feat: add report deletion functionality and improve Grad-CAM URL handling with path fallback support

app_new.py

@@ -366,7 +366,9 @@ def _run_inference_on_dcm(dcm_path: Path, user_id: int) -> tuple[dict[str, Any]
             decision_threshold=pred.get("decision_threshold"),
             triage_action=report.get("triage", {}).get("action"),
             urgency=report.get("triage", {}).get("urgency"),
+            llm_summary=report.get("llm_summary"),
             report_json_path=str(report_path.relative_to(BASE_DIR)),
+            gradcam_image_path=report.get("cloudinary_heatmap_url") or str((user_reports_dir / f"{image_id}_gradcam.png").relative_to(BASE_DIR)),
             generated_at=datetime.datetime.utcnow(),
         )
         db.session.add(screening_report)
@@ -491,7 +493,7 @@ class CaseRow:
     urgency: str = "N/A"
     generated_at: str = ""
     report_file: str | None = None
-    gradcam_file: str | None = None
+    gradcam_url: str | None = None
     
     @property
     def date_display(self) -> str:
@@ -515,6 +517,13 @@ def _load_user_cases(user_id: int) -> list[CaseRow]:
     
     cases = []
     for r in reports:
+        # Fallback for old records with missing gradcam_image_path
+        g_url = r.gradcam_image_path
+        if not g_url:
+            fallback_path = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id) / f"{r.image_id}_gradcam.png"
+            if fallback_path.exists():
+                g_url = url_for('serve_gradcam', filename=fallback_path.name)
+
         cases.append(CaseRow(
             image_id=r.image_id,
             outcome=r.screening_outcome or "Unknown",
@@ -525,6 +534,7 @@ def _load_user_cases(user_id: int) -> list[CaseRow]:
             urgency=r.urgency or "N/A",
             generated_at=r.generated_at.isoformat() if r.generated_at else "",
             report_file=Path(r.report_json_path).name if r.report_json_path else None,
+            gradcam_url=g_url,
         ))
     
     return cases
@@ -545,7 +555,7 @@ def compute_stats(rows: list[CaseRow]) -> dict[str, Any]:
         "urgent": urgent,
         "avg_cal_prob": avg_cal,
         "pos_rate": pos_rate,
-        "heatmaps": sum(1 for r in rows if r.gradcam_file),
+        "heatmaps": sum(1 for r in rows if r.gradcam_url),
     }
 
 
@@ -718,7 +728,7 @@ def analyze_directory():
     if not LOCAL_MODE:
         abort(403)
 
-    dir_path_str = request.form.get("dir_path", "").strip()
+    dir_path_str = request.form.get("dir_path", "").strip().strip("'\"")
     if not dir_path_str:
         flash("Please enter a directory path.", "error")
         return redirect(url_for("upload"))
@@ -727,7 +737,7 @@ def analyze_directory():
         flash("Path is too long to be a valid directory.", "error")
         return redirect(url_for("upload"))
 
-    scan_dir = Path(dir_path_str)
+    scan_dir = Path(dir_path_str).expanduser().resolve()
     try:
         if not scan_dir.is_dir():
             flash(f"Directory not found: {dir_path_str}", "error")
@@ -848,24 +858,49 @@ def reports():
 @login_required
 def case_detail(image_id):
     """View screening report details"""
-    report = ScreeningReport.query.filter_by(user_id=current_user.id, image_id=image_id).first()
-    if not report:
-        abort(404)
+    report_record = ScreeningReport.query.filter_by(user_id=current_user.id, image_id=image_id).first()
     
     user_reports_dir = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id)
-    report_path = user_reports_dir / f"{image_id}_report.json"
-    
-    if not report_path.exists():
-        abort(404)
-    
-    try:
-        with open(report_path) as f:
-            report_data = json.load(f)
-    except (json.JSONDecodeError, OSError):
-        abort(500)
-    
-    log_audit("report_viewed", user_id=current_user.id, resource_type="report", resource_id=report.id)
-    return render_template("detail.html", report=report_data)
+    report_data = None
+    if report_record and report_record.report_json_path:
+        rp = Path(BASE_DIR) / report_record.report_json_path
+        if rp.exists():
+            with open(rp, "r") as f:
+                report_data = json.load(f)
+
+    # Use existing record details or construct a CaseRow
+    if report_record:
+        g_url = report_record.gradcam_image_path
+        if not g_url:
+            fallback_path = user_reports_dir / f"{image_id}_gradcam.png"
+            if fallback_path.exists():
+                g_url = url_for('serve_gradcam', filename=fallback_path.name)
+
+        row = CaseRow(
+            image_id=image_id,
+            outcome=report_record.screening_outcome or "Unknown",
+            raw_prob=report_record.raw_probability,
+            cal_prob=report_record.calibrated_probability,
+            band=report_record.confidence_band or "N/A",
+            triage=report_record.triage_action or "N/A",
+            urgency=report_record.urgency or "N/A",
+            generated_at=report_record.generated_at.isoformat() if report_record.generated_at else "",
+            gradcam_url=g_url
+        )
+    else:
+        # fallback
+        row = CaseRow(
+            image_id=image_id, outcome="Unknown", raw_prob=None, cal_prob=None,
+            band="N/A", triage="N/A", urgency="N/A", generated_at=""
+        )
+
+    return render_template(
+        "detail.html",
+        image_id=image_id,
+        row=row,
+        payload=report_data,
+        report_record=report_record
+    )
 
