Documentation
Feedback
Roadmap
Changelog

Changelog

Follow new updates and improvements to CareNova.

May 29th, 2026

New

Fixed

CareNova v1.1.0 — SaaS Mode & April Update ⚡

CareNova v1.1.0 is the first major feature update — shipping full SaaS multi-tenant architecture, invoice PDF export, clinic-scoped landing pages, and a set of stability and UX improvements across the platform.

⚡ SaaS Mode — Full Multi-Tenant Architecture

  • Workspace isolation — each clinic runs in its own workspace; data, staff, and settings are fully scoped to the tenant with no cross-clinic leakage

  • Membership-gated dashboards — authenticated users only access clinic dashboards they are members of

  • Invalid or unknown workspace codes route to a safe clinic-unavailable state instead of ambiguous access

  • New clinics are no longer auto-linked to unrelated platform or demo operators by default

  • Platform / super-admin workspace entry — opening a workspace routes to the correct clinic dashboard with middleware targeting and staff-login fallbacks

  • Active workspace restoration on login — the system resolves the correct workspace from UserWorkspace membership, not just a cookie; returning users land in their dashboard, not onboarding

  • Workspace logout confirmation — confirm before signing out from the workspace top bar

  • Clinic staff management per workspace — add, update, and remove clinic staff from the workspace UI

💰 Invoices & Billing

  • Invoice PDF export — download a print-ready PDF per invoice directly from the invoice list actions

  • Bulk invoice PDF — select multiple invoices and download a single combined PDF, one invoice per page

  • Invoice row selection — checkbox per row, select-all for the current page, and bulk toolbar actions (download, delete, clear selection)

  • CSV export removed from the invoices toolbar in favor of PDF-based print workflows

🌐 Landing Pages

  • Clinic-scoped landing URLs — middleware ensures all public landing routes include ?clinic=; cookie-based fallback when the query parameter is missing

  • Internal landing navigation preserves the active clinic query parameter across home, appointment, blog, and policy pages

  • Tenant-aware favicon metadata on landing routes — resolves per tenant instead of a single static app icon for all tenants

  • Landing Page Settings — server actions now resolve the active workspace clinic in SaaS mode so dashboard branding matches the public preview

  • Landing pages use cached, merged settings for performance and consistency with tenant branding

  • Dedicated clinic-unavailable experience when a workspace or clinic target cannot be resolved

🔔 Notifications

  • Notification bell now shows an unread count badge — stays responsive to new items

  • Notification queries and mutations scoped to the active clinic

  • Clearer behavior when no active clinic is present

👥 Staff & Onboarding

  • Admins can optionally enable auto-accept for new staff signups per clinic

  • When auto-accept is disabled, pending staff see a clear pending approval state during sign-in

⚙️ Settings

  • Version tab now lists all releases from /versions/*.md — newest first, each expandable

🛠️ Technical & Developer

  • Middleware logging includes request correlation identifiers for easier tracing

  • .env.example expanded with connection and migration guidance

  • Drizzle introspection uses a connection timeout to avoid hangs on bad endpoints

  • New and updated localization strings for invoice bulk actions, download flow, and common labels across all supported locales (en, fr, es, ar)

  • Dashboard sidebar top navigation group no longer uses a clinic-type overview banner label — section headers can be omitted for a cleaner layout

🛡️ Security

  • SaaS mode enforces workspace membership before serving any clinic-scoped dashboard experience

  • Cross-tenant dashboard access prevented — invalid workspace codes route to a safe state

  • Workspace isolation — new clinics no longer auto-linked to unrelated platform or demo operators

🔧 Upgrade Notes

  • No mandatory database migration for this release — deploy using your normal checklist

  • After deploying, verify: workspace cookies, landing URLs with ?clinic=, invoice PDF generation (single and bulk), and Settings → Version changelog rendering

  • Bare landing URLs without ?clinic= are redirected via middleware and cookie fallback — existing bookmarks continue to work

  • Extended License holders: full SaaS mode and multi-tenant rights are now active

Write a comment...

March 19th, 2026

New

CareNova v1.0.0 — Initial Release ⚡

CareNova is the first public release of a full-featured, production-ready Clinic Management System built on Next.js 14 App Router, Supabase, Drizzle ORM, and TypeScript. Designed as a modern, "Apple-like" alternative to legacy clinic systems — with a clean codebase, role-aware dashboards, and a configurable public landing page out of the box.

Authentication & Access Control

  • Multi-role authentication via Supabase Auth: admin, doctor, receptionist, nurse

  • Role-based dashboards tailored per role — full admin overview, doctor schedule view, receptionist front desk, nurse clinical view

  • Permission-based navigation and Server Actions — every mutation enforced server-side

  • Admin-configurable role–permission matrix with 50+ permission keys

  • Pending approval flow — new self-signup accounts require admin approval before dashboard access

  • Admin accounts auto-approved on signup — no chicken-and-egg lockout

  • Demo login shortcuts on the login page for all four roles

  • Rate limiting — 5 failed attempts by email, 10 by IP within 15 minutes

  • Brute-force protection — blocked attempts never reach Supabase Auth

  • Auth audit log — every login, logout, failed attempt, approval, and rejection recorded

  • Session tracking — active sessions stored with expiry and revocation support

  • Password policy — minimum 8 characters, uppercase, lowercase, number, special character, blocked common passwords

  • License activation system at /setup — Envato purchase code verification before dashboard access

Patient Management

  • Full patient CRUD with search, filters, pagination, and bulk actions

  • Complete patient profiles — demographics, blood group, height, weight, address, medical history, allergies, emergency contacts

  • Primary doctor and department assignment

  • 360° Full Profile Sheet — 6-tab patient overview: profile, appointments, prescriptions, medical records, invoices, test reports

  • CSV export for patient records (requires patients.export permission)

Appointment Scheduling

  • Full appointment workflow — create, reschedule, cancel, update status

  • Four statuses: pending, confirmed, completed, cancelled

  • Doctor and service assignment per appointment

  • Calendar view with drag-and-drop rescheduling via @dnd-kit — day, week, and month views

  • Today's schedule and upcoming appointments per role on dashboard

  • CSV export for appointments (requires appointments.export permission)

  • One invoice per appointment enforced via unique database constraint

Clinical & Medical Records

  • Medical records — overview with vitals, clinical notes, diagnoses, attachments, and visit timeline per patient

  • Vitals — blood pressure (systolic/diastolic), heart rate, temperature, weight, height, BMI auto-calculated

  • Clinical notes — free text, attributed to author with timestamp

  • Diagnoses — ICD codes, active/resolved status

  • Attachments — PDF, DOC, DOCX, JPEG, PNG, GIF, WebP up to 10MB via Supabase Storage

  • Visit timeline — card view and Gantt view across all patient encounters

  • Odontograms (dental clinic type only) — 32-tooth universal numbering, condition tracking per tooth, treatment history, versioning per examination

Prescriptions

  • Full prescription CRUD — medication, dosage, frequency, duration, drug interactions

  • Link to appointment, inventory item, and pharmacy details

  • Issued date tracking

Test Reports & Laboratory

  • Test reports — patient lab results with 4 statuses: pending, recorded, verified, delivered

  • Laboratory tests — test definitions with code, category, sample type, methodology, turnaround time, and price

  • Test categories, methodologies, sample types, and turnaround times — fully configurable

  • Lab vendor assignment per test report for traceability

Financial Management

  • Invoices — create, edit, list; 3 statuses: paid, unpaid, cancelled

  • Invoice line items — description, type, quantity, unit price

  • Discount (flat) and tax (percentage, applied post-discount) calculation server-side

  • Insurance billing fields — provider and policy number

  • Auto-generated invoice numbers

  • Payments — record payments against invoices; 4 statuses: completed, pending, failed, refunded

  • Multiple payments per invoice for partial payment workflows

  • Expenses — track by date, category, department, and vendor; 5 statuses: pending, approved, paid, rejected, cancelled

  • 12 default expense categories

  • Receipt URL storage

  • Revenue vs expenses chart, appointment activity chart, appointment status distribution chart on admin dashboard

  • Overdue invoice banner on admin dashboard

Operations

  • Services — name, price, duration, category, department, max bookings per day, follow-up required, prerequisites

  • Departments — code, location, budget, annual budget, head of department

  • Inventory — stock levels, min-stock alerts, expiry tracking, batch numbers, supplier and lab vendor linking

  • Low stock alerts on admin and nurse dashboards

  • Staff — HR records with role, salary, qualifications, work schedule (JSON), department assignment

  • Staff records and user accounts managed independently

  • Lab vendors — full supplier profiles, tiers, ratings, contract dates, accreditations, specialties

  • Payroll — salary periods, bonuses, deductions, net amount, status tracking

Notifications

  • Per-user notification drawer in the dashboard header — slides in from the right

  • Unread badge count on bell icon

  • Mark individual or all notifications as read

  • Optional deep link to relevant module or record per notification

Website & Content

  • Configurable public landing page per clinic type — dental, ophthalmology, general

  • Separate component sets per clinic type: hero, services, pricing, footer

  • Admin-configurable branding — clinic name, logo (light + dark), favicon, tagline, hero subtitle, CTA button

  • Admin-configurable colors — primary, accent, hero background via CSS variables

  • Admin-configurable content — hero layout, animation, section spacing, button style

  • SEO settings — meta title and description

  • Contact details and social media links

  • Multi-locale landing page — en, fr, es, ar

  • Blog — publish and manage posts with categories, tags, SEO fields, cover image, custom author, reading time, comments

  • Comment moderation via Supabase SQL Editor

  • Public appointment booking page at /appointment

Settings & Preferences

  • Profile — avatar upload, name, email, password change, account status, member since

  • Clinic settings (admin) — clinic name and type (general, dental, ophthalmology)

  • Preferences — theme (light/dark/system), display language, display currency (USD, EUR, GBP, CHF, CAD)

  • Version tab — current version and release history in collapsible card

Multi-Clinic Type Support

  • Three clinic types: general, dental, ophthalmology

  • Navigation adapts per type — Odontograms for dental, Medical Records for general and ophthalmology

  • Landing page components, theme providers, and copy adapt per clinic type

  • Demo mode via ?clinic= URL parameter — persisted in cookie for 7 days

Technical & Architecture

  • Next.js 14 App Router — Server Components, Server Actions, streaming, Suspense boundaries

  • TypeScript strict mode throughout — zero any types

  • Drizzle ORM — type-safe queries, migrations included

  • Supabase PostgreSQL with transaction pooler support (port 6543 + pgbouncer)

  • React cache for per-request deduplication

  • Module-level clinic cache with 5-minute TTL

  • Dashboard admin queries batched via Promise.all in two batches to avoid connection pool exhaustion

  • Server-side Zod validation on every mutation

  • Dynamic imports for heavy landing page sections

  • Singleton DB client for dev HMR stability

  • Security headers — X-Frame-Options, X-Content-Type-Options, HSTS, Referrer-Policy, Permissions-Policy

  • Dashboard routes set to no-store, no-cache

  • i18n via next-intl — en, fr, es, ar for dashboard and landing page

  • Cron job at /api/cron/cleanup-auth — cleans login attempts, audit log, and expired sessions daily

Known Limitations

  • Multi-tenancy not included — one installation serves one clinic; separate installations required for multiple locations

  • No Stripe or payment gateway integration — payments are recorded manually by staff

  • Patient self-booking is a request form only — no real-time availability or automatic appointment creation

  • Comment moderation has no dashboard UI — managed via Supabase SQL Editor

  • Calendar and Reports pages exist but are not linked in the sidebar navigation (MVP)

  • RLS not enabled by default — access control enforced at application layer via Server Actions

Write a comment...