+
+const SCANNER_URL =
+  process.env.SCANNER_URL || 'https://ruslanmv-medicine-scanner.hf.space';
+const INFERENCE_TOKEN = process.env.HF_TOKEN_INFERENCE || '';
+
+export const runtime = 'nodejs';
+export const dynamic = 'force-dynamic';
+
+export async function POST(req: Request) {
+  try {
+    // Read the incoming form data (image file from the frontend)
+    const formData = await req.formData();
+
+    // Build outbound headers — inject the inference token server-side
+    const headers: Record<string, string> = {};
+    if (INFERENCE_TOKEN) {
+      headers['Authorization'] = `Bearer ${INFERENCE_TOKEN}`;
+    }
+
+    // Forward to the Medicine Scanner Space
+    const response = await fetch(`${SCANNER_URL}/api/scan`, {
+      method: 'POST',
+      headers,
+      body: formData,
+    });
+
+    const data = await response.json();
+    return NextResponse.json(data, { status: response.status });
+  } catch (error: any) {
+    console.error('[Scan Proxy]', error?.message);
+    return NextResponse.json(
+      {
+        success: false,
+        error: 'Medicine scanner unavailable. Please try again.',
+        medicine: null,
+      },
+      { status: 502 },
+    );
+  }
+}
+
+/**
+ * GET /api/scan/health — Check if the Scanner Space is awake.
+ * Used by the frontend to show "waking up" status.
+ */
+export async function GET() {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 5000);
+
+    const res = await fetch(`${SCANNER_URL}/api/health`, {
+      signal: controller.signal,
+    });
+    clearTimeout(timeout);
+
+    if (res.ok) {
+      const data = await res.json();
+      return NextResponse.json(data);
+    }
+    return NextResponse.json({ status: 'unavailable' }, { status: 503 });
+  } catch {
+    return NextResponse.json({ status: 'sleeping' }, { status: 503 });
+  }
+}

app/api/sessions/route.ts

@@ -0,0 +1,70 @@
+import { NextResponse } from 'next/server';
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'fs';
+import { join } from 'path';
+
+/**
+ * Server-side session counter.
+ * Stores count in /tmp/medos-data/sessions.json (persists across requests, resets on container restart).
+ * On HF Spaces with persistent storage, use /data/ instead of /tmp/.
+ *
+ * GET  /api/sessions → returns { count: number }
+ * POST /api/sessions → increments and returns { count: number }
+ */
+
+const DATA_DIR = process.env.PERSISTENT_DIR || '/tmp/medos-data';
+const COUNTER_FILE = join(DATA_DIR, 'sessions.json');
+const BASE_COUNT = 423000; // Historical base from before server-side tracking
+
+interface CounterData {
+  count: number;
+  lastUpdated: string;
+}
+
+function ensureDir(): void {
+  if (!existsSync(DATA_DIR)) {
+    mkdirSync(DATA_DIR, { recursive: true });
+  }
+}
+
+function readCounter(): number {
+  ensureDir();
+  try {
+    if (existsSync(COUNTER_FILE)) {
+      const data: CounterData = JSON.parse(readFileSync(COUNTER_FILE, 'utf8'));
+      return data.count;
+    }
+  } catch {
+    // corrupted file, reset
+  }
+  return 0;
+}
+
+function incrementCounter(): number {
+  ensureDir();
+  const current = readCounter();
+  const next = current + 1;
+  const data: CounterData = {
+    count: next,
+    lastUpdated: new Date().toISOString(),
+  };
+  writeFileSync(COUNTER_FILE, JSON.stringify(data), 'utf8');
+  return next;
+}
+
+export async function GET() {
+  const sessionCount = readCounter();
+  return NextResponse.json({
+    count: BASE_COUNT + sessionCount,
+    sessions: sessionCount,
+    base: BASE_COUNT,
+  });
+}
+
+export async function POST() {
+  const sessionCount = incrementCounter();
+  return NextResponse.json({
+    count: BASE_COUNT + sessionCount,
+    sessions: sessionCount,
+    base: BASE_COUNT,
+  });
+}

app/api/triage/route.ts

@@ -0,0 +1,29 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { triageMessage } from '@/lib/safety/triage';
+import { getEmergencyInfo } from '@/lib/safety/emergency-numbers';
+
+export async function POST(request: NextRequest) {
+  try {
+    const { message, countryCode = 'US' } = await request.json();
+
+    if (!message || typeof message !== 'string') {
+      return NextResponse.json(
+        { error: 'Message is required' },
+        { status: 400 }
+      );
+    }
+
+    const triage = triageMessage(message);
+    const emergencyInfo = getEmergencyInfo(countryCode);
+
+    return NextResponse.json({
+      ...triage,
+      emergencyInfo: triage.isEmergency ? emergencyInfo : null,
+    });
+  } catch {
+    return NextResponse.json(
+      { error: 'Internal server error' },
+      { status: 500 }
+    );
+  }
+}