 @app.route("/logs")
 @login_required
@@ -928,6 +963,67 @@ def serve_gradcam(filename: str):
     reports_dir = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id)
     return send_from_directory(reports_dir, safe_name)
 
+@app.route("/report/<path:filename>")
+@login_required
+def serve_report_json(filename: str):
+    """Serve a user's JSON report."""
+    safe_name = Path(filename).name
+    reports_dir = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id)
+    return send_from_directory(reports_dir, safe_name)
+
+@app.route("/report/<image_id>/delete", methods=["POST"])
+@login_required
+def delete_report(image_id: str):
+    """Delete a single screening report and its local files."""
+    report = ScreeningReport.query.filter_by(user_id=current_user.id, image_id=image_id).first()
+    if not report:
+        flash("Report not found.", "error")
+        return redirect(url_for("reports"))
+
+    # Delete local files
+    user_reports_dir = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id)
+    for suffix in ("_report.json", "_gradcam.png", "_preview.png"):
+        fp = user_reports_dir / f"{image_id}{suffix}"
+        fp.unlink(missing_ok=True)
+
+    # Delete associated upload record
+    if report.upload_id:
+        upload = db.session.get(ScreeningUpload, report.upload_id)
+        if upload:
+            db.session.delete(upload)
+        else:
+            db.session.delete(report)
+    else:
+        db.session.delete(report)
+
+    db.session.commit()
+    log_audit("report_deleted", user_id=current_user.id, resource_type="report", resource_id=image_id)
+    flash(f"Report {image_id} deleted.", "success")
+    return redirect(url_for("reports"))
+
+
+@app.route("/reports/delete-all", methods=["POST"])
+@login_required
+def delete_all_reports():
+    """Delete ALL reports for the current user quickly."""
+    import shutil
+    
+    # 1. Delete physical files securely by dropping the entire user reports folder
+    user_reports_dir = UserDataManager(UPLOAD_BASE_DIR).get_user_reports_dir(current_user.id)
+    shutil.rmtree(user_reports_dir, ignore_errors=True)
+    user_reports_dir.mkdir(parents=True, exist_ok=True)
+    
+    # 2. Bulk delete database records
+    # Because of cascade rules, deleting uploads will automatically delete reports too.
+    # But to be completely safe, we can delete reports directly as well.
+    report_count = db.session.query(ScreeningReport).filter_by(user_id=current_user.id).delete()
+    upload_count = db.session.query(ScreeningUpload).filter_by(user_id=current_user.id).delete()
+    
+    db.session.commit()
+    log_audit("all_reports_deleted", user_id=current_user.id, resource_type="report", resource_id="all")
+    flash(f"All {report_count} reports and their files have been deleted.", "success")
+    return redirect(url_for("reports"))
+
 @app.errorhandler(401)
 def unauthorized(e):
     if request.path.startswith("/api/"):

models.py

@@ -80,6 +80,7 @@ class ScreeningReport(db.Model):
     # Triage information
     triage_action = db.Column(db.String(100))
     urgency = db.Column(db.String(50))
+    llm_summary = db.Column(db.Text)
     
     # Ground truth (for validation only)
     true_label = db.Column(db.String(100))
@@ -104,7 +105,7 @@ class AuditLog(db.Model):
     user_id = db.Column(db.Integer, db.ForeignKey('users.id'), nullable=True, index=True)
     action = db.Column(db.String(100), nullable=False)  # login, logout, upload, delete, download, etc.
     resource_type = db.Column(db.String(50))  # upload, report, etc.
-    resource_id = db.Column(db.Integer)
+    resource_id = db.Column(db.String(255))
     details = db.Column(db.Text)  # JSON or plain text with additional info
     ip_address = db.Column(db.String(45))  # IPv4 or IPv6
     timestamp = db.Column(db.DateTime, default=datetime.utcnow, nullable=False, index=True)

run_interface.py

@@ -6,6 +6,7 @@ inference utilities in download_imp/run_inference.py.
 
