v1.4 — Radiology, WhatsApp, Refresh Tokens & Platform Maturity - Support Portal

Overview

v1.4 is one of the biggest releases. It ships six major new capabilities alongside dozens of improvements to existing modules — all while substantially raising the platform’s reliability, security, and real-time responsiveness. The headline addition is the X-Ray Bridge: a native desktop application for Windows and macOS that connects an imaging device directly to OdontoX. When a sensor captures an X-ray, it appears in the patient’s Radiology Workstation in seconds, fires a live toast in the clinic dashboard, and is immediately available inside the appointment detail — all without anyone touching a keyboard. DICOM studies uploaded from labs go through an AI analysis pipeline, and every clinic’s monthly usage is capped and monitored. WhatsApp becomes a first-class channel. Clinics with the add-on active can connect their own Meta-registered phone number (BYOK), receive inbound patient messages, and have appointment reminders, booking confirmations, rescheduling alerts, and missed-visit follow-ups delivered via WhatsApp automatically. Under the hood, the session architecture has been rebuilt with rotating refresh tokens: access tokens now expire every 15 minutes, rotation is enforced in Cloudflare KV with reuse detection, and sibling tabs stay in sync via BroadcastChannel — all while keeping the user experience seamless. The permissions system has been completely rearchitected. A flat toggle grid has been replaced with a 151-key dot-notation permission tree, per-role templates that clinics can edit, and plan-based defaults that automatically grant the right capabilities when a clinic is assigned a Pro or Pro+ subscription. Rounding out the release: patients can confirm or cancel appointments directly from their email without logging in, end-of-day summary emails go out automatically to clinic owners, and the Inventory and Lab Case modules have both received major UX and functionality upgrades.

X-Ray Bridge & Radiology Workstation

OdontoX now connects directly to X-ray imaging hardware. No USB export, no manual upload, no context switch.

Bridge Desktop Application

The OdontoX Bridge is a lightweight desktop application (Windows and macOS) that runs in the system tray. It watches a configured folder for new image files — the same folder your dental X-ray sensor software saves to — and automatically uploads each capture to the correct patient’s file store with the correct category, operatory room, and timestamp. Setup takes three steps: install the Bridge, generate an API key from Settings → Bridge Devices, and point Bridge at your sensor’s output folder. From that point on, captures appear in OdontoX within seconds of being taken.

Live X-Ray Notifications

The moment a new X-ray arrives, a toast notification fires in the clinic dashboard with the patient name and a direct link to the Radiology Workstation. Clinical staff do not need to poll or refresh — the event arrives in real time via an SSE push backed by a Cloudflare Durable Object event bus.

Radiology Workstation

DICOM studies and X-ray files are now unified under a single Radiology Workstation tab on every patient record. Files are streamed inline from Cloudflare R2 — no signed URL fan-outs, no CPU-spiking pre-generation. The DICOM viewer (DWV) loads in parallel with the download button so neither blocks the other. From the Appointment detail, a live X-ray panel shows all images captured during that session. An X-ray badge appears on dental chart teeth that have associated images, giving doctors an instant visual signal that imaging exists before they open the workstation.

DICOM AI Analysis

DICOM studies uploaded by labs or captured via Bridge can be submitted for AI analysis. The pipeline runs a multi-slice review and returns structured findings. Each clinic’s monthly analysis budget is enforced against a per-clinic quota tracked in Cloudflare KV. A usage counter and quota bar are visible inline. Clinics must accept the AI terms once before the feature activates; the AI disclaimer is persistent and unobtrusive. Superadmins can view usage across every clinic on the platform in a dedicated DICOM usage monitor within the superadmin dashboard.

WhatsApp Module

WhatsApp is now a managed add-on that superadmins can enable for individual clinics.

Bring-Your-Own-Key Setup

Each clinic connects its own Meta-registered Business phone number. From Settings → WhatsApp, the clinic admin enters their WhatsApp Business API credentials (phone number ID, access token, webhook verify token, app secret). A Test Connection button verifies the credentials before they are saved. All credentials are encrypted at rest and never exposed in logs or responses. Inbound messages from patients are routed to the correct clinic by matching the incoming phone number ID against the per-clinic configuration. Clinics that have not connected a number do not receive or send any WhatsApp traffic.

Automated Appointment Messaging

With WhatsApp active, the following messages go out automatically:

Booking confirmation — sent when an appointment is created.
Appointment reminder — sent at the configured interval before the appointment.
Reschedule notification — sent when an appointment date or time changes.
Missed visit follow-up — sent for no-show appointments.

All messages are sent to the patient’s dedicated WhatsApp Phone field, which is stored separately from the main phone number and encrypted as PHI. Patients can have a different WhatsApp number than their contact number — a common scenario in Pakistan. The field is visible (and editable) on the patient record when the clinic has WhatsApp active.

Patient Phone Field

Adding or editing a patient now includes a dedicated WhatsApp number field with a country-code picker. The flag and dial code selector supports all international prefixes. The WhatsApp row on the patient detail card is hidden for clinics that do not have WhatsApp active. All existing phone fields across the platform have been standardised to Pakistan format (+92 prefix, 10-digit local number).

Patient Appointment Respond

Patients can now confirm or cancel upcoming appointments directly from their email — no login required. When an appointment is scheduled, the confirmation email contains two tokenized links: Confirm Appointment and Cancel Appointment. Each link contains an HMAC-signed token that identifies the appointment and the requested action. Clicking the link opens a branded landing page that completes the action and shows a confirmation message. Tokens are single-use and time-bound. The verification layer includes a length check, NaN guard, and robust timestamp parsing against timing attacks. Patient phone is decrypted on the backend before any notification is dispatched, so the PHI pipeline is intact throughout.

Rotating Refresh Tokens & Session Architecture

The authentication session model has been redesigned from the ground up.

15-Minute Access Tokens

Access tokens now expire after 15 minutes. A proactive client-side refresh runs 3 minutes before expiry so the user never sees a session interruption. If the access token expires and the refresh also fails (token revoked, clock skew), a TOKEN_EXPIRED or SESSION_REVOKED 401 is returned and the client redirects to login.

Refresh Token Rotation in KV

Each refresh token is stored in Cloudflare KV with a 30-day TTL. When a client presents a refresh token, the server issues a new access token and rotates the refresh token atomically. If an already-used refresh token is presented again (detected via a _used marker in KV), the session is immediately revoked — this closes the token replay attack vector.

Cross-Tab Synchronisation

When a token refresh completes in one browser tab, the new tokens are broadcast to all sibling tabs via BroadcastChannel. Tabs that receive the broadcast update their in-memory session without making a redundant refresh call. This prevents multiple tabs from racing on the same refresh token.

SSE Reconnect Coordination

The SSE connection now performs a proactive token refresh 12 minutes into each 15-minute cycle before reconnecting, ensuring the real-time channel never presents an expired token on reconnect.

Granular Permissions & Role Templates

The permissions system has been completely rearchitected.

151-Key Permission Tree

Every permission in OdontoX is now expressed as a dot-notation key (appointments.view, finance.invoices.create, radiology.dicom.analyze). The flat toggle grid in Staff Management has been replaced with a collapsible Permission Tree that groups permissions by module and sub-module. Partial grants (some but not all children enabled) are shown with an indeterminate checkbox state. The full set covers 151 distinct permissions across 15 top-level modules. All existing server-side route guards have been updated to check the new dot-notation keys. A one-time migration script ran at deployment to translate every clinic’s existing flat permissions into the new format.

Role Templates

Clinics can now save their custom permission configuration as a Role Template for each staff role (Doctor, Reception, Nurse, etc.). From Settings → Permission Templates, the admin edits the default permissions for a role and saves. Any new staff member invited with that role inherits the template automatically. Templates are stored per-clinic and do not affect other clinics. Superadmins can still override permissions for individual users.