app/globals.css

@@ -0,0 +1,378 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+/* ============================================================
+ * MedOS design tokens — light + dark
+ * ============================================================ */
+:root {
+  /* Surfaces (light mode — soft white, never pure #FFFFFF) */
+  --surface-0: 247 249 251; /* app backdrop  #F7F9FB */
+  --surface-1: 255 255 255; /* cards          */
+  --surface-2: 241 245 249; /* elevated panels #F1F5F9 */
+  --surface-3: 226 232 240; /* borders / rails */
+
+  --ink-base:    15  23  42; /* slate-900     */
+  --ink-muted:   71  85 105; /* slate-600     */
+  --ink-subtle: 148 163 184; /* slate-400     */
+  --ink-inverse: 255 255 255;
+
+  --line: 226 232 240; /* slate-200 */
+
+  color-scheme: light;
+}
+
+.dark {
+  /* Dark mode — warm deep navy, NOT pure black */
+  --surface-0:  11  18  32; /* #0B1220 */
+  --surface-1:  18  27  45; /* #121B2D elevated card */
+  --surface-2:  24  34  54; /* #182236 panel  */
+  --surface-3:  34  46  71; /* #222E47 border */
+
+  --ink-base:   241 245 249; /* slate-100 */
+  --ink-muted:  148 163 184; /* slate-400 */
+  --ink-subtle: 100 116 139; /* slate-500 */
+  --ink-inverse: 15  23  42;
+
+  --line: 34 46 71;
+
+  color-scheme: dark;
+}
+
+@layer base {
+  html,
+  body {
+    @apply h-full w-full;
+    /* iOS Safari 100vh fix: dvh accounts for the collapsible address bar.
+       Falls back to 100vh for browsers that don't support dvh. */
+    height: 100vh;
+    height: 100dvh;
+  }
+
+  html {
+    font-family: var(--font-sans), Inter,
+      /* CJK fallbacks (Chinese, Japanese, Korean) */
+      "Noto Sans CJK SC", "PingFang SC", "Hiragino Sans", "MS Gothic",
+      "Malgun Gothic", "Apple SD Gothic Neo",
+      /* Arabic */
+      "Noto Sans Arabic", "Geeza Pro", "Tahoma",
+      /* Devanagari (Hindi) */
+      "Noto Sans Devanagari",
+      /* Thai */
+      "Noto Sans Thai",
+      /* System fallbacks */
+      ui-sans-serif, system-ui, -apple-system,
+      "Segoe UI", Roboto, sans-serif;
+    font-feature-settings: "cv02", "cv03", "cv04", "cv11", "ss01";
+    -webkit-font-smoothing: antialiased;
+    -moz-osx-font-smoothing: grayscale;
+    text-rendering: optimizeLegibility;
+  }
+
+  body {
+    @apply text-ink-base antialiased;
+    background: theme("backgroundImage.light-app");
+    background-attachment: fixed;
+    line-height: 1.6;
+    letter-spacing: -0.005em;
+  }
+
+  .dark body {
+    background: theme("backgroundImage.dark-app");
+    background-attachment: fixed;
+  }
+
+  /* Slightly larger, more readable body copy — medical trust */
+  p { line-height: 1.65; }
+
+  /* Focus rings that are visible in both modes */
+  :focus-visible {
+    outline: 2px solid rgb(var(--color-brand, 59 130 246));
+    outline-offset: 2px;
+    border-radius: 8px;
+  }
+}
+
+@layer components {
+  .glass-card {
+    @apply bg-surface-1/80 backdrop-blur-xl border border-line/60 shadow-soft;
+  }
+  .glass-strong {
+    @apply bg-surface-1/95 backdrop-blur-2xl border border-line/70 shadow-card;
+  }
+  /* Section headings inside an AI answer (Summary / Self-care …) */
+  .answer-section {
+    @apply relative pl-4 mt-4 first:mt-0;
+  }
+  .answer-section::before {
+    content: "";
+    @apply absolute left-0 top-1 bottom-1 w-1 rounded-full bg-brand-500/60;
+  }
+}
+
+@layer utilities {
+  .animate-in { animation: fadeIn 0.5s ease-in-out; }
+  .slide-in-from-bottom-4 { animation: slideInFromBottom 0.5s ease-in-out; }
+  .delay-100 { animation-delay: 100ms; }
+  .delay-200 { animation-delay: 200ms; }
+
+  /* Shimmer utility for the "Analyzing…" typing state */
+  .shimmer-text {
+    background: linear-gradient(
+      90deg,
+      rgb(var(--ink-muted) / 0.5) 0%,
+      rgb(var(--ink-base)) 50%,
+      rgb(var(--ink-muted) / 0.5) 100%
+    );
+    background-size: 200% 100%;
+    -webkit-background-clip: text;
+    background-clip: text;
+    color: transparent;
+    animation: shimmer 2.2s linear infinite;
+  }
+
+  @keyframes fadeIn {
+    from { opacity: 0; }
+    to   { opacity: 1; }
+  }
+  @keyframes slideInFromBottom {
+    from { opacity: 0; transform: translateY(1rem); }
+    to   { opacity: 1; transform: translateY(0); }
+  }
+
+  /* Medicine scanner viewfinder — pulsing green border */
+  @keyframes scannerPulse {
+    0%, 100% { border-color: rgba(34, 197, 94, 0.5); box-shadow: 0 0 0 0 rgba(34, 197, 94, 0); }
+    50%      { border-color: rgba(34, 197, 94, 1);   box-shadow: 0 0 20px 4px rgba(34, 197, 94, 0.15); }
+  }
+  @keyframes scanLine {
+    0%   { top: 8%; }
+    50%  { top: 88%; }
+    100% { top: 8%; }
+  }
+  @keyframes scanSuccess {
+    0%   { transform: scale(1); border-color: rgba(34, 197, 94, 0.6); }
+    50%  { transform: scale(1.02); border-color: rgba(34, 197, 94, 1); }
+    100% { transform: scale(1); border-color: rgba(34, 197, 94, 0.6); }
+  }
+  @keyframes scanProgress {
+    0%   { width: 0%; }
+    100% { width: 100%; }
+  }
+  .animate-scanner-pulse  { animation: scannerPulse 2s ease-in-out infinite; }
+  .animate-scan-line      { animation: scanLine 2.5s ease-in-out infinite; }
+  .animate-scan-success   { animation: scanSuccess 0.6s ease-out; }
+  .animate-scan-progress  { animation: scanProgress 3s ease-out forwards; }
+}
+
+/* ------------------------------------------------------------
+ * Dark-mode compatibility layer for legacy screens that still
+ * reference slate/white utility classes directly. Remaps them to
+ * the design-token surfaces so Settings/Records/Schedule/Topics/
+ * Emergency look right in dark mode without a full rewrite.
+ * New components should prefer the `bg-surface-*` and `text-ink-*`
+ * tokens directly and won't be affected by these rules.
+ * ------------------------------------------------------------ */
+.dark .bg-white         { background-color: rgb(var(--surface-1)) !important; }
+.dark .bg-slate-50      { background-color: rgb(var(--surface-2)) !important; }
+.dark .bg-slate-100     { background-color: rgb(var(--surface-2)) !important; }
+.dark .bg-\[\#F8FAFC\]  { background-color: rgb(var(--surface-0)) !important; }
+.dark .bg-\[\#F7F9FB\]  { background-color: rgb(var(--surface-0)) !important; }
+
+.dark .text-slate-900   { color: rgb(var(--ink-base)) !important; }
+.dark .text-slate-800   { color: rgb(var(--ink-base)) !important; }
+.dark .text-slate-700   { color: rgb(var(--ink-base) / 0.92) !important; }
+.dark .text-slate-600   { color: rgb(var(--ink-muted)) !important; }
+.dark .text-slate-500   { color: rgb(var(--ink-muted)) !important; }
+.dark .text-slate-400   { color: rgb(var(--ink-subtle)) !important; }
+.dark .text-slate-300   { color: rgb(var(--ink-subtle) / 0.85) !important; }
+
+.dark .border-slate-50  { border-color: rgb(var(--line) / 0.55) !important; }
+.dark .border-slate-100 { border-color: rgb(var(--line) / 0.7) !important; }
+.dark .border-slate-200 { border-color: rgb(var(--line) / 0.9) !important; }
+
+.dark .placeholder-slate-400::placeholder { color: rgb(var(--ink-subtle)); }
+
+/* Soft tinted surfaces used on a handful of views (blue-50, rose-50,
+ * amber-50, etc.) — in dark mode dim them into brand/accent tints. */
+.dark .bg-blue-50       { background-color: rgba(59,130,246,0.10) !important; }
+.dark .bg-blue-100      { background-color: rgba(59,130,246,0.18) !important; }
+.dark .bg-indigo-50     { background-color: rgba(99,102,241,0.10) !important; }
+.dark .bg-rose-50       { background-color: rgba(244,63,94,0.10) !important; }
+.dark .bg-red-50        { background-color: rgba(239,68,68,0.10) !important; }
+.dark .bg-amber-50      { background-color: rgba(245,158,11,0.10) !important; }
+.dark .bg-emerald-50    { background-color: rgba(16,185,129,0.10) !important; }
+.dark .bg-purple-50     { background-color: rgba(168,85,247,0.10) !important; }
+
+.dark .border-blue-100  { border-color: rgba(59,130,246,0.28) !important; }
+.dark .border-blue-200  { border-color: rgba(59,130,246,0.38) !important; }
+.dark .border-red-200   { border-color: rgba(239,68,68,0.38) !important; }
+.dark .border-amber-200 { border-color: rgba(245,158,11,0.38) !important; }
+
+/* Scrollbars — subtle in both modes */
+::-webkit-scrollbar        { width: 10px; height: 10px; }
+::-webkit-scrollbar-track  { background: transparent; }
+::-webkit-scrollbar-thumb  {
+  background: rgb(var(--ink-subtle) / 0.35);
+  border-radius: 9999px;
+  border: 2px solid transparent;
+  background-clip: padding-box;
+}
+::-webkit-scrollbar-thumb:hover {
+  background: rgb(var(--ink-subtle) / 0.55);
+  background-clip: padding-box;
+}
+
+::selection {
+  background: rgba(59, 130, 246, 0.22);
+  color: inherit;
+}
+
+/* Safe area utilities for notched phones (iPhone X+, Android gesture nav) */
+.safe-area-bottom { padding-bottom: env(safe-area-inset-bottom, 0px); }
+.pb-safe-area { padding-bottom: env(safe-area-inset-bottom, 0px); }
+.safe-area-top { padding-top: env(safe-area-inset-top, 0px); }
+.px-safe-area {
+  padding-left: env(safe-area-inset-left, 0px);
+  padding-right: env(safe-area-inset-right, 0px);
+}
+
+/* ============================================================
+ * RTL (Right-to-Left) support for Arabic (ar) and Urdu (ur)
+ * Set via document.documentElement.dir = "rtl" in MedOSApp.tsx
+ * ============================================================ */
+[dir="rtl"] {
+  /* Base direction */
+  direction: rtl;
+  text-align: right;
+}
+
+/* Flex containers reverse in RTL */
+[dir="rtl"] .flex { direction: rtl; }
+
+/* Fix drawer slide direction (left → right for RTL) */
+[dir="rtl"] aside { left: auto; right: 0; }
+[dir="rtl"] .-translate-x-full { transform: translateX(100%); }
+[dir="rtl"] .translate-x-0 { transform: translateX(0); }
+
+/* Flip margins and paddings for common patterns */
+[dir="rtl"] .ml-auto { margin-left: 0; margin-right: auto; }
+[dir="rtl"] .mr-auto { margin-right: 0; margin-left: auto; }
+[dir="rtl"] .text-left { text-align: right; }
+[dir="rtl"] .text-right { text-align: left; }
+
+/* Fix icon + text alignment in nav items */
+[dir="rtl"] .gap-2 { gap: 0.5rem; }
+[dir="rtl"] .gap-3 { gap: 0.75rem; }
+
+/* Scrollbar on left side for RTL */
+[dir="rtl"] ::-webkit-scrollbar { direction: rtl; }
+
+/* Fix rounded corners (swap left/right) */
+[dir="rtl"] .rounded-tl-sm { border-top-left-radius: 0; border-top-right-radius: 0.125rem; }
+[dir="rtl"] .rounded-tr-sm { border-top-right-radius: 0; border-top-left-radius: 0.125rem; }
+
+/* Large tap targets */
+@media (pointer: coarse) {
+  button, a, select, input, textarea { min-height: 44px; }
+}
+
+/* ============================================================
+ * Mobile-first utilities
+ * ============================================================ */
+
+/* Dynamic viewport height — works on iOS Safari, Android Chrome,
+   and every modern browser. Falls back to 100vh. */
+.h-screen-safe {
+  height: 100vh;
+  height: 100dvh;
+}
+
+/* Sticky input bar that stays above the mobile keyboard.
+   Uses env(keyboard-inset-height) on supporting browsers and
+   falls back to standard sticky positioning elsewhere. */
+.sticky-bottom-keyboard {
+  position: sticky;
+  bottom: 0;
+  bottom: env(keyboard-inset-height, 0px);
+}
+
+/* Prevent iOS input zoom — any input below 16px triggers a zoom.
+   We force 16px minimum on touch devices and compensate with
+   transforms where we need visually-smaller text. */
+@media (pointer: coarse) {
+  input, textarea, select {
+    font-size: 16px !important;
+  }
+}
+
+/* CJK word-break — prevents overflow for Chinese/Japanese/Korean text */
+:lang(zh), :lang(ja), :lang(ko) {
+  word-break: break-all;
+  overflow-wrap: break-word;
+}
+
+/* iOS momentum scrolling */
+.scroll-touch {
+  -webkit-overflow-scrolling: touch;
+}
+
+/* Bottom padding spacer for content that sits above a fixed bottom nav.
+   The 5.5rem accounts for the nav height + safe-area-inset-bottom. */
+.pb-mobile-nav {
+  padding-bottom: 5.5rem;
+}
+@media (min-width: 768px) {
+  .pb-mobile-nav {
+    padding-bottom: 0;
+  }
+}
+
+/* Respect reduced-motion preferences everywhere */
+@media (prefers-reduced-motion: reduce) {
+  *,
+  *::before,
+  *::after {
+    animation-duration: 0.01ms !important;
+    animation-iteration-count: 1 !important;
+    transition-duration: 0.01ms !important;
+  }
+}
+
+/* ============================================================
+ * Print styles — professional PDF export via window.print()
+ * Hides navigation, maximizes content, clean typography
+ * ============================================================ */
+@media print {
+  /* Hide navigation, headers, footers */
+  aside, nav, header, footer,
+  .safe-area-bottom, .pb-mobile-nav,
+  button, [role="navigation"],
+  .md\:hidden, .lg\:flex { display: none !important; }
+
+  /* Full width, no sidebar */
+  body { background: white !important; color: black !important; font-size: 12pt; }
+  .flex-1 { width: 100% !important; max-width: 100% !important; }
+  .overflow-hidden { overflow: visible !important; }
+  .overflow-y-auto { overflow: visible !important; }
+
+  /* Clean card borders for print */
+  .bg-surface-1, .bg-surface-0 { background: white !important; }
+  .border { border-color: #ddd !important; }
+  .shadow-soft, .shadow-card, .shadow-glow { box-shadow: none !important; }
+  .rounded-2xl { border-radius: 8px !important; }
+
+  /* Keep colors readable */
+  .text-ink-base { color: #111 !important; }
+  .text-ink-muted { color: #555 !important; }
+  .text-brand-500, .text-brand-600 { color: #2563eb !important; }
+  .text-danger-500 { color: #dc2626 !important; }
+  .text-success-500 { color: #16a34a !important; }
+
+  /* Page breaks */
+  .stat-card, .rounded-2xl { break-inside: avoid; }
+  h2, h3 { break-after: avoid; }
+
+  /* Print header */
+  @page { margin: 1.5cm; size: A4; }
+}

app/layout.tsx

@@ -0,0 +1,78 @@
+import type { Metadata, Viewport } from "next";
+import { Inter } from "next/font/google";
+import "./globals.css";
+
+const inter = Inter({
+  subsets: ["latin"],
+  display: "swap",
+  variable: "--font-sans",
+});
+
+export const metadata: Metadata = {
+  title: "MedOS — your worldwide medical assistant",
+  description:
+    "Tell MedOS what's bothering you. Instant, private, multilingual health guidance aligned with WHO, CDC, and NHS.",
+  keywords: ["medical AI", "healthcare", "chatbot", "telemedicine", "WHO", "CDC"],
+  authors: [{ name: "MedOS Team" }],
+  manifest: "/manifest.webmanifest",
+  icons: {
+    icon: [{ url: "/favicon.svg", type: "image/svg+xml" }],
+    shortcut: "/favicon.svg",
+  },
+  openGraph: {
+    title: "MedOS — your worldwide medical assistant",
+    description:
+      "Private, multilingual health guidance aligned with WHO, CDC, and NHS — available 24/7.",
+    type: "website",
+  },
+  robots: { index: true, follow: true },
+  appleWebApp: {
+    capable: true,
+    title: "MedOS",
+  },
+  other: {
+    "mobile-web-app-capable": "yes",
+  },
+};
+
+export const viewport: Viewport = {
+  width: "device-width",
+  initialScale: 1,
+  maximumScale: 5,
+  userScalable: true,
+  viewportFit: "cover",
+  themeColor: [
+    { media: "(prefers-color-scheme: light)", color: "#F7F9FB" },
+    { media: "(prefers-color-scheme: dark)", color: "#0B1220" },
+  ],
+};
+
+/**
+ * Inline pre-hydration script: reads the stored theme before first paint.
+ */
+const themeBootstrap = `
+(function() {
+  try {
+    var stored = localStorage.getItem('medos_theme');
+    var prefersDark = window.matchMedia('(prefers-color-scheme: dark)').matches;
+    var isDark = stored === 'dark' || (stored === 'system' && prefersDark);
+    if (isDark) document.documentElement.classList.add('dark');
+    document.documentElement.style.colorScheme = isDark ? 'dark' : 'light';
+  } catch (e) {}
+})();
+`;
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <html lang="en" className={inter.variable} suppressHydrationWarning>
+      <head>
+        <script dangerouslySetInnerHTML={{ __html: themeBootstrap }} />
+      </head>
+      <body className="min-h-screen antialiased">{children}</body>
+    </html>
+  );
+}

app/manifest.ts

@@ -0,0 +1,43 @@
+import type { MetadataRoute } from "next";
+
+/**
+ * Next.js native manifest route. Served at /manifest.webmanifest by
+ * the framework itself (not as a static file) so it bypasses Vercel's
+ * Deployment Protection on preview branches.
+ */
+export default function manifest(): MetadataRoute.Manifest {
+  return {
+    name: "MedOS — your medical assistant",
+    short_name: "MedOS",
+    description:
+      "Free AI medical assistant. 20 languages. No sign-up. Private.",
+    start_url: "/?source=pwa",
+    scope: "/",
+    display: "standalone",
+    orientation: "portrait-primary",
+    theme_color: "#3B82F6",
+    background_color: "#F7F9FB",
+    categories: ["health", "medical", "lifestyle"],
+    icons: [
+      {
+        src: "/favicon.svg",
+        sizes: "any",
+        type: "image/svg+xml",
+        purpose: "any",
+      },
+    ],
+    shortcuts: [
+      {
+        name: "Ask a health question",
+        short_name: "Ask",
+        url: "/?source=shortcut",
+      },
+      {
+        name: "Health Dashboard",
+        short_name: "Health",
+        url: "/?view=health-dashboard",
+      },
+    ],
+    prefer_related_applications: false,
+  };
+}

app/page.tsx

@@ -0,0 +1,2 @@
+import MedOSApp from "@/components/MedOSApp";
+export default function HomePage() { return <MedOSApp />; }

app/robots.ts

@@ -0,0 +1,23 @@
+import type { MetadataRoute } from 'next';
+
+const SITE_URL = 'https://ruslanmv-medibot.hf.space';
+
+/**
+ * Permissive robots.txt — we want every crawler to index the public
+ * pages (home, /symptoms, /stats). API routes are disallowed because
+ * they return dynamic or privacy-sensitive data (geo lookup, chat
+ * stream, session counter).
+ */
+export default function robots(): MetadataRoute.Robots {
+  return {
+    rules: [
+      {
+        userAgent: '*',
+        allow: ['/', '/symptoms', '/stats'],
+        disallow: ['/api/'],
+      },
+    ],
+    sitemap: `${SITE_URL}/sitemap.xml`,
+    host: SITE_URL,
+  };
+}

app/sitemap.ts

@@ -0,0 +1,27 @@
+import type { MetadataRoute } from 'next';
+import { getAllSymptomSlugs } from '@/lib/symptoms';
+
+const SITE_URL = 'https://ruslanmv-medibot.hf.space';
+
+/**
+ * Static sitemap auto-generated from the symptom catalog so Google picks
+ * up every SEO landing page on day one. Served at `/sitemap.xml` by Next.
+ */
+export default function sitemap(): MetadataRoute.Sitemap {
+  const now = new Date();
+
+  const staticPages: MetadataRoute.Sitemap = [
+    { url: SITE_URL,                  lastModified: now, changeFrequency: 'daily',  priority: 1.0 },
+    { url: `${SITE_URL}/symptoms`,    lastModified: now, changeFrequency: 'weekly', priority: 0.9 },
+    { url: `${SITE_URL}/stats`,       lastModified: now, changeFrequency: 'weekly', priority: 0.7 },
+  ];
+
+  const symptomPages: MetadataRoute.Sitemap = getAllSymptomSlugs().map((slug) => ({
+    url: `${SITE_URL}/symptoms/${slug}`,
+    lastModified: now,
+    changeFrequency: 'weekly',
+    priority: 0.8,
+  }));
+
+  return [...staticPages, ...symptomPages];
+}

app/stats/page.tsx

@@ -0,0 +1,245 @@
+'use client';
+
+import { useEffect, useState } from 'react';
+import Link from 'next/link';
+import {
+  Activity,
+  Globe2,
+  ShieldCheck,
+  Clock4,
+  ArrowRight,
+  Languages,
+} from 'lucide-react';
+import { TrustBar } from '@/components/chat/TrustBar';
+
+interface SessionsResponse {
+  count: number;
+  sessions: number;
+  base: number;
+}
+
+const LANGUAGES = [
+  'English',
+  'Español',
+  'Français',
+  'Português',
+  'Italiano',
+  'Deutsch',
+  'العربية',
+  'हिन्दी',
+  'Kiswahili',
+  '中文',
+  '日本語',
+  '한국어',
+  'Русский',
+  'Türkçe',
+  'Tiếng Việt',
+  'ไทย',
+  'বাংলা',
+  'اردو',
+  'Polski',
+  'Nederlands',
+];
+
+/**
+ * Public transparency page. Shows the anonymous global session counter,
+ * supported languages, trust metrics, and the MedOS health-posture
+ * summary. Drives social proof ("N people helped this session") and is
+ * a natural link target from Product Hunt / Twitter / press.
+ *
+ * Server-rendered is tempting here, but we keep it client-side so the
+ * counter animates as it loads — tiny extra bundle, big UX win.
+ */
+export default function StatsPage() {
+  const [data, setData] = useState<SessionsResponse | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [displayCount, setDisplayCount] = useState(0);
+
+  useEffect(() => {
+    let cancelled = false;
+    fetch('/api/sessions', { cache: 'no-store' })
+      .then((r) => (r.ok ? r.json() : null))
+      .then((d: SessionsResponse | null) => {
+        if (!cancelled && d) {
+          setData(d);
+          animateTo(d.count, setDisplayCount);
+        }
+      })
+      .catch(() => {})
+      .finally(() => !cancelled && setLoading(false));
+    return () => {
+      cancelled = true;
+    };
+  }, []);
+
+  return (
+    <main className="min-h-screen bg-slate-900 text-slate-100">
+      <div className="max-w-3xl mx-auto px-4 sm:px-6 py-10 pb-32">
+        <header className="mb-8 text-center">
+          <p className="text-xs font-bold uppercase tracking-[0.18em] text-teal-400 mb-2">
+            MedOS transparency
+          </p>
+          <h1 className="text-4xl sm:text-5xl font-bold text-slate-50 tracking-tight mb-3">
+            The numbers behind MedOS
+          </h1>
+          <p className="text-lg text-slate-300 max-w-xl mx-auto leading-relaxed">
+            Free health guidance, open numbers. No tracking of people —
+            only a single anonymous counter that ticks once per session.
+          </p>
+        </header>
+
+        {/* Hero counter */}
+        <section className="mb-10 rounded-3xl border border-teal-500/30 bg-gradient-to-br from-blue-900/30 to-teal-900/20 p-8 text-center">
+          <div className="inline-flex items-center gap-2 text-xs font-bold uppercase tracking-wider text-teal-300 bg-teal-500/10 border border-teal-500/30 px-3 py-1 rounded-full mb-4">
+            <Activity size={12} className="animate-pulse" />
+            Live session counter
+          </div>
+          <div className="text-6xl sm:text-7xl font-black text-slate-50 tracking-tight tabular-nums">
+            {loading ? (
+              <span className="text-slate-600">…</span>
+            ) : (
+              formatNumber(displayCount)
+            )}
+          </div>
+          <p className="text-sm text-slate-400 mt-3">
+            conversations MedOS has helped with, anonymously, since launch
+          </p>
+        </section>
+
+        {/* Cards grid */}
+        <section className="grid sm:grid-cols-2 gap-4 mb-10">
+          <StatCard
+            Icon={Globe2}
+            label="Countries supported"
+            value="190+"
+            description="Emergency numbers localized per region"
+          />
+          <StatCard
+            Icon={Languages}
+            label="Languages"
+            value="20"
+            description="Auto-detected from browser and IP"
+          />
+          <StatCard
+            Icon={ShieldCheck}
+            label="Privacy"
+            value="Zero PII"
+            description="No accounts, no IP logging, no conversation storage"
+          />
+          <StatCard
+            Icon={Clock4}
+            label="Availability"
+            value="24/7"
+            description="Free forever on HuggingFace Spaces"
+          />
+        </section>
+
+        {/* Languages strip */}
+        <section className="mb-10 rounded-2xl border border-slate-700/60 bg-slate-800/50 p-6">
+          <h2 className="text-sm font-bold uppercase tracking-wider text-slate-400 mb-4 inline-flex items-center gap-2">
+            <Languages size={14} />
+            Supported languages
+          </h2>
+          <div className="flex flex-wrap gap-2">
+            {LANGUAGES.map((l) => (
+              <span
+                key={l}
+                className="px-3 py-1.5 rounded-full text-sm font-medium text-slate-200 bg-slate-700/60 border border-slate-600/50"
+              >
+                {l}
+              </span>
+            ))}
+          </div>
+        </section>
+
+        {/* Trust bar */}
+        <section className="mb-10">
+          <TrustBar language="en" />
+        </section>
+
+        {/* CTA */}
+        <div className="rounded-2xl border border-teal-500/30 bg-gradient-to-br from-blue-900/40 to-teal-900/30 p-6 text-center">
+          <h2 className="text-2xl font-bold text-slate-50 mb-2 tracking-tight">
+            Ready to ask your own question?
+          </h2>
+          <p className="text-slate-300 mb-4">
+            Free. Private. In your language. No sign-up.
+          </p>
+          <Link
+            href="/"
+            className="inline-flex items-center gap-2 px-5 py-3 rounded-xl bg-gradient-to-br from-blue-500 to-teal-500 text-white font-bold hover:brightness-110 transition-all shadow-lg shadow-blue-500/30"
+          >
+            Open MedOS
+            <ArrowRight size={18} />
+          </Link>
+        </div>
+
+        {data && (
+          <p className="mt-6 text-center text-xs text-slate-500">
+            Counter is a single integer stored server-side at{' '}
+            <code className="text-slate-400">/api/sessions</code>. No
+            request is ever correlated to an individual.
+          </p>
+        )}
+      </div>
+    </main>
+  );
+}
+
+function StatCard({
+  Icon,
+  label,
+  value,
+  description,
+}: {
+  Icon: any;
+  label: string;
+  value: string;
+  description: string;
+}) {
+  return (
+    <div className="rounded-2xl border border-slate-700/60 bg-slate-800/50 p-5">
+      <div className="flex items-center gap-2 text-teal-400 mb-3">
+        <Icon size={16} />
+        <span className="text-xs font-bold uppercase tracking-wider">
+          {label}
+        </span>
+      </div>
+      <div className="text-3xl font-black text-slate-50 tracking-tight mb-1">
+        {value}
+      </div>
+      <p className="text-sm text-slate-400 leading-snug">{description}</p>
+    </div>
+  );
+}
+
+/** Format a number with locale-aware thousands separators. */
+function formatNumber(n: number): string {
+  try {
+    return new Intl.NumberFormat(undefined).format(n);
+  } catch {
+    return String(n);
+  }
+}
+
+/**
+ * Animate a counter from zero to `target` over ~1.2s using an ease-out
+ * curve. Runs synchronously inside `requestAnimationFrame` so it never
+ * blocks the main thread.
+ */
+function animateTo(target: number, setValue: (n: number) => void): void {
+  if (typeof window === 'undefined') {
+    setValue(target);
+    return;
+  }
+  const duration = 1200;
+  const start = performance.now();
+  const step = (t: number) => {
+    const elapsed = t - start;
+    const progress = Math.min(1, elapsed / duration);
+    const eased = 1 - Math.pow(1 - progress, 3); // cubic ease-out
+    setValue(Math.round(target * eased));
+    if (progress < 1) requestAnimationFrame(step);
+  };
+  requestAnimationFrame(step);
+}

app/symptoms/[slug]/page.tsx

@@ -0,0 +1,237 @@
+import type { Metadata } from 'next';
+import { notFound } from 'next/navigation';
+import Link from 'next/link';
+import { AlertTriangle, ShieldCheck, ChevronLeft, ArrowRight } from 'lucide-react';
+import {
+  getSymptomBySlug,
+  getAllSymptomSlugs,
+  type Symptom,
+} from '@/lib/symptoms';
+
+const SITE_URL = 'https://ruslanmv-medibot.hf.space';
+
+interface Params {
+  params: { slug: string };
+}
+
+/**
+ * Pre-generate every symptom page at build time so they are fully static
+ * (and cacheable by HF Spaces' CDN / every downstream proxy).
+ */
+export function generateStaticParams() {
+  return getAllSymptomSlugs().map((slug) => ({ slug }));
+}
+
+export function generateMetadata({ params }: Params): Metadata {
+  const symptom = getSymptomBySlug(params.slug);
+  if (!symptom) return { title: 'Symptom not found — MedOS' };
+
+  const ogUrl = `${SITE_URL}/api/og?q=${encodeURIComponent(symptom.headline)}`;
+  const canonical = `${SITE_URL}/symptoms/${symptom.slug}`;
+
+  return {
+    title: symptom.title,
+    description: symptom.metaDescription,
+    alternates: { canonical },
+    openGraph: {
+      title: symptom.title,
+      description: symptom.metaDescription,
+      url: canonical,
+      siteName: 'MedOS',
+      type: 'article',
+      images: [{ url: ogUrl, width: 1200, height: 630, alt: symptom.headline }],
+    },
+    twitter: {
+      card: 'summary_large_image',
+      title: symptom.title,
+      description: symptom.metaDescription,
+      images: [ogUrl],
+    },
+  };
+}
+
+export default function SymptomPage({ params }: Params) {
+  const symptom = getSymptomBySlug(params.slug);
+  if (!symptom) return notFound();
+
+  // Per-page FAQPage JSON-LD so Google can mine each entry as a rich
+  // snippet independently from the root layout's global FAQPage.
+  const faqJsonLd = {
+    '@context': 'https://schema.org',
+    '@type': 'FAQPage',
+    mainEntity: symptom.faqs.map((f) => ({
+      '@type': 'Question',
+      name: f.q,
+      acceptedAnswer: { '@type': 'Answer', text: f.a },
+    })),
+  };
+
+  // MedicalCondition JSON-LD — helps Google classify the page for the
+  // Health Knowledge Graph.
+  const medicalConditionJsonLd = {
+    '@context': 'https://schema.org',
+    '@type': 'MedicalCondition',
+    name: symptom.headline,
+    description: symptom.summary,
+    signOrSymptom: symptom.redFlags.map((r) => ({
+      '@type': 'MedicalSymptom',
+      name: r,
+    })),
+    possibleTreatment: symptom.selfCare.map((s) => ({
+      '@type': 'MedicalTherapy',
+      name: s,
+    })),
+  };
+
+  const chatDeepLink = `/?q=${encodeURIComponent(
+    `I want to ask about ${symptom.headline.toLowerCase()}`,
+  )}`;
+
+  return (
+    <main className="min-h-screen bg-slate-900 text-slate-100">
+      <script
+        type="application/ld+json"
+        dangerouslySetInnerHTML={{ __html: JSON.stringify(faqJsonLd) }}
+      />
+      <script
+        type="application/ld+json"
+        dangerouslySetInnerHTML={{ __html: JSON.stringify(medicalConditionJsonLd) }}
+      />
+
+      <div className="max-w-3xl mx-auto px-4 sm:px-6 py-10 pb-32">
+        {/* Back link */}
+        <Link
+          href="/symptoms"
+          className="inline-flex items-center gap-1 text-sm text-slate-400 hover:text-teal-300 transition-colors mb-6"
+        >
+          <ChevronLeft size={16} />
+          All symptoms
+        </Link>
+
+        {/* Hero */}
+        <header className="mb-8">
+          <p className="text-xs font-bold uppercase tracking-[0.18em] text-teal-400 mb-2">
+            Symptom guide
+          </p>
+          <h1 className="text-4xl sm:text-5xl font-bold text-slate-50 tracking-tight mb-4">
+            {symptom.headline}
+          </h1>
+          <p className="text-lg text-slate-300 leading-relaxed">
+            {symptom.summary}
+          </p>
+          <div className="mt-6 inline-flex items-center gap-1.5 text-xs text-teal-300 bg-teal-500/10 border border-teal-500/30 px-3 py-1.5 rounded-full font-semibold">
+            <ShieldCheck size={12} />
+            Aligned with WHO · CDC · NHS guidance
+          </div>
+        </header>
+
+        {/* Red flags — first, highest visual priority */}
+        <Section title="When to seek emergency care" danger>
+          <ul className="space-y-2">
+            {symptom.redFlags.map((r) => (
+              <li key={r} className="flex items-start gap-2 text-slate-200">
+                <AlertTriangle
+                  size={16}
+                  className="flex-shrink-0 text-red-400 mt-0.5"
+                />
+                <span>{r}</span>
+              </li>
+            ))}
+          </ul>
+        </Section>
+
+        <Section title="Safe self-care at home">
+          <ul className="space-y-2">
+            {symptom.selfCare.map((s) => (
+              <li key={s} className="flex items-start gap-2 text-slate-200">
+                <span className="mt-1.5 w-1.5 h-1.5 rounded-full bg-teal-400 flex-shrink-0" />
+                <span>{s}</span>
+              </li>
+            ))}
+          </ul>
+        </Section>
+
+        <Section title="When to see a clinician">
+          <ul className="space-y-2">
+            {symptom.whenToSeekCare.map((w) => (
+              <li key={w} className="flex items-start gap-2 text-slate-200">
+                <span className="mt-1.5 w-1.5 h-1.5 rounded-full bg-blue-400 flex-shrink-0" />
+                <span>{w}</span>
+              </li>
+            ))}
+          </ul>
+        </Section>
+
+        {/* FAQ — also rendered for humans, not just search engines */}
+        <Section title="Frequently asked questions">
+          <div className="space-y-5">
+            {symptom.faqs.map((f) => (
+              <div key={f.q}>
+                <h3 className="font-bold text-slate-100 mb-1">{f.q}</h3>
+                <p className="text-slate-300 leading-relaxed">{f.a}</p>
+              </div>
+            ))}
+          </div>
+        </Section>
+
+        {/* Primary CTA into the live chatbot */}
+        <div className="mt-10 rounded-2xl border border-teal-500/30 bg-gradient-to-br from-blue-900/40 to-teal-900/30 p-6">
+          <p className="text-xs font-bold uppercase tracking-wider text-teal-400 mb-2">
+            Ask the live assistant
+          </p>
+          <h2 className="text-2xl font-bold text-slate-50 mb-2 tracking-tight">
+            Get a personalized answer in your language.
+          </h2>
+          <p className="text-slate-300 mb-4 leading-relaxed">
+            MedOS is free, private, and takes no account. Describe your
+            situation and get step-by-step guidance.
+          </p>
+          <Link
+            href={chatDeepLink}
+            className="inline-flex items-center gap-2 px-5 py-3 rounded-xl bg-gradient-to-br from-blue-500 to-teal-500 text-white font-bold hover:brightness-110 transition-all shadow-lg shadow-blue-500/30"
+          >
+            Ask about {symptom.headline.toLowerCase()}
+            <ArrowRight size={18} />
+          </Link>
+        </div>
+
+        <p className="mt-8 text-xs text-slate-500 leading-relaxed">
+          This page is general patient education aligned with WHO, CDC, and
+          NHS public guidance. It is not a diagnosis, prescription, or
+          substitute for care from a licensed clinician. If symptoms are
+          severe, worsening, or you are in doubt, contact a healthcare
+          provider or your local emergency number immediately.
+        </p>
+      </div>
+    </main>
+  );
+}
+
+function Section({
+  title,
+  danger,
+  children,
+}: {
+  title: string;
+  danger?: boolean;
+  children: React.ReactNode;
+}) {
+  return (
+    <section
+      className={`mt-8 rounded-2xl border p-5 ${
+        danger
+          ? 'border-red-500/40 bg-red-950/30'
+          : 'border-slate-700/60 bg-slate-800/40'
+      }`}
+    >
+      <h2
+        className={`text-lg font-bold mb-3 tracking-tight ${
+          danger ? 'text-red-300' : 'text-slate-100'
+        }`}
+      >
+        {title}
+      </h2>
+      {children}
+    </section>
+  );
+}

app/symptoms/page.tsx

@@ -0,0 +1,86 @@
+import type { Metadata } from 'next';
+import Link from 'next/link';
+import { ChevronRight, ShieldCheck } from 'lucide-react';
+import { SYMPTOMS } from '@/lib/symptoms';
+
+const SITE_URL = 'https://ruslanmv-medibot.hf.space';
+
+export const metadata: Metadata = {
+  title: 'Symptom guides — free, WHO-aligned | MedOS',
+  description:
+    'Browse evidence-based symptom guides: causes, safe self-care, red flags, and when to seek care. Free, multilingual, and aligned with WHO, CDC, and NHS.',
+  alternates: { canonical: `${SITE_URL}/symptoms` },
+  openGraph: {
+    title: 'Symptom guides — free, WHO-aligned | MedOS',
+    description:
+      'Browse evidence-based symptom guides: causes, safe self-care, red flags, and when to seek care.',
+    url: `${SITE_URL}/symptoms`,
+    images: [`${SITE_URL}/api/og?q=${encodeURIComponent('Symptom guides')}`],
+  },
+};
+
+/**
+ * Symptom catalog index. Static, cacheable, zero JS-on-load cost.
+ * Works as a landing hub from organic search queries like
+ * "medos symptoms" or "symptom checker".
+ */
+export default function SymptomsIndexPage() {
+  return (
+    <main className="min-h-screen bg-slate-900 text-slate-100">
+      <div className="max-w-3xl mx-auto px-4 sm:px-6 py-10 pb-32">
+        <header className="mb-8 text-center">
+          <p className="text-xs font-bold uppercase tracking-[0.18em] text-teal-400 mb-2">
+            Free patient guides
+          </p>
+          <h1 className="text-4xl sm:text-5xl font-bold text-slate-50 tracking-tight mb-3">
+            Symptom guides
+          </h1>
+          <p className="text-lg text-slate-300 max-w-xl mx-auto leading-relaxed">
+            Clear, trustworthy answers to the most common health
+            questions. Free, multilingual, and aligned with WHO, CDC,
+            and NHS guidance.
+          </p>
+          <div className="mt-5 inline-flex items-center gap-1.5 text-xs text-teal-300 bg-teal-500/10 border border-teal-500/30 px-3 py-1.5 rounded-full font-semibold">
+            <ShieldCheck size={12} />
+            Reviewed against WHO · CDC · NHS public guidance
+          </div>
+        </header>
+
+        <div className="grid sm:grid-cols-2 gap-3">
+          {SYMPTOMS.map((s) => (
+            <Link
+              key={s.slug}
+              href={`/symptoms/${s.slug}`}
+              className="group p-5 rounded-2xl border border-slate-700/60 bg-slate-800/60 hover:border-teal-500/50 hover:bg-teal-500/5 transition-all"
+            >
+              <div className="flex items-start justify-between gap-3">
+                <div className="flex-1 min-w-0">
+                  <h2 className="font-bold text-slate-100 text-lg mb-1 tracking-tight">
+                    {s.headline}
+                  </h2>
+                  <p className="text-sm text-slate-400 leading-relaxed line-clamp-2">
+                    {s.summary}
+                  </p>
+                </div>
+                <ChevronRight
+                  size={18}
+                  className="flex-shrink-0 text-slate-500 group-hover:text-teal-400 transition-colors mt-1"
+                />
+              </div>
+            </Link>
+          ))}
+        </div>
+
+        <div className="mt-10 text-center">
+          <Link
+            href="/"
+            className="inline-flex items-center gap-2 px-5 py-3 rounded-xl bg-gradient-to-br from-blue-500 to-teal-500 text-white font-bold hover:brightness-110 transition-all shadow-lg shadow-blue-500/30"
+          >
+            Open the live MedOS assistant
+            <ChevronRight size={18} />
+          </Link>
+        </div>
+      </div>
+    </main>
+  );
+}

components/MedOSApp.tsx

@@ -0,0 +1,560 @@
+"use client";
+
+import { useState, useCallback, useEffect, useRef } from "react";
+import { Heart, Menu } from "lucide-react";
+import { useGeoDetect } from "@/lib/hooks/useGeoDetect";
+import { ThemeProvider } from "./ThemeProvider";
+import { ThemeToggle } from "./ThemeToggle";
+import { Sidebar, NavView } from "./chat/Sidebar";
+import { AppDrawer } from "./chat/AppDrawer";
+import { RightPanel } from "./chat/RightPanel";
+import { NotificationBell } from "./chat/NotificationCenter";
+import { ChatView } from "./views/ChatView";
+import { HomeView } from "./views/HomeView";
+import { EmergencyView } from "./views/EmergencyView";
+import { TopicsView } from "./views/TopicsView";
+import { SettingsView } from "./views/SettingsView";
+import { RecordsView } from "./views/RecordsView";
+import { HistoryView } from "./views/HistoryView";
+import { MedicationsView } from "./views/MedicationsView";
+import { AppointmentsView } from "./views/AppointmentsView";
+import { VitalsView } from "./views/VitalsView";
+import { HealthDashboard } from "./views/HealthDashboard";
+import { ScheduleView } from "./views/ScheduleView";
+import { WelcomeScreen } from "./WelcomeScreen";
+import { useSettings } from "@/lib/hooks/useSettings";
+import { useChat } from "@/lib/hooks/useChat";
+import { useHealthStore } from "@/lib/hooks/useHealthStore";
+import { useNotifications } from "@/lib/hooks/useNotifications";
+import { useAuth } from "@/lib/hooks/useAuth";
+import { LoginView } from "./views/LoginView";
+import { ProfileView } from "./views/ProfileView";
+import { EHRWizard } from "./views/EHRWizard";
+import { MyMedicinesView } from "./views/MyMedicinesView";
+import { ShareView } from "./views/ShareView";
+import { AdminView } from "./views/AdminView";
+import { NearbyView } from "./views/NearbyView";
+import { ContactsView } from "./views/ContactsView";
+import { DisclaimerBanner } from "./ui/DisclaimerBanner";
+import { OfflineBanner } from "./ui/OfflineBanner";
+import { InstallPrompt } from "./ui/InstallPrompt";
+import { buildPatientContext, buildContactsContext, todayISO } from "@/lib/health-store";
+import { t, type SupportedLanguage } from "@/lib/i18n";
+
+export default function MedOSApp() {
+  return (
+    <ThemeProvider>
+      <MedOSAppInner />
+    </ThemeProvider>
+  );
+}
+
+function MedOSAppInner() {
+  const [activeNav, setActiveNav] = useState<NavView>("home");
+  const [drawerOpen, setDrawerOpen] = useState(false);
+  const settings = useSettings();
+  const auth = useAuth();
+  const { messages, isTyping, error, sendMessage, clearMessages } = useChat();
+  const health = useHealthStore(auth.token);
+  const notif = useNotifications();
+
+  // IP-based auto-detection. Only applies if the user hasn't manually
+  // chosen a language yet; the manual override in Settings wins forever.
+  const onGeo = useCallback(
+    (g: { country: string; language: any; emergencyNumber: string }) => {
+      settings.applyGeo(g);
+    },
+    [settings],
+  );
+  useGeoDetect({
+    skip: !settings.isLoaded || settings.explicitLanguage,
+    onResult: onGeo,
+  });
+
+  const handleSendMessage = (content: string) => {
+    sendMessage(content, {
+      preset: settings.advancedMode ? undefined : settings.preset,
+      provider: settings.advancedMode ? settings.provider : undefined,
+      // In advanced mode we let the server default the model; the
+      // dedicated provider files pick their own canonical model.
+      apiKey: settings.apiKey,
+      userHfToken: settings.hfToken || undefined,
+      context: {
+        country: settings.country,
+        language: settings.language,
+        emergencyNumber: settings.emergencyNumber,
+      },
+    });
+    // Auto-navigate to chat when sending a message from home/topics
+    if (activeNav !== "chat") {
+      setActiveNav("chat");
+    }
+  };
+
+  const handleStartVoice = () => {
+    setActiveNav("chat");
+    // Voice will auto-start via the ChatView component
+  };
+
+  const handleWelcomeComplete = (lang: SupportedLanguage, country: string) => {
+    // Welcome completion is an explicit user choice — lock it in so
+    // subsequent IP auto-detection never overrides it.
+    settings.setLanguageExplicit(lang);
+    settings.setCountryExplicit(country);
+    settings.setWelcomeCompleted(true);
+  };
+
+  // Auto-save the current chat session to history when navigating away
+  // from the chat view, or when the AI finishes responding and there are
+  // enough messages to be worth saving.
+  const lastSavedCount = useRef(0);
+  useEffect(() => {
+    const userMsgs = messages.filter((m) => m.role === "user");
+    if (
+      userMsgs.length > 0 &&
+      messages.length >= 3 &&
+      messages.length !== lastSavedCount.current &&
+      !isTyping
+    ) {
+      lastSavedCount.current = messages.length;
+      health.saveSession({
+        date: new Date().toISOString(),
+        preview: userMsgs[0].content.slice(0, 120),
+        messageCount: messages.length,
+        topic: undefined,
+      });
+    }
+  }, [messages.length, isTyping]); // eslint-disable-line react-hooks/exhaustive-deps
+
+  const handleNavigate = (view: string) => {
+    setActiveNav(view as NavView);
+  };
+
+  // Sync language and direction to HTML element for i18n + RTL
+  useEffect(() => {
+    const doc = document.documentElement;
+    doc.lang = settings.language;
+    doc.dir = settings.language === "ar" || settings.language === "ur" ? "rtl" : "ltr";
+  }, [settings.language]);
+
+  // Text size class
+  const textSizeClass =
+    settings.textSize === "large"
+      ? "text-lg"
+      : settings.textSize === "small"
+      ? "text-sm"
+      : "text-base";
+
+  const renderContent = () => {
+    switch (activeNav) {
+      case "home":
+        return (
+          <HomeView
+            language={settings.language}
+            country={settings.country}
+            emergencyNumber={settings.emergencyNumber}
+            onNavigate={handleNavigate}
+            onSendMessage={handleSendMessage}
+            onStartVoice={handleStartVoice}
+          />
+        );
+      case "emergency":
+        return (
+          <EmergencyView
+            language={settings.language}
+            emergencyNumber={settings.emergencyNumber}
+          />
+        );
+      case "topics":
+        return (
+          <TopicsView
+            language={settings.language}
+            onSelectTopic={(topic) => handleSendMessage(`Tell me about ${topic}`)}
+          />
+        );
+      case "settings":
+        return (
+          <SettingsView
+            preset={settings.preset}
+            setPreset={settings.setPreset}
+            hfToken={settings.hfToken}
+            setHfToken={settings.setHfToken}
+            clearHfToken={settings.clearHfToken}
+            provider={settings.provider}
+            setProvider={settings.setProvider}
+            apiKey={settings.apiKey}
+            setApiKey={settings.setApiKey}
+            clearApiKey={settings.clearApiKey}
+            advancedMode={settings.advancedMode}
+            setAdvancedMode={settings.setAdvancedMode}
+            language={settings.language}
+            setLanguage={settings.setLanguageExplicit}
+            country={settings.country}
+            setCountry={settings.setCountryExplicit}
+            voiceEnabled={settings.voiceEnabled}
+            setVoiceEnabled={settings.setVoiceEnabled}
+            readAloud={settings.readAloud}
+            setReadAloud={settings.setReadAloud}
+            textSize={settings.textSize}
+            setTextSize={settings.setTextSize}
+            simpleLanguage={settings.simpleLanguage}
+            setSimpleLanguage={settings.setSimpleLanguage}
+            darkMode={settings.darkMode}
+            setDarkMode={settings.setDarkMode}
+            emergencyNumber={settings.emergencyNumber}
+          />
+        );
+      case "schedule":
+        return (
+          <ScheduleView
+            medications={health.medications}
+            medicationLogs={health.medicationLogs}
+            appointments={health.appointments}
+            onMarkMedTaken={health.markMedTaken}
+            isMedTaken={health.isMedTaken}
+            onEditAppointment={health.editAppointment}
+            onNavigate={handleNavigate}
+            language={settings.language}
+          />
+        );
+      case "health-dashboard":
+        return (
+          <HealthDashboard
+            medications={health.medications}
+            medicationLogs={health.medicationLogs}
+            appointments={health.appointments}
+            vitals={health.vitals}
+            records={health.records}
+            onNavigate={handleNavigate}
+            onMarkMedTaken={health.markMedTaken}
+            isMedTaken={health.isMedTaken}
+            getMedStreak={health.getMedStreak}
+            onExport={health.downloadAll}
+            language={settings.language}
+          />
+        );
+      case "medications":
+        return (
+          <MedicationsView
+            medications={health.medications}
+            onAdd={health.addMedication}
+            onEdit={health.editMedication}
+            onDelete={health.deleteMedication}
+            onMarkTaken={health.markMedTaken}
+            isTaken={health.isMedTaken}
+            getStreak={health.getMedStreak}
+            language={settings.language}
+          />
+        );
+      case "appointments":
+        return (
+          <AppointmentsView
+            appointments={health.appointments}
+            onAdd={health.addAppointment}
+            onEdit={health.editAppointment}
+            onDelete={health.deleteAppointment}
+            language={settings.language}
+          />
+        );
+      case "vitals":
+        return (
+          <VitalsView
+            vitals={health.vitals}
+            onAdd={health.addVital}
+            onDelete={health.deleteVital}
+            language={settings.language}
+          />
+        );
+      case "records":
+        return (
+          <RecordsView
+            records={health.records}
+            onAdd={health.addRecord}
+            onEdit={health.editRecord}
+            onDelete={health.deleteRecord}
+            onExport={health.downloadAll}
+            language={settings.language}
+          />
+        );
+      case "my-medicines":
+        return (
+          <MyMedicinesView
+            medicines={health.medicines}
+            onAdd={health.addMedicine}
+            onUpdate={health.editMedicine}
+            onDelete={health.deleteMedicine}
+            onAddToSchedule={(med) => {
+              // Add to the medication schedule tracker
+              health.addMedication({
+                name: med.name,
+                dose: med.dose,
+                frequency: "daily",
+                times: ["08:00"],
+                startDate: todayISO(),
+                active: true,
+              });
+              setActiveNav("medications");
+            }}
+            language={settings.language}
+          />
+        );
+      case "nearby":
+        return (
+          <NearbyView
+            language={settings.language}
+            onSaveContact={(c) => health.addContact(c)}
+          />
+        );
+      case "contacts":
+        return (
+          <ContactsView
+            contacts={health.contacts}
+            onAdd={health.addContact}
+            onUpdate={health.editContact}
+            onDelete={health.deleteContact}
+            onNavigate={handleNavigate}
+            language={settings.language}
+          />
+        );
+      case "share":
+        return <ShareView language={settings.language} />;
+      case "admin":
+        return auth.user?.isAdmin ? (
+          <AdminView language={settings.language} token={auth.token} />
+        ) : (
+          <HomeView
+            language={settings.language}
+            country={settings.country}
+            emergencyNumber={settings.emergencyNumber}
+            onNavigate={handleNavigate}
+            onSendMessage={handleSendMessage}
+            onStartVoice={handleStartVoice}
+          />
+        );
+      case "history":
+        return (
+          <HistoryView
+            history={health.history}
+            onDelete={health.deleteSession}
+            onClearAll={health.clearAllHistory}
+            onReplay={(preview) => handleSendMessage(preview)}
+            language={settings.language}
+          />
+        );
+      case "login":
+        return (
+          <LoginView
+            onLogin={async (e, p) => {
+              const res = await auth.login(e, p);
+              if (res.ok) setActiveNav("home");
+              return res;
+            }}
+            onRegister={async (e, p, o) => {
+              const res = await auth.register(e, p, o);
+              if (res.ok && !res.needsVerification) setActiveNav("home");
+              return res;
+            }}
+            onVerifyEmail={async (code) => {
+              const res = await auth.verifyEmail(code);
+              if (res.ok) setActiveNav("home");
+              return res;
+            }}
+            onResendVerification={auth.resendVerification}
+            onForgotPassword={auth.forgotPassword}
+            onResetPassword={async (e, c, p) => {
+              const res = await auth.resetPassword(e, c, p);
+              if (res.ok) setActiveNav("home");
+              return res;
+            }}
+            language={settings.language}
+          />
+        );
+      case "ehr-wizard":
+        return (
+          <EHRWizard
+            onComplete={() => setActiveNav("profile")}
+            onCancel={() => setActiveNav("home")}
+            language={settings.language}
+          />
+        );
+      case "profile":
+        return auth.user ? (
+          <ProfileView
+            user={auth.user}
+            onLogout={() => {
+              auth.logout();
+              setActiveNav("home");
+            }}
+            onExport={health.downloadAll}
+            onOpenEHR={() => setActiveNav("ehr-wizard")}
+            medicationCount={health.medications.length}
+            appointmentCount={health.appointments.length}
+            vitalCount={health.vitals.length}
+            recordCount={health.records.length}
+            language={settings.language}
+          />
+        ) : (
+          <LoginView
+            onLogin={async (e, p) => {
+              const res = await auth.login(e, p);
+              if (res.ok) setActiveNav("profile");
+              return res;
+            }}
+            onRegister={async (e, p, o) => {
+              const res = await auth.register(e, p, o);
+              if (res.ok && !res.needsVerification) setActiveNav("profile");
+              return res;
+            }}
+            onVerifyEmail={auth.verifyEmail}
+            onResendVerification={auth.resendVerification}
+            onForgotPassword={auth.forgotPassword}
+            onResetPassword={auth.resetPassword}
+            language={settings.language}
+          />
+        );
+      default:
+        return (
+          <ChatView
+            messages={messages}
+            isTyping={isTyping}
+            onSendMessage={handleSendMessage}
+            language={settings.language}
+            emergencyNumber={settings.emergencyNumber}
+            voiceEnabled={settings.voiceEnabled}
+            readAloud={settings.readAloud}
+            onNavigateEmergency={() => setActiveNav("emergency")}
+          />
+        );
+    }
+  };
+
+  // Loading state
+  if (!settings.isLoaded) {
+    return (
+      <div className="flex h-screen w-full items-center justify-center bg-surface-0">
+        <div className="text-center">
+          <div className="w-12 h-12 mx-auto mb-4 rounded-2xl bg-brand-gradient flex items-center justify-center animate-pulse shadow-glow">
+            <Heart size={24} className="text-white" />
+          </div>
+          <p className="text-ink-muted font-medium">{t("loading", settings.language)}</p>
+        </div>
+      </div>
+    );
+  }
+
+  // Welcome screen for first-time users
+  if (!settings.welcomeCompleted) {
+    return (
+      <WelcomeScreen
+        detectedLanguage={settings.language}
+        detectedCountry={settings.country}
+        onComplete={handleWelcomeComplete}
+      />
+    );
+  }
+
+  const hasActiveChat = messages.length > 1;
+
+  return (
+    <div
+      className={`relative flex flex-col h-screen-safe w-full font-sans text-ink-base ${textSizeClass}`}
+    >
+      <OfflineBanner />
+      <InstallPrompt />
+
+      {/* Mobile drawer navigation */}
+      <AppDrawer
+        open={drawerOpen}
+        onClose={() => setDrawerOpen(false)}
+        activeKey={activeNav}
+        onNavigate={(key) => setActiveNav(key as NavView)}
+        onNewChat={() => { clearMessages(); setActiveNav("home"); }}
+        isAuthenticated={auth.isAuthenticated}
+        isAdmin={auth.user?.isAdmin}
+        username={auth.user?.displayName || auth.user?.email}
+        onLogout={() => { auth.logout(); setActiveNav("home"); }}
+        language={settings.language}
+      />
+
+      <div className="flex flex-1 overflow-hidden">
+      {/* Sidebar */}
+      <Sidebar
+        activeNav={activeNav}
+        setActiveNav={setActiveNav}
+        language={settings.language}
+        advancedMode={settings.advancedMode}
+        isAuthenticated={auth.isAuthenticated}
+        isAdmin={auth.user?.isAdmin}
+        username={auth.user?.displayName || auth.user?.email}
+        onLogout={() => { auth.logout(); setActiveNav("home"); }}
+      />
+
+      {/* Main Content */}
+      <div className="flex-1 flex flex-col relative overflow-hidden">
+        {/* Top Header — clean, mobile-first, always accessible */}
+        <header className="h-14 sm:h-16 bg-surface-1/90 backdrop-blur-xl border-b border-line/50 flex items-center justify-between px-3 sm:px-8 sticky top-0 z-20">
+          {/* Mobile: hamburger menu + logo */}
+          <div className="flex items-center gap-2 md:hidden">
+            <button
+              onClick={() => setDrawerOpen(true)}
+              className="w-10 h-10 rounded-xl flex items-center justify-center text-ink-base hover:bg-surface-2 transition-all active:scale-95"
+              aria-label="Open menu"
+            >
+              <Menu size={20} />
+            </button>
+            <div className="flex items-center gap-2">
+              <div className="w-7 h-7 rounded-lg bg-brand-gradient flex items-center justify-center text-white">
+                <Heart size={12} />
+              </div>
+              <span className="font-bold text-ink-base tracking-tight text-sm">MedOS</span>
+            </div>
+          </div>
+
+          <h2 className="hidden md:block font-bold text-lg text-ink-base tracking-tight">
+            {activeNav === "home"
+              ? t("nav_home", settings.language)
+              : activeNav === "chat"
+              ? t("nav_ask", settings.language)
+              : activeNav === "emergency"
+              ? t("nav_emergency", settings.language)
+              : activeNav === "topics"
+              ? t("nav_topics", settings.language)
+              : activeNav === "settings"
+              ? t("nav_settings", settings.language)
+              : activeNav}
+          </h2>
+
+          <div className="flex items-center gap-2 sm:gap-3">
+            <NotificationBell
+              notifications={notif.notifications}
+              count={notif.count}
+              onDismiss={notif.dismiss}
+              onDismissAll={notif.dismissAll}
+            />
+            <ThemeToggle />
+          </div>
+        </header>
+
+        {/* Dynamic Content Area */}
+        <main className="flex-1 flex relative overflow-hidden">
+          <div className="flex-1 flex flex-col relative">{renderContent()}</div>
+        </main>
+      </div>
+
+      {/* Right Panel — context-aware */}
+      <RightPanel
+        language={settings.language}
+        emergencyNumber={settings.emergencyNumber}
+        vitals={health.vitals}
+        medications={health.medications}
+        appointments={health.appointments}
+        isMedTaken={health.isMedTaken}
+        onNavigate={handleNavigate}
+        notificationCount={notif.count}
+        onOpenNotifications={() => {}}
+      />
+      </div>
+      <DisclaimerBanner language={settings.language} />
+    </div>
+  );
+}