 from __future__ import annotations
 
+import os
 from pathlib import Path
 from typing import Any
 
@@ -13,6 +14,18 @@ import cv2
 import numpy as np
 import torch
 
+try:
+    from groq import Groq
+except ImportError:
+    Groq = None
+
+try:
+    import cloudinary
+    import cloudinary.uploader
+    import cloudinary.api
+except ImportError:
+    cloudinary = None
+
 from download_imp import run_inference as core
 
 ARCH = core.BACKBONE
@@ -137,6 +150,53 @@ def infer_single(
     }
 
 
+def generate_medical_summary(inference: dict[str, Any], calib_cfg: dict[str, Any], report: dict[str, Any]) -> str:
+    """Generate a medical summary using Groq LLM API."""
+    if not Groq:
+        return "LLM integration not available (groq package not installed)."
+        
+    groq_api_key = os.environ.get("GROQ_API_KEY")
+    if not groq_api_key:
+        return "LLM integration not configured (Missing GROQ_API_KEY)."
+
+    try:
+        client = Groq(api_key=groq_api_key)
+        
+        prob = float(inference.get("cal_prob_any", 0.0))
+        threshold = float(calib_cfg.get("threshold_at_spec90", 0.5))
+        is_positive = prob >= threshold
+        
+        triage = report.get("triage", {})
+        action = triage.get("action", "Unknown")
+        urgency = triage.get("urgency", "Unknown")
+        
+        prompt = f"""
+        You are an expert AI medical assistant analyzing a CT scan for Intracranial Hemorrhage.
+        
+        Scan Results:
+        - Probability of Hemorrhage: {prob:.2%}
+        - Decision Threshold: {threshold:.2%}
+        - AI Assessment: {"Positive for Hemorrhage" if is_positive else "Negative for Hemorrhage"}
+        - Urgency: {urgency}
+        - Recommended Action: {action}
+        
+        Based on this data, write a concise, professional 3-sentence medical triage summary. 
+        Focus strictly on the AI's findings. Do not hallucinate patient data.
+        """
+        
+        model_name = os.environ.get("LLM_MODEL", "llama-3.1-8b-instant")
+        response = client.chat.completions.create(
+            messages=[{"role": "user", "content": prompt}],
+            model=model_name,
+            temperature=0.2,
+            max_tokens=150,
+        )
+        
+        return response.choices[0].message.content.strip()
+    except Exception as e:
+        return f"Failed to generate LLM summary: {str(e)}"
+
+
 def build_report(
     image_id: str,
     inference: dict[str, Any],
@@ -179,4 +239,35 @@ def build_report(
     report["prediction"]["raw_probability"] = round(float(inference["raw_prob_any"]), 6)
     report["prediction"]["calibrated_probability"] = round(float(inference["cal_prob_any"]), 6)
 
+    report["llm_summary"] = generate_medical_summary(inference, calib_cfg, report)
+
+    # Cloudinary Integration
+    cloud_name = os.environ.get("CLOUDINARY_CLOUD_NAME")
+    api_key = os.environ.get("CLOUDINARY_API_KEY")
+    api_secret = os.environ.get("CLOUDINARY_API_SECRET")
+    
+    if cloudinary and cloud_name and api_key and api_secret:
+        try:
+            cloudinary.config(
+                cloud_name=cloud_name,
+                api_key=api_key,
+                api_secret=api_secret,
+                secure=True
+            )
+            
+            # Upload preview
+            preview_res = cloudinary.uploader.upload(str(preview_path), folder="ich_previews")
+            report["cloudinary_preview_url"] = preview_res.get("secure_url")
+            
+            # Upload heatmap
+            heatmap_res = cloudinary.uploader.upload(str(heatmap_path), folder="ich_heatmaps")
+            report["cloudinary_heatmap_url"] = heatmap_res.get("secure_url")
+            
+            # Delete local copies to save space since we have them in the cloud
+            preview_path.unlink(missing_ok=True)
+            heatmap_path.unlink(missing_ok=True)
+            
+        except Exception as e:
+            print(f"Cloudinary upload failed: {e}")
+
     return report

security.py

@@ -36,7 +36,7 @@ def init_security(app):
             "script-src 'self' 'unsafe-inline'; "  # Minimal unsafe-inline for compatibility
             "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; "
             "font-src 'self' https://fonts.gstatic.com; "
-            "img-src 'self' data:; "
+            "img-src 'self' data: https://res.cloudinary.com; "
             "connect-src 'self'; "
             "frame-ancestors 'self'; "
             "base-uri 'self'; "

