- Add README instructions for deploying the full report system through local Docker port 4002, frpc, Nginx Proxy Manager, and sstwbg.example.com.
- Document required HTTPS, WebSocket, request-size, timeout, health-check, login, AI, video-frame, and speech verification steps.
- Add TRUST_PROXY support so secure session cookies work behind public HTTPS reverse proxies.
- Preserve upstream X-Forwarded-Proto through the container Nginx API proxy.
- Allow Docker Compose session and trust-proxy variables to be overridden for public deployments.
- Update deployment and Docker docs with the same public reverse-proxy guidance.
- Convert non-binary upstream Xunfei WebSocket messages to UTF-8 strings before forwarding them to browser clients.
- Export and test raw WebSocket data to text conversion for speech proxy forwarding.
- Log unparseable speech responses in the report editor instead of silently swallowing them.
- Update report editor, progress, and testing documentation for text-message forwarding.
- Allow system frame position percentages to keep two decimal places without reordering saved values.
- Stop frontend and backend settings normalization from sorting framePositions on load or save.
- Capture automatic video frames in timeline order while retaining each configured position index.
- Insert automatically selected frames into report placeholders according to the configured percentage order.
- Add frame position utilities and unit coverage for two-decimal rounding, clamping, order preservation, and timeline capture planning.
- Update README, AGENTS, feature, requirement, report editor, system settings, progress, and testing docs for the new frame ordering behavior.
- Configure NestJS with an explicit JSON and urlencoded body parser limit controlled by API_BODY_LIMIT.
- Set the default API body limit to 100mb for report HTML, key frames, template images, and Data URL file uploads.
- Add a matching Nginx client_max_body_size 100m limit so Docker web proxy no longer rejects large report saves first.
- Document the new request body limit in README, deployment docs, progress notes, environment example, and AGENTS context.
- Rebuild and verify Docker web/api with a large report save through the Nginx /api proxy.
- Allow draft reports to be saved without patient name or hospital ID while keeping completed reports strictly validated.
- Preserve completed-report identity validation when updating existing reports by checking merged old and new values.
- Show real API save errors in the report editor and send expired sessions back to login instead of reporting a generic backend outage.
- Guard speech startup for missing getUserMedia or AudioContext support and explain localhost/HTTPS microphone requirements.
- Add report schema tests covering draft identity fields and completed-report validation.
- Update AGENTS and docs for report editor behavior, feature status, progress, and testing coverage.
- Align the backend seeded default surgery template with the report editor's default report content.
- Add backend demo defaults for the default template, Kimi provider, and Xunfei speech proxy configuration.
- Change system reset into a super-admin demo mode factory reset that clears reports, audit logs, files, custom templates, and non-default users.
- Keep only the default admin, manager, doctor, and default surgery template after demo reset.
- Replace the old local-only reset all data button with a two-confirmation backend reset flow.
- Add tests covering demo default alignment and database-backed demo reset behavior.
- Update docs to describe demo mode reset semantics and production credential cautions.
- Change the API default listen port from 3000 to 3100 and include the Docker frontend origin in default CORS.
- Point Vite's default API proxy, Docker API container port, and Nginx upstream to 3100.
- Keep Docker host ports on 4002 for web, 3002 for API, and 5433 for PostgreSQL.
- Update environment examples and documentation to remove stale localhost:3000 guidance.
- Add Auth Context route role guards so doctors cannot directly enter template management, user management, or audit logs.
- Add Audit Logs page, sidebar entry, frontend audit API client, and API client test.
- Add backend audit log query endpoint with super/admin visibility rules and query filtering.
- Extend PostgreSQL integration tests to cover audit log query permissions.
- Move Playwright E2E away from localStorage seed data to real backend API login and seed helpers.
- Add E2E coverage for route guards and audit log visibility.
- Run Playwright backend on port 3100 and proxy Vite API requests there to avoid local port conflicts.
- Make server:dev use the compiled NestJS server path, avoiding tsx parameter-property injection issues.
- Update README, AGENTS, feature, testing, security, deployment, progress, API, backendization, and auth/user module docs.