components/ThemeProvider.tsx

@@ -0,0 +1,76 @@
+"use client";
+
+import {
+  createContext,
+  useCallback,
+  useContext,
+  useEffect,
+  useState,
+} from "react";
+
+export type ThemeMode = "light" | "dark" | "system";
+
+type Ctx = {
+  theme: ThemeMode;
+  resolved: "light" | "dark";
+  setTheme: (t: ThemeMode) => void;
+};
+
+const ThemeCtx = createContext<Ctx | null>(null);
+
+function systemPrefersDark(): boolean {
+  if (typeof window === "undefined") return false;
+  return window.matchMedia("(prefers-color-scheme: dark)").matches;
+}
+
+function applyDomClass(dark: boolean) {
+  const root = document.documentElement;
+  root.classList.toggle("dark", dark);
+  root.style.colorScheme = dark ? "dark" : "light";
+}
+
+export function ThemeProvider({ children }: { children: React.ReactNode }) {
+  const [theme, setThemeState] = useState<ThemeMode>("system");
+  const [resolved, setResolved] = useState<"light" | "dark">("light");
+
+  // Hydrate from localStorage on mount.
+  useEffect(() => {
+    const stored = (localStorage.getItem("medos_theme") as ThemeMode | null) ?? "light";
+    setThemeState(stored);
+    const dark = stored === "dark" || (stored === "system" && systemPrefersDark());
+    setResolved(dark ? "dark" : "light");
+    applyDomClass(dark);
+  }, []);
+
+  // React to OS changes while in "system" mode.
+  useEffect(() => {
+    if (theme !== "system") return;
+    const mq = window.matchMedia("(prefers-color-scheme: dark)");
+    const listener = (e: MediaQueryListEvent) => {
+      setResolved(e.matches ? "dark" : "light");
+      applyDomClass(e.matches);
+    };
+    mq.addEventListener("change", listener);
+    return () => mq.removeEventListener("change", listener);
+  }, [theme]);
+
+  const setTheme = useCallback((t: ThemeMode) => {
+    setThemeState(t);
+    localStorage.setItem("medos_theme", t);
+    const dark = t === "dark" || (t === "system" && systemPrefersDark());
+    setResolved(dark ? "dark" : "light");
+    applyDomClass(dark);
+  }, []);
+
+  return (
+    <ThemeCtx.Provider value={{ theme, resolved, setTheme }}>
+      {children}
+    </ThemeCtx.Provider>
+  );
+}
+
+export function useTheme(): Ctx {
+  const v = useContext(ThemeCtx);
+  if (!v) throw new Error("useTheme must be used inside <ThemeProvider>");
+  return v;
+}

components/ThemeToggle.tsx

@@ -0,0 +1,41 @@
+"use client";
+
+import { Sun, Moon, Monitor } from "lucide-react";
+import { useTheme, type ThemeMode } from "./ThemeProvider";
+
+const OPTIONS: { id: ThemeMode; label: string; Icon: typeof Sun }[] = [
+  { id: "light",  label: "Light",  Icon: Sun },
+  { id: "dark",   label: "Dark",   Icon: Moon },
+  { id: "system", label: "Auto",   Icon: Monitor },
+];
+
+export function ThemeToggle() {
+  const { theme, setTheme } = useTheme();
+  return (
+    <div
+      role="radiogroup"
+      aria-label="Theme"
+      className="inline-flex items-center gap-0.5 rounded-full p-0.5 bg-surface-2/70 border border-line/60 backdrop-blur"
+    >
+      {OPTIONS.map(({ id, label, Icon }) => {
+        const active = theme === id;
+        return (
+          <button
+            key={id}
+            role="radio"
+            aria-checked={active}
+            title={label}
+            onClick={() => setTheme(id)}
+            className={`flex items-center justify-center h-7 w-7 rounded-full transition-all ${
+              active
+                ? "bg-surface-1 text-brand-600 shadow-soft"
+                : "text-ink-muted hover:text-ink-base"
+            }`}
+          >
+            <Icon size={14} strokeWidth={2.25} />
+          </button>
+        );
+      })}
+    </div>
+  );
+}

components/WelcomeScreen.tsx

@@ -0,0 +1,177 @@
+"use client";
+
+import { useState } from "react";
+import { Globe, MapPin, ChevronRight, Shield, Heart } from "lucide-react";
+import {
+  t,
+  LANGUAGE_NAMES,
+  getCountryName,
+  getEmergencyNumber,
+  type SupportedLanguage,
+} from "@/lib/i18n";
+
+interface WelcomeScreenProps {
+  detectedLanguage: SupportedLanguage;
+  detectedCountry: string;
+  onComplete: (language: SupportedLanguage, country: string) => void;
+}
+
+export function WelcomeScreen({
+  detectedLanguage,
+  detectedCountry,
+  onComplete,
+}: WelcomeScreenProps) {
+  const [step, setStep] = useState<"detected" | "language" | "region">("detected");
+  const [selectedLang, setSelectedLang] = useState(detectedLanguage);
+  const [selectedCountry, setSelectedCountry] = useState(detectedCountry);
+
+  const lang = selectedLang;
+
+  if (step === "language") {
+    return (
+      <div className="min-h-screen bg-white flex flex-col items-center justify-center p-6">
+        <h2 className="text-2xl font-bold text-slate-800 mb-8">
+          {t("choose_language", lang)}
+        </h2>
+        <div className="grid grid-cols-2 sm:grid-cols-3 gap-3 max-w-lg w-full">
+          {(Object.entries(LANGUAGE_NAMES) as [SupportedLanguage, string][]).map(
+            ([code, name]) => (
+              <button
+                key={code}
+                onClick={() => {
+                  setSelectedLang(code);
+                  setStep("detected");
+                }}
+                className={`p-4 rounded-2xl border-2 text-center font-semibold transition-all ${
+                  selectedLang === code
+                    ? "border-blue-500 bg-blue-50 text-blue-700"
+                    : "border-slate-200 bg-white text-slate-700 hover:border-blue-200 hover:bg-blue-50/50"
+                }`}
+              >
+                <span className="text-lg block">{name}</span>
+              </button>
+            )
+          )}
+        </div>
+      </div>
+    );
+  }
+
+  if (step === "region") {
+    const countries = [
+      "US", "CA", "GB", "AU", "NZ", "IT", "DE", "FR", "ES", "PT", "NL", "PL",
+      "IN", "CN", "JP", "KR", "BR", "MX", "AR", "CO", "ZA", "NG", "KE", "TZ",
+      "EG", "MA", "TR", "RU", "SA", "AE", "PK", "BD", "VN", "TH", "PH", "ID", "MY",
+    ];
+    return (
+      <div className="min-h-screen bg-white flex flex-col items-center justify-center p-6">
+        <h2 className="text-2xl font-bold text-slate-800 mb-8">
+          {t("welcome_change_region", lang)}
+        </h2>
+        <div className="grid grid-cols-2 sm:grid-cols-3 gap-3 max-w-lg w-full max-h-[60vh] overflow-y-auto">
+          {countries.map((code) => (
+            <button
+              key={code}
+              onClick={() => {
+                setSelectedCountry(code);
+                setStep("detected");
+              }}
+              className={`p-3 rounded-2xl border-2 text-center font-medium transition-all text-sm ${
+                selectedCountry === code
+                  ? "border-blue-500 bg-blue-50 text-blue-700"
+                  : "border-slate-200 bg-white text-slate-700 hover:border-blue-200"
+              }`}
+            >
+              {getCountryName(code)}
+            </button>
+          ))}
+        </div>
+      </div>
+    );
+  }
+
+  // Main detected screen
+  return (
+    <div className="min-h-screen bg-gradient-to-b from-blue-50 to-white flex flex-col items-center justify-center p-6">
+      <div className="max-w-md w-full text-center">
+        {/* Logo */}
+        <div className="w-20 h-20 mx-auto mb-6 rounded-3xl bg-gradient-to-br from-blue-500 to-indigo-600 flex items-center justify-center shadow-xl shadow-blue-200">
+          <Heart size={36} className="text-white" />
+        </div>
+
+        <h1 className="text-3xl font-bold text-slate-800 mb-2">
+          {t("welcome_title", lang)}
+        </h1>
+        <p className="text-lg text-slate-500 mb-10">
+          {t("welcome_subtitle", lang)}
+        </p>
+
+        {/* Detection card */}
+        <div className="bg-white rounded-3xl shadow-lg border border-slate-100 p-6 mb-8">
+          <p className="text-sm text-slate-500 mb-4 font-medium">
+            {t("welcome_detected", lang)}
+          </p>
+
+          <div className="flex items-center gap-3 p-4 bg-blue-50 rounded-2xl mb-3">
+            <Globe size={22} className="text-blue-500" />
+            <span className="text-lg font-semibold text-slate-800">
+              {LANGUAGE_NAMES[selectedLang]}
+            </span>
+          </div>
+
+          <div className="flex items-center gap-3 p-4 bg-blue-50 rounded-2xl">
+            <MapPin size={22} className="text-blue-500" />
+            <span className="text-lg font-semibold text-slate-800">
+              {getCountryName(selectedCountry)}
+            </span>
+            <span className="text-sm text-slate-400 ml-auto">
+              {t("emergency_call", lang)}: {getEmergencyNumber(selectedCountry)}
+            </span>
+          </div>
+        </div>
+
+        {/* Continue button */}
+        <button
+          onClick={() => onComplete(selectedLang, selectedCountry)}
+          className="w-full py-4 bg-blue-600 text-white rounded-2xl font-bold text-lg shadow-lg shadow-blue-200 hover:bg-blue-700 transition-colors flex items-center justify-center gap-2 mb-4"
+        >
+          {t("welcome_continue", lang)}
+          <ChevronRight size={20} />
+        </button>
+
+        {/* Change buttons */}
+        <div className="flex gap-3 justify-center">
+          <button
+            onClick={() => setStep("language")}
+            className="text-sm text-blue-600 font-medium hover:underline"
+          >
+            {t("welcome_change_language", lang)}
+          </button>
+          <span className="text-slate-300">|</span>
+          <button
+            onClick={() => setStep("region")}
+            className="text-sm text-blue-600 font-medium hover:underline"
+          >
+            {t("welcome_change_region", lang)}
+          </button>
+        </div>
+
+        {/* Trust badges */}
+        <div className="flex items-center justify-center gap-4 mt-10 flex-wrap">
+          <div className="flex items-center gap-1.5 text-xs text-slate-400 font-medium">
+            <Shield size={14} className="text-emerald-500" />
+            {t("badge_private", lang)}
+          </div>
+          <div className="flex items-center gap-1.5 text-xs text-slate-400 font-medium">
+            <Shield size={14} className="text-emerald-500" />
+            {t("badge_no_signup", lang)}
+          </div>
+          <div className="flex items-center gap-1.5 text-xs text-slate-400 font-medium">
+            <Shield size={14} className="text-emerald-500" />
+            {t("badge_free", lang)}
+          </div>
+        </div>
+      </div>
+    </div>
+  );
+}