templates/detail.html

@@ -112,29 +112,37 @@
   <!-- Right: Grad-CAM -->
   <article class="panel">
     <h3>Grad-CAM Visualization</h3>
-    {% if row.gradcam_file %}
+    {% if row.gradcam_url %}
     <img class="heatmap-img"
-         src="{{ url_for('serve_gradcam', filename=row.gradcam_file) }}"
+         src="{{ row.gradcam_url }}"
          alt="Grad-CAM for {{ row.image_id }}" />
     <p class="muted small" style="margin-top: 10px">
       Highlighted regions indicate areas with greatest influence on the
-      screening decision. These are <strong>not</strong> confirmed anatomical
-      findings.
+      model's decision.
     </p>
     {% else %}
     <div class="empty-state">
-      <svg width="48" height="48" viewBox="0 0 24 24" fill="none"
-           stroke="currentColor" stroke-width="1.5" opacity="0.3">
-        <rect x="3" y="3" width="18" height="18" rx="2" />
-        <circle cx="8.5" cy="8.5" r="1.5" />
-        <path d="m21 15-5-5L5 21" />
-      </svg>
       <p class="muted">No Grad-CAM heatmap available for this case.</p>
     </div>
     {% endif %}
   </article>
 </section>
 
+<!-- AI LLM Summary -->
+{% if report_record and report_record.llm_summary %}
+<section class="panel" style="margin-bottom: 24px; border-left: 4px solid var(--primary, #007aff);">
+  <h3 style="color: var(--primary, #007aff); display: flex; align-items: center; gap: 8px;">
+    <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+      <path d="M12 2v20M17 5H9.5a3.5 3.5 0 0 0 0 7h5a3.5 3.5 0 0 1 0 7H6"/>
+    </svg>
+    AI Medical Intelligence Summary
+  </h3>
+  <p style="line-height: 1.6; font-size: 1.1rem; color: var(--text-dark, #2c3e50);">
+    {{ report_record.llm_summary }}
+  </p>
+</section>
+{% endif %}
+
 <!-- Model info (from payload) -->
 {% if payload and payload.screening_module %}
 <section class="panel" style="margin-top: 16px">

templates/reports.html

@@ -100,6 +100,11 @@
     <a href="{{ url_for('reports', page_size=page_size) }}" class="btn btn-ghost">Clear</a>
     {% endif %}
   </form>
+  <!-- Delete All button -->
+  <form method="post" action="{{ url_for('delete_all_reports') }}" style="margin-top: 8px;"
+        onsubmit="return confirm('Delete ALL your reports and local files? This cannot be undone.')">
+    <button type="submit" class="btn btn-ghost" style="color: var(--red, #e74c3c); border-color: var(--red, #e74c3c);">🗑 Delete All Reports</button>
+  </form>
   <!-- prettier-ignore-end -->
 
   <!-- Results meta bar -->
@@ -125,6 +130,7 @@
           <th>Urgency</th>
           <th>Grad-CAM</th>
           <th>Report</th>
+          <th></th>
         </tr>
       </thead>
       <tbody>
@@ -144,16 +150,25 @@
           <td><span class="badge badge-{{ row.band|lower }}">{{ row.band }}</span></td>
           <td><span class="badge badge-{{ row.urgency|lower }}">{{ row.urgency }}</span></td>
           <td>
-            {% if row.gradcam_file %}
-            <a href="{{ url_for('serve_gradcam', filename=row.gradcam_file) }}"
-               target="_blank" class="link-icon" title="View Grad-CAM">
-              <svg width="16" height="16" viewBox="0 0 24 24" fill="none"
-                   stroke="currentColor" stroke-width="2">
+            {% set gc = row.gradcam_url %}
+            {% if gc %}
+              {% if gc.startswith('http') %}
+            <a href="{{ gc }}" target="_blank" class="link-icon" title="View Grad-CAM">
+              <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                <rect x="3" y="3" width="18" height="18" rx="2" />
+                <circle cx="8.5" cy="8.5" r="1.5" />
+                <path d="m21 15-5-5L5 21" />
+              </svg>
+            </a>
+              {% else %}
+            <a href="{{ url_for('serve_gradcam', filename=gc.split('/')[-1]) }}" target="_blank" class="link-icon" title="View Grad-CAM">
+              <svg width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                 <rect x="3" y="3" width="18" height="18" rx="2" />
                 <circle cx="8.5" cy="8.5" r="1.5" />
                 <path d="m21 15-5-5L5 21" />
               </svg>
             </a>
+              {% endif %}
             {% else %}
             <span class="muted">—</span>
             {% endif %}
@@ -161,6 +176,12 @@
           <td>
             <a href="{{ url_for('case_detail', image_id=row.image_id) }}" class="btn btn-sm">Open</a>
           </td>
+          <td>
+            <form method="post" action="{{ url_for('delete_report', image_id=row.image_id) }}"
+                  onsubmit="return confirm('Delete report {{ row.image_id }}?')" style="display:inline">
+              <button type="submit" class="btn btn-sm" style="background:transparent; color:var(--red,#e74c3c); border-color:var(--red,#e74c3c)">✕</button>
+            </form>
+          </td>
         </tr>
         {% endfor %}