Plan-Based Defaults

Assigning a Pro or Pro+ plan to a clinic now automatically sets the correct baseline permissions for each role. Doctors on Pro+ get DICOM analysis access; receptionists on Pro get inventory read access — without manual configuration. The /me endpoint now includes the clinic’s subscription plan ID so the client can tailor the UI to match.

Ruby AI Reports — Redesign & PDF Export

The Ruby AI report has been redesigned with a focus on readability and portability. The report view now features an expandable history panel that shows all previous Ruby reports for the clinic in reverse chronological order — each with the date it was generated and a collapse-expand toggle. This replaces the previous single-report view. PDF export is now available from every report. The exported PDF renders the Ruby report in A4 format with OdontoX branding. A toast on the patient record confirms the export was triggered. Analytics within the report have been overhauled: billing summaries, appointment throughput, and revenue trend charts are recalculated fresh on each generation. Lab day calculations use UTC to avoid off-by-one errors on day boundaries.

Inventory — EOD Reports & UX Overhaul

The Inventory module has received two significant upgrades.

End-of-Day Email Reports

At 4:00 PM every day, OdontoX sends a structured end-of-day summary email to the clinic owner. The email covers total items consumed today, current low-stock alerts (with thresholds), recent supplier activity, and a link to the full inventory view. The template is branded and includes a one-click link to reorder flagged items. The EOD handler is scheduled via Cloudflare cron (0 16 * * *). Data fetching is shared with the stock alert system to avoid redundant queries.

Stock Alert Emails

When an inventory item falls below its reorder threshold, the clinic owner receives a low-stock alert email immediately. Alerts are deduplicated — a second email is not sent for the same item until stock has been replenished and dropped again. The emailSentAt column on inventory_alerts tracks this.

Full-Page Create / Edit

Adding and editing inventory items has moved from a modal dialog to a dedicated full-page form (InventoryItemFormPage). The form includes a Lab preset dropdown for consumables associated with a specific external lab, a unit-of-measure selector, reorder threshold, and supplier notes. The page handles both create and edit paths from the same component.

SWR Cache & Real-Time Invalidation

The inventory list and individual item views are now cache-backed with a 90-second stale-while-revalidate window. Mutations (receive, consume, adjust, save) immediately invalidate the relevant cache keys so the list reflects the latest state without a manual refresh.

Lab Cases

Full-Page Case Form

The lab case create/edit form has moved to a dedicated full page. The form supports file attachments (images, PDFs) with CORS-correct X-File-Name header handling, priority selection, status assignment, and linked patient/appointment fields.

Real-Time Status Updates

When an external lab updates the status of a case via their shared link, the clinic’s lab dashboard refreshes automatically in real time. The refresh is triggered via the SSE event bus rather than a polling interval, so the update appears within a second of the lab saving the change.

DICOM ZIP Upload

Lab cases now support DICOM ZIP file upload directly from the case detail view. The ZIP is extracted server-side, and each DICOM file is registered in the Radiology Workstation automatically.

Upload-to-Radiology Pipeline

Files attached to a lab case now propagate to the patient’s Radiology Workstation. When a lab uploads a scan or image against a case, the clinic sees it appear in the patient’s file store without any manual linking step.

Treatment Plan Overhaul

Treatment plans have been rearchitected with a Service Catalog powering the line-item selection. Services are defined centrally (per clinic) with a name, default price, and category. When creating a treatment plan, line items are selected from the catalog — eliminating manual re-entry of common procedure names and prices. Inline price editing is still supported for one-off overrides. Before/after photo slots are now available on every treatment plan. The clinic can attach a before photo at plan creation and an after photo on completion. Both appear in the treatment plan detail view and can be exported. Discount policies configured in clinic settings are now wired into the treatment plan creation form. The applicable discount is pre-populated when the policy conditions are met, with an inline validation indicator. Discount state is correctly restored when editing an existing plan.

