BloodInsight AI is an AI-powered health analytics web application that helps people understand their bloodwork and lab reports. The application uses Google's Gemini API to analyze uploaded medical documents and provide easy-to-understand explanations.
- Core Functionality: Authentication (Google Sign-In via NextAuth v4) and basic page structure are in place. Environment variables for Google OAuth and Gemini API are configured in
.env.local. Initial CSS issues have been resolved. - File Handling: The current implementation uses the Google Gemini Files API.
- Files are uploaded from the client (
/upload) to a server route (/api/upload-temp). - The server route saves the file temporarily to the OS temp directory (
os.tmpdir()). - The temporary file path is used to upload the file to Google via
GoogleAIFileManager.uploadFile. - The temporary file is deleted from the server.
- The Google file resource name (
fileId) is returned to the client. - The client navigates to
/analysis?fileId=<fileId>. - The analysis page reads the
fileIdand sends it to/api/analyze. - The analyze route uses the
fileIdto reference the uploaded file in its prompt to the Gemini model (fileDatapart).
- Files are uploaded from the client (
- Known Issues: The upload/analysis flow is currently failing. The exact point of failure after the latest changes (implementing the Files API correctly) needs further debugging. The UI/UX also requires significant improvement.
- Google Sign-In Authentication: Secure authentication using Google accounts
- Document Upload: Support for PDF, images (JPEG, PNG, TIFF), and Excel files
- AI-Powered Analysis: Uses Google's Gemini API to analyze lab reports
- Trends Analysis: Track health metrics over time with interactive visualizations
- Export Functionality: Export results in PDF and CSV formats
- Admin Console: Manage system prompts, monitor usage, and update API keys
- AdminRoute: Client-side component that redirects non-admin users based on
the
isAdminflag in their session - Mobile Responsive: Optimized for all device sizes
- Dark Theme: Modern, professional dark theme using ShadcnUI components
- Frontend: Next.js, React, TypeScript, Tailwind CSS, ShadcnUI
- Authentication: NextAuth.js with Google provider
- Database: PostgreSQL with Prisma ORM
- AI Integration: Google Gemini API (gemini-2.5-pro-exp-03-25 model)
- Visualization: Recharts for data visualization
- Export: jsPDF and custom CSV export functionality
- Deployment: Vercel with PostgreSQL
- Node.js 18+ and npm
- PostgreSQL database
- Google Cloud account for Gemini API and OAuth
- Clone the repository
- Install dependencies:
npm install
- Set up environment variables in a
.env.localfile:Important: keepGEMINI_API_KEY=your_gemini_api_key NEXTAUTH_URL=http://localhost:3000 NEXTAUTH_SECRET=your_nextauth_secret GOOGLE_CLIENT_ID=your_google_client_id GOOGLE_CLIENT_SECRET=your_google_client_secret DATABASE_URL=your_postgres_connection_stringGEMINI_API_KEYon the server only; it should never be exposed to the client. - Initialize the database:
npx prisma migrate dev
- Start the development server:
npm run dev
- (Optional) Lint and build the project. Make sure you have run
npm installbefore executing these commands:npm run lint npm run build
- The
/api/upload-temproute validates uploaded files. The server accepts only the following MIME types:application/pdfimage/jpegimage/pngimage/tiffapplication/vnd.ms-excelapplication/vnd.openxmlformats-officedocument.spreadsheetml.sheetAny other MIME type will cause the endpoint to return a400error.
See DEPLOYMENT.md for detailed deployment instructions.
/src/app: Next.js pages and routes/src/components: Reusable React components/src/lib: Utility functions and services/prisma: Database schema and migrations/public: Static assets
- Authentication: Google Sign-In with protected routes
- Document Upload: File validation and storage
- Gemini API Integration: AI-powered analysis of lab reports
- Admin Console: System management and monitoring
- Trends Analysis: Interactive visualizations of health metrics over time
- Export Functionality: PDF and CSV export options
The /api/admin/gemini endpoint allows administrators to manage Gemini-related
settings. The route is protected by NextAuth and only users with isAdmin = true
can access it. The isAdmin flag is included in the user's session token and is
checked by both API routes and the AdminRoute component. Unauthorized requests
return 401 or 403.
- GET
/api/admin/gemini- Returns the current system prompt:
{ "systemPrompt": "..." }
- Returns the current system prompt:
- POST
/api/admin/gemini- Accepts a JSON payload with
actionandvaluefields. The values are persisted in the database.{"action": "updateApiKey", "value": "NEW_KEY"}stores a new Gemini API key.{"action": "updateSystemPrompt", "value": "PROMPT_TEXT"}updates the default system prompt.
- Accepts a JSON payload with
This application is for educational purposes only and is not intended to replace medical advice. Always consult with healthcare providers regarding lab results and health decisions.
This project is licensed under the MIT License.