feat: Comprehensive health AI application improvements

Major Updates:
- 🔧 Configure Chicago region for Speech AI and Object Storage compatibility
- 🤖 Add OpenAI integration as default AI provider with fallback to Oracle GenAI
- 🔐 Externalize all configuration to environment variables for security
- 🗄️ Fix SQL schema issues with constraint naming and JSON validation
- 📱 Enhance medical transcription with comprehensive error handling
- 🚀 Update Kubernetes deployment templates with credential mounting

Technical Changes:
- Switch Object Storage from eu-frankfurt-1 to us-chicago-1 (aitests bucket)
- Update Speech AI to use us-chicago-1 region for service alignment
- Add OpenAI.java service with GPT-3.5-turbo integration
- Enhanced OracleSpeechAI.java with detailed error reporting and job lifecycle monitoring
- Updated MedicalTranscriptionsController.java to handle both audio formats and quality issues
- Fixed SQL constraint naming conflicts in aiuser-tables-indexes-functions.sql
- Added aivision_results_fixed.sql with proper JSON validation
- Updated .gitignore to prevent deployment files with sensitive data from being committed
- Added comprehensive .env.example template with safe placeholder values

Security Improvements:
- All sensitive configuration moved to environment variables
- Removed hardcoded credentials from source code
- Added gitignore rules for generated deployment files
- Enhanced logging without exposing sensitive data

Configuration Management:
- Centralized configuration in AIApplication.java using System.getenv()
- Updated Kubernetes deployment template with all required placeholders
- Added setup-oci-credentials.sh for proper OCI authentication mounting
- Enhanced deploy.sh to use environment variables from .env file

This update resolves Speech AI transcription issues by ensuring regional compatibility
and provides a robust, secure foundation for the health AI application with multiple
AI service providers and comprehensive error handling.

Author: paulparkinson

.gitignore

@@ -5,6 +5,9 @@ grabdish/inventory-micronaut/build/
 .deployed/
 .deployed/*.yaml
 
+# Generated deployment files with sensitive data
+**/healthai-backend-springboot-deployment.yaml
+
 # Compiled class file
 *.class
 

health/.env.example

@@ -0,0 +1,40 @@
+
+# OCI Configuration
+export OCICONFIG_FILE=~/.oci/config
+export OCICONFIG_PROFILE=DEFAULT
+export COMPARTMENT_ID=ocid1.compartment.oc1..your_compartment_id_here
+export OBJECTSTORAGE_NAMESPACE=your_objectstore_namespace
+export OBJECTSTORAGE_BUCKETNAME=aitests
+export OBJECTSTORAGE_REGION=us-chicago-1
+
+# AI Vision Model OCIDs
+export VISIONAI_XRAY_BREASTCANCER_MODEL_OCID=ocid1.aivisionmodel.oc1..your_breastcancer_model_id
+export VISIONAI_XRAY_LUNGCANCER_MODEL_OCID=ocid1.aivisionmodel.oc1..your_lungcancer_model_id
+export VISIONAI_XRAY_PNEUMONIA_MODEL_OCID=ocid1.aivisionmodel.oc1..your_pneumonia_model_id
+export VISIONAI_XRAY_PNEUMONIA_MODEL_DEEP_LEARNING_OCID=ocid1.aivisionmodel.oc1..your_pneumonia_deep_learning_model_id
+
+# Service Endpoints (Chicago region for Speech AI compatibility)
+export ORDS_ENDPOINT_URL=https://your-ords-endpoint-url
+export OCI_VISION_SERVICE_ENDPOINT=https://vision.aiservice.us-chicago-1.oci.oraclecloud.com
+export OCI_SPEECH_SERVICE_ENDPOINT=https://speech.aiservice.us-chicago-1.oci.oraclecloud.com
+export OCI_GENAI_SERVICE_ENDPOINT=https://genai.aiservice.eu-frankfurt-1.oci.oraclecloud.com
+
+# OpenAI Configuration (primary AI provider)
+export OPENAI_API_KEY=sk-proj-your_openai_api_key_here
+
+# Display all set environment variables
+echo "=== Environment Variables Set ==="
+echo "OCICONFIG_FILE: $OCICONFIG_FILE"
+echo "OCICONFIG_PROFILE: $OCICONFIG_PROFILE"
+echo "COMPARTMENT_ID: $COMPARTMENT_ID"
+echo "OBJECTSTORAGE_NAMESPACE: $OBJECTSTORAGE_NAMESPACE"
+echo "OBJECTSTORAGE_BUCKETNAME: $OBJECTSTORAGE_BUCKETNAME"
+echo "VISIONAI_XRAY_BREASTCANCER_MODEL_OCID: $VISIONAI_XRAY_BREASTCANCER_MODEL_OCID"
+echo "VISIONAI_XRAY_LUNGCANCER_MODEL_OCID: $VISIONAI_XRAY_LUNGCANCER_MODEL_OCID"
+echo "VISIONAI_XRAY_PNEUMONIA_MODEL_OCID: $VISIONAI_XRAY_PNEUMONIA_MODEL_OCID"
+echo "ORDS_ENDPOINT_URL: $ORDS_ENDPOINT_URL"
+echo "OCI_VISION_SERVICE_ENDPOINT: $OCI_VISION_SERVICE_ENDPOINT"
+echo "OCI_SPEECH_SERVICE_ENDPOINT: $OCI_SPEECH_SERVICE_ENDPOINT"
+echo "OCI_GENAI_SERVICE_ENDPOINT: $OCI_GENAI_SERVICE_ENDPOINT"
+echo "OPENAI_KEY: $OPENAI_KEY"
+echo "=== All environment variables have been set successfully! ==="

health/samplefiles/SoundRecordings/sorethroat_and_heahache.wav

@@ -2,6 +2,14 @@
 ## Copyright (c) 2025 Oracle and/or its affiliates.
 ## Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
+# Source environment variables from .env file
+if [ -f "../.env" ]; then
+    echo "Loading environment variables from .env file..."
+    source "../.env"
+else
+    echo "Warning: .env file not found. Using environment variables from shell."
+fi
+
 export TAG=0.1.$(date +%s)
 echo TAG = $TAG
 
@@ -46,6 +54,19 @@ podman push --format docker "$IMAGE"
 
 cp healthai-backend-springboot-deployment_template.yaml healthai-backend-springboot-deployment.yaml
 sed -i '' "s|IMAGE_PLACEHOLDER|$IMAGE|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|COMPARTMENT_ID_PLACEHOLDER|$COMPARTMENT_ID|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OBJECTSTORAGE_NAMESPACE_PLACEHOLDER|$OBJECTSTORAGE_NAMESPACE|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OBJECTSTORAGE_BUCKETNAME_PLACEHOLDER|$OBJECTSTORAGE_BUCKETNAME|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OBJECTSTORAGE_REGION_PLACEHOLDER|$OBJECTSTORAGE_REGION|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|ORDS_ENDPOINT_URL_PLACEHOLDER|$ORDS_ENDPOINT_URL|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OCI_VISION_SERVICE_ENDPOINT_PLACEHOLDER|$OCI_VISION_SERVICE_ENDPOINT|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OCI_SPEECH_SERVICE_ENDPOINT_PLACEHOLDER|$OCI_SPEECH_SERVICE_ENDPOINT|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OCI_GENAI_SERVICE_ENDPOINT_PLACEHOLDER|$OCI_GENAI_SERVICE_ENDPOINT|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|OPENAI_API_KEY_PLACEHOLDER|$OPENAI_API_KEY|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|VISIONAI_XRAY_BREASTCANCER_MODEL_OCID_PLACEHOLDER|$VISIONAI_XRAY_BREASTCANCER_MODEL_OCID|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|VISIONAI_XRAY_LUNGCANCER_MODEL_OCID_PLACEHOLDER|$VISIONAI_XRAY_LUNGCANCER_MODEL_OCID|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|VISIONAI_XRAY_PNEUMONIA_MODEL_OCID_PLACEHOLDER|$VISIONAI_XRAY_PNEUMONIA_MODEL_OCID|g" healthai-backend-springboot-deployment.yaml
+sed -i '' "s|VISIONAI_XRAY_PNEUMONIA_MODEL_DEEP_LEARNING_OCