Documentation
Feedback
Roadmap
Changelog

Changelog

Follow new updates and improvements to CareNova.

March 19th, 2026

New

CareNova v1.0.0 — Initial Release ⚡

CareNova is the first public release of a full-featured, production-ready Clinic Management System built on Next.js 14 App Router, Supabase, Drizzle ORM, and TypeScript. Designed as a modern, "Apple-like" alternative to legacy clinic systems — with a clean codebase, role-aware dashboards, and a configurable public landing page out of the box.

Authentication & Access Control

  • Multi-role authentication via Supabase Auth: admin, doctor, receptionist, nurse

  • Role-based dashboards tailored per role — full admin overview, doctor schedule view, receptionist front desk, nurse clinical view

  • Permission-based navigation and Server Actions — every mutation enforced server-side

  • Admin-configurable role–permission matrix with 50+ permission keys

  • Pending approval flow — new self-signup accounts require admin approval before dashboard access

  • Admin accounts auto-approved on signup — no chicken-and-egg lockout

  • Demo login shortcuts on the login page for all four roles

  • Rate limiting — 5 failed attempts by email, 10 by IP within 15 minutes

  • Brute-force protection — blocked attempts never reach Supabase Auth

  • Auth audit log — every login, logout, failed attempt, approval, and rejection recorded

  • Session tracking — active sessions stored with expiry and revocation support

  • Password policy — minimum 8 characters, uppercase, lowercase, number, special character, blocked common passwords

  • License activation system at /setup — Envato purchase code verification before dashboard access

Patient Management

  • Full patient CRUD with search, filters, pagination, and bulk actions

  • Complete patient profiles — demographics, blood group, height, weight, address, medical history, allergies, emergency contacts

  • Primary doctor and department assignment

  • 360° Full Profile Sheet — 6-tab patient overview: profile, appointments, prescriptions, medical records, invoices, test reports

  • CSV export for patient records (requires patients.export permission)

Appointment Scheduling

  • Full appointment workflow — create, reschedule, cancel, update status

  • Four statuses: pending, confirmed, completed, cancelled

  • Doctor and service assignment per appointment

  • Calendar view with drag-and-drop rescheduling via @dnd-kit — day, week, and month views

  • Today's schedule and upcoming appointments per role on dashboard

  • CSV export for appointments (requires appointments.export permission)

  • One invoice per appointment enforced via unique database constraint

Clinical & Medical Records

  • Medical records — overview with vitals, clinical notes, diagnoses, attachments, and visit timeline per patient

  • Vitals — blood pressure (systolic/diastolic), heart rate, temperature, weight, height, BMI auto-calculated

  • Clinical notes — free text, attributed to author with timestamp

  • Diagnoses — ICD codes, active/resolved status

  • Attachments — PDF, DOC, DOCX, JPEG, PNG, GIF, WebP up to 10MB via Supabase Storage

  • Visit timeline — card view and Gantt view across all patient encounters

  • Odontograms (dental clinic type only) — 32-tooth universal numbering, condition tracking per tooth, treatment history, versioning per examination

Prescriptions

  • Full prescription CRUD — medication, dosage, frequency, duration, drug interactions

  • Link to appointment, inventory item, and pharmacy details

  • Issued date tracking

Test Reports & Laboratory

  • Test reports — patient lab results with 4 statuses: pending, recorded, verified, delivered

  • Laboratory tests — test definitions with code, category, sample type, methodology, turnaround time, and price

  • Test categories, methodologies, sample types, and turnaround times — fully configurable

  • Lab vendor assignment per test report for traceability

Financial Management

  • Invoices — create, edit, list; 3 statuses: paid, unpaid, cancelled

  • Invoice line items — description, type, quantity, unit price

  • Discount (flat) and tax (percentage, applied post-discount) calculation server-side

  • Insurance billing fields — provider and policy number

  • Auto-generated invoice numbers

  • Payments — record payments against invoices; 4 statuses: completed, pending, failed, refunded

  • Multiple payments per invoice for partial payment workflows

  • Expenses — track by date, category, department, and vendor; 5 statuses: pending, approved, paid, rejected, cancelled

  • 12 default expense categories

  • Receipt URL storage

  • Revenue vs expenses chart, appointment activity chart, appointment status distribution chart on admin dashboard

  • Overdue invoice banner on admin dashboard

Operations

  • Services — name, price, duration, category, department, max bookings per day, follow-up required, prerequisites

  • Departments — code, location, budget, annual budget, head of department

  • Inventory — stock levels, min-stock alerts, expiry tracking, batch numbers, supplier and lab vendor linking

  • Low stock alerts on admin and nurse dashboards

  • Staff — HR records with role, salary, qualifications, work schedule (JSON), department assignment

  • Staff records and user accounts managed independently

  • Lab vendors — full supplier profiles, tiers, ratings, contract dates, accreditations, specialties

  • Payroll — salary periods, bonuses, deductions, net amount, status tracking

Notifications

  • Per-user notification drawer in the dashboard header — slides in from the right

  • Unread badge count on bell icon

  • Mark individual or all notifications as read

  • Optional deep link to relevant module or record per notification

Website & Content

  • Configurable public landing page per clinic type — dental, ophthalmology, general

  • Separate component sets per clinic type: hero, services, pricing, footer

  • Admin-configurable branding — clinic name, logo (light + dark), favicon, tagline, hero subtitle, CTA button

  • Admin-configurable colors — primary, accent, hero background via CSS variables

  • Admin-configurable content — hero layout, animation, section spacing, button style

  • SEO settings — meta title and description

  • Contact details and social media links

  • Multi-locale landing page — en, fr, es, ar

  • Blog — publish and manage posts with categories, tags, SEO fields, cover image, custom author, reading time, comments

  • Comment moderation via Supabase SQL Editor

  • Public appointment booking page at /appointment

Settings & Preferences

  • Profile — avatar upload, name, email, password change, account status, member since

  • Clinic settings (admin) — clinic name and type (general, dental, ophthalmology)

  • Preferences — theme (light/dark/system), display language, display currency (USD, EUR, GBP, CHF, CAD)

  • Version tab — current version and release history in collapsible card

Multi-Clinic Type Support

  • Three clinic types: general, dental, ophthalmology

  • Navigation adapts per type — Odontograms for dental, Medical Records for general and ophthalmology

  • Landing page components, theme providers, and copy adapt per clinic type

  • Demo mode via ?clinic= URL parameter — persisted in cookie for 7 days

Technical & Architecture

  • Next.js 14 App Router — Server Components, Server Actions, streaming, Suspense boundaries

  • TypeScript strict mode throughout — zero any types

  • Drizzle ORM — type-safe queries, migrations included

  • Supabase PostgreSQL with transaction pooler support (port 6543 + pgbouncer)

  • React cache for per-request deduplication

  • Module-level clinic cache with 5-minute TTL

  • Dashboard admin queries batched via Promise.all in two batches to avoid connection pool exhaustion

  • Server-side Zod validation on every mutation

  • Dynamic imports for heavy landing page sections

  • Singleton DB client for dev HMR stability

  • Security headers — X-Frame-Options, X-Content-Type-Options, HSTS, Referrer-Policy, Permissions-Policy

  • Dashboard routes set to no-store, no-cache

  • i18n via next-intl — en, fr, es, ar for dashboard and landing page

  • Cron job at /api/cron/cleanup-auth — cleans login attempts, audit log, and expired sessions daily

Known Limitations

  • Multi-tenancy not included — one installation serves one clinic; separate installations required for multiple locations

  • No Stripe or payment gateway integration — payments are recorded manually by staff

  • Patient self-booking is a request form only — no real-time availability or automatic appointment creation

  • Comment moderation has no dashboard UI — managed via Supabase SQL Editor

  • Calendar and Reports pages exist but are not linked in the sidebar navigation (MVP)

  • RLS not enabled by default — access control enforced at application layer via Server Actions

Write a comment...