components/chat/AppDrawer.tsx

@@ -0,0 +1,234 @@
+"use client";
+
+import { useEffect } from "react";
+import {
+  X,
+  Plus,
+  MessageCircle,
+  Clock,
+  Pill,
+  MapPin,
+  Heart,
+  Activity,
+  FileText,
+  Calendar,
+  Settings,
+  User2,
+  LogIn,
+  LogOut,
+  Contact,
+  Camera,
+  AlertTriangle,
+  BookOpen,
+  Share2,
+  ShieldCheck,
+} from "lucide-react";
+import { t, type SupportedLanguage } from "@/lib/i18n";
+
+interface AppDrawerProps {
+  open: boolean;
+  onClose: () => void;
+  activeKey: string;
+  onNavigate: (key: string) => void;
+  onNewChat?: () => void;
+  isAuthenticated?: boolean;
+  isAdmin?: boolean;
+  username?: string;
+  onLogout?: () => void;
+  language: SupportedLanguage;
+}
+
+export function AppDrawer({
+  open,
+  onClose,
+  activeKey,
+  onNavigate,
+  onNewChat,
+  isAuthenticated = false,
+  isAdmin = false,
+  username,
+  onLogout,
+  language,
+}: AppDrawerProps) {
+  // Close on Escape
+  useEffect(() => {
+    if (!open) return;
+    const handler = (e: KeyboardEvent) => { if (e.key === "Escape") onClose(); };
+    window.addEventListener("keydown", handler);
+    return () => window.removeEventListener("keydown", handler);
+  }, [open, onClose]);
+
+  // Prevent body scroll when open
+  useEffect(() => {
+    if (open) document.body.style.overflow = "hidden";
+    else document.body.style.overflow = "";
+    return () => { document.body.style.overflow = ""; };
+  }, [open]);
+
+  const nav = (key: string) => { onNavigate(key); onClose(); };
+
+  return (
+    <div
+      className={`md:hidden fixed inset-0 z-50 transition-all duration-300 ${
+        open ? "pointer-events-auto" : "pointer-events-none"
+      }`}
+      aria-hidden={!open}
+    >
+      {/* Backdrop */}
+      <div
+        className={`absolute inset-0 bg-black/40 backdrop-blur-sm transition-opacity duration-300 ${
+          open ? "opacity-100" : "opacity-0"
+        }`}
+        onClick={onClose}
+      />
+
+      {/* Drawer panel */}
+      <aside
+        className={`absolute left-0 top-0 h-full w-[82%] max-w-[320px] bg-surface-1 border-r border-line/40 shadow-card flex flex-col transition-transform duration-300 ease-out ${
+          open ? "translate-x-0" : "-translate-x-full"
+        }`}
+      >
+        {/* Header — user info + close */}
+        <div className="flex items-center justify-between px-4 pt-5 pb-3 safe-area-top">
+          <div className="flex items-center gap-2.5">
+            <div className="w-9 h-9 rounded-xl bg-brand-gradient flex items-center justify-center text-white shadow-soft">
+              <Heart size={16} />
+            </div>
+            <div className="min-w-0">
+              <div className="text-sm font-bold text-ink-base truncate">
+                {isAuthenticated ? (username || "Account") : "MedOS"}
+              </div>
+              {isAuthenticated && (
+                <div className="text-[11px] text-ink-muted truncate">{t("drawer_signed_in", language)}</div>
+              )}
+              {!isAuthenticated && (
+                <div className="text-[11px] text-ink-muted">{t("drawer_free_private", language)}</div>
+              )}
+            </div>
+          </div>
+          <button
+            onClick={onClose}
+            className="w-10 h-10 rounded-xl flex items-center justify-center text-ink-subtle hover:text-ink-base hover:bg-surface-2 transition-all"
+            aria-label={t("drawer_close", language)}
+          >
+            <X size={18} />
+          </button>
+        </div>
+
+        {/* New Chat button */}
+        <div className="px-4 pb-3">
+          <button
+            onClick={() => { onNewChat?.(); onClose(); }}
+            className="w-full py-2.5 bg-brand-gradient text-white rounded-xl font-bold text-sm shadow-glow hover:brightness-110 active:scale-[0.98] transition-all flex items-center justify-center gap-2"
+          >
+            <Plus size={16} />
+            {t("drawer_new_chat", language)}
+          </button>
+        </div>
+
+        {/* Navigation */}
+        <nav className="flex-1 overflow-y-auto px-3 scroll-touch">
+          <DrawerSection title={t("drawer_section_main", language)}>
+            <DrawerItem icon={MessageCircle} label={t("nav_ask", language)} active={activeKey === "chat" || activeKey === "home"} onClick={() => nav("home")} />
+            <DrawerItem icon={Clock} label={t("nav_history", language)} active={activeKey === "history"} onClick={() => nav("history")} />
+          </DrawerSection>
+
+          <DrawerSection title={t("nav_health_tracker", language)}>
+            <DrawerItem icon={Heart} label={t("nav_dashboard", language)} active={activeKey === "health-dashboard"} onClick={() => nav("health-dashboard")} />
+            <DrawerItem icon={Calendar} label={t("nav_schedule", language)} active={activeKey === "schedule"} onClick={() => nav("schedule")} />
+            <DrawerItem icon={Pill} label={t("nav_medications", language)} active={activeKey === "medications"} onClick={() => nav("medications")} />
+            <DrawerItem icon={Camera} label={t("medicines_title", language)} active={activeKey === "my-medicines"} onClick={() => nav("my-medicines")} />
+            <DrawerItem icon={Activity} label={t("nav_vitals", language)} active={activeKey === "vitals"} onClick={() => nav("vitals")} />
+            <DrawerItem icon={FileText} label={t("nav_records", language)} active={activeKey === "records"} onClick={() => nav("records")} />
+            <DrawerItem icon={Contact} label={t("contacts_title", language)} active={activeKey === "contacts"} onClick={() => nav("contacts")} />
+          </DrawerSection>
+
+          <DrawerSection title={t("drawer_section_tools", language)}>
+            <DrawerItem icon={MapPin} label={t("drawer_nearby", language)} active={activeKey === "nearby"} onClick={() => nav("nearby")} />
+            <DrawerItem icon={AlertTriangle} label={t("nav_emergency", language)} active={activeKey === "emergency"} onClick={() => nav("emergency")} urgent />
+            <DrawerItem icon={BookOpen} label={t("nav_topics", language)} active={activeKey === "topics"} onClick={() => nav("topics")} />
+          </DrawerSection>
+
+          <DrawerSection title={t("drawer_section_account", language)}>
+            {isAuthenticated ? (
+              <>
+                <DrawerItem icon={User2} label={t("nav_profile", language)} active={activeKey === "profile"} onClick={() => nav("profile")} />
+                <DrawerItem icon={Settings} label={t("nav_settings", language)} active={activeKey === "settings"} onClick={() => nav("settings")} />
+                {isAdmin && (
+                  <DrawerItem icon={ShieldCheck} label="Admin" active={activeKey === "admin"} onClick={() => nav("admin")} />
+                )}
+              </>
+            ) : (
+              <>
+                <DrawerItem icon={LogIn} label={t("drawer_sign_up", language)} active={activeKey === "login"} onClick={() => nav("login")} />
+                <DrawerItem icon={Settings} label={t("nav_settings", language)} active={activeKey === "settings"} onClick={() => nav("settings")} />
+              </>
+            )}
+          </DrawerSection>
+        </nav>
+
+        {/* Footer */}
+        <div className="px-4 py-3 border-t border-line/40 safe-area-bottom">
+          {isAuthenticated && onLogout && (
+            <button
+              onClick={() => { onLogout(); onClose(); }}
+              className="w-full flex items-center gap-2 px-3 py-2.5 rounded-xl text-sm text-danger-500 hover:bg-danger-500/10 transition-colors mb-2"
+            >
+              <LogOut size={16} /> {t("drawer_logout", language)}
+            </button>
+          )}
+          <p className="text-[10px] text-ink-subtle leading-snug px-1">
+            {t("badge_not_doctor", language)}
+          </p>
+        </div>
+      </aside>
+    </div>
+  );
+}
+
+// ============================================================
+// Sub-components
+// ============================================================
+
+function DrawerSection({ title, children }: { title: string; children: React.ReactNode }) {
+  return (
+    <div className="py-2">
+      <div className="px-3 pb-1.5 pt-1 text-[10px] font-bold uppercase tracking-[0.14em] text-ink-subtle">
+        {title}
+      </div>
+      <div className="space-y-0.5">{children}</div>
+    </div>
+  );
+}
+
+function DrawerItem({
+  icon: Icon,
+  label,
+  active,
+  onClick,
+  urgent,
+}: {
+  icon: any;
+  label: string;
+  active: boolean;
+  onClick: () => void;
+  urgent?: boolean;
+}) {
+  return (
+    <button
+      onClick={onClick}
+      className={`w-full h-11 rounded-xl px-3 flex items-center gap-3 text-left transition-all active:scale-[0.98] ${
+        active
+          ? urgent
+            ? "bg-danger-500/10 text-danger-500 font-semibold"
+            : "bg-brand-500/10 text-brand-600 font-semibold"
+          : urgent
+          ? "text-danger-500/70 hover:bg-danger-500/5"
+          : "text-ink-muted hover:bg-surface-2 hover:text-ink-base"
+      }`}
+    >
+      <Icon size={18} strokeWidth={active ? 2.25 : 1.75} className="flex-shrink-0" />
+      <span className="text-sm truncate">{label}</span>
+    </button>
+  );
+}