Superadmin Dashboard

The superadmin dashboard has been substantially restructured. Invoice Studio is now a standalone full-page module accessible from the top navigation. It supports logo customization, and the correct OdontoX logo is pre-fetched from Cloudflare R2 for billing PDFs. The Clinic Invoices tab has been removed from the main dashboard in favour of the dedicated studio. A Revenue tab now shows clinic subscriptions split into trial and active cohorts, with amber visual treatment on trial clinic cards and an Invitations tab in User Management for pending staff invitations. Test Account Tagging lets superadmins mark a clinic as a test account. Test accounts are excluded from all revenue totals and clinic counts on the dashboard, so metrics reflect real paying customers only. DICOM Usage Monitor shows a per-clinic quota table with current usage, limit, and reset date. Superadmins can see which clinics are approaching their monthly cap at a glance. Plan Assignment dialog has been improved: it now shows the clinic’s current plan, feature availability hints by tier, and an optional internal note field for logging the reason for the change.

Receptionist Improvements

Receptionists have received significant capability expansions in v1.4. AI Action Items now appear on the receptionist dashboard as an actionable card: overdue invoices, stale appointments, and lab cases with pending status are surfaced with one-click deep links. The nudge context includes lab status and inventory low-stock data to give a complete operational picture. Settings access is now granted to receptionists, with module-level permission gates. Receptionists can view (but not edit) Lab settings, and can edit Notification Preferences if the admin has granted that permission. 403 suppression: the clinical notes fetch that was triggering 403 errors for receptionist accounts (who do not have clinical note access) is now gated behind a permission check before the request is sent.

Sentry Error Monitoring

OdontoX now integrates Sentry for error tracking across both the frontend and the Cloudflare Workers backend. Unhandled JavaScript exceptions, failed API calls, and Worker-level errors are captured automatically with full stack traces, release version tags, and environment context. Sentry’s Cloudflare Workers SDK handles the backend integration; the React SDK handles the frontend.

Onboarding & Invitations

Trial clock now starts on the clinic’s first login, not at approval time. Clinics that were approved but never logged in no longer consume trial days before they have had a chance to explore the platform. Resend invite is available for any staff member whose invitation was sent but whose account setup was never completed. The resend is available directly from the Staff Management list. Onboarding milestone trail is shown to new clinics with a checklist of setup steps (logo, team members, first appointment, first patient). The trail disappears once all milestones are completed. Login timestamps are tracked on every successful authentication and displayed in the user management view so clinic admins can see when each staff member last accessed the platform. Patient invite acceptance now collects date of birth, gender, and phone number during the account setup flow, so the patient record is populated before the patient’s first appointment.

Finance & Billing

Overpayment prevention: the Record Payment form now validates that the entered amount does not exceed the outstanding balance. The API also enforces this server-side with a 400 error and a descriptive message. Receipt display fix: receipt amounts and invoice history were displaying stale values after a payment was recorded. Both now refresh immediately after the transaction completes. Invoice emails: automatic invoice emails on creation have been disabled to prevent patients from receiving unsolicited notifications. Receipts are attached to the receipt confirmation email as a PDF. PKR pricing: all plan price displays have been updated from $ to PKR. The referral calculator draws live plan prices from the subscription plans table instead of hardcoded values.

Calendar & Appointments

Closed-day indicators appear in the weekly and monthly calendar views for days when the clinic is not operating. The indicators use a subtle cross-hatch fill that does not interfere with appointment cards. Appointment color tags are now available on every appointment. Tags are color-coded and can be used to categorise appointments by type, urgency, or any clinic-defined convention. Tag colors are chosen from a preset palette. Note timestamps are displayed on every clinical note in the appointment detail, showing the exact time the note was saved. Clickable lab cases in the appointment detail navigate directly to the full lab case detail page. Mini calendar navigation in the sidebar has been repositioned and the arrow buttons now navigate correctly. Drag-and-drop in the weekly view snaps to the exact target time slot rather than the nearest hour.

Performance & Reliability

HTTP Neon driver: the Postgres connection now uses Neon’s HTTP driver instead of WebSocket for standard queries. This eliminates the CPU overhead of maintaining a persistent WebSocket in Cloudflare Workers, which was the root cause of bridge-inbox CPU spikes. SWR cache fix: the client-side cache was incorrectly keying on the HTTP method instead of the endpoint path, causing near-zero cache hit rates. The cache now keys on the endpoint, implements a 90-second stale-while-revalidate window, and correctly invalidates on mutations. SSE resilience: the SSE connection is backed by a Cloudflare Durable Object WebSocket for push-based delivery. The client reconnects every 55 seconds before the server closes the connection, and proactively refreshes the access token before reconnecting to avoid 401 errors.

Who Benefits

Doctors — X-ray images captured at chairside appear in the appointment detail and on the dental chart in real time. DICOM studies from labs can be submitted for AI analysis without leaving the patient record. Ruby reports export to PDF for handoff and archiving. Clinic owners and admins — WhatsApp appointment reminders run automatically once configured. End-of-day emails land in the inbox every evening with a complete operational summary. Patients can confirm or cancel appointments from their email without calling the clinic. The referral calculator shows live pricing. Reception / front desk — AI action items surface overdue invoices, stale appointments, and lab cases with a single click each. Session stability improvements mean fewer unexpected logouts during a busy clinic day. Lab technicians (external) — updating a lab case status via the shared link instantly refreshes the clinic’s dashboard without any manual communication required. Patients — appointment confirmation and cancellation via email link. WhatsApp reminders on a channel they already use daily. Properly completed patient profile at invite acceptance. Superadmins — DICOM usage across all clinics in one table. Revenue split by trial vs. active. Test accounts excluded from metrics. Worker error logs surfaced in the dashboard via OTLP ingestion.

Upgrade Notes

The permissions migration from flat keys to dot-notation runs automatically at deployment. No manual action is required; all existing staff permissions are preserved.
WhatsApp is off by default for all clinics. It must be enabled by a superadmin and then configured by the clinic admin before any messages are sent.
Patient appointment respond tokens are valid for 48 hours. Appointments confirmed or cancelled via email are reflected immediately in the calendar.
The EOD email cron fires at 16:00 PKT (11:00 UTC). Clinics must have a valid owner email on file to receive it.
DICOM AI analysis requires terms acceptance once per clinic. The accept prompt appears automatically the first time a user attempts an analysis.
Sentry error tracking is active in production. No action required from clinics.
Bridge API keys are generated per device from Settings → Bridge Devices. Existing clinics that were using the Bridge during the beta period should regenerate keys from Settings.

​Overview

​X-Ray Bridge & Radiology Workstation

​Bridge Desktop Application

​Live X-Ray Notifications

​Radiology Workstation

​DICOM AI Analysis

​WhatsApp Module

​Bring-Your-Own-Key Setup

​Automated Appointment Messaging

​Patient Phone Field

​Patient Appointment Respond

​Rotating Refresh Tokens & Session Architecture

​15-Minute Access Tokens

​Refresh Token Rotation in KV

​Cross-Tab Synchronisation

​SSE Reconnect Coordination

​Granular Permissions & Role Templates

​151-Key Permission Tree

​Role Templates

​Plan-Based Defaults

​Ruby AI Reports — Redesign & PDF Export

​Inventory — EOD Reports & UX Overhaul

​End-of-Day Email Reports

​Stock Alert Emails

​Full-Page Create / Edit

​SWR Cache & Real-Time Invalidation

​Lab Cases

​Full-Page Case Form

​Real-Time Status Updates

​DICOM ZIP Upload

​Upload-to-Radiology Pipeline

​Treatment Plan Overhaul

​Superadmin Dashboard

​Receptionist Improvements

​Sentry Error Monitoring

​Onboarding & Invitations

​Finance & Billing

​Calendar & Appointments

​Performance & Reliability

​Who Benefits

​Upgrade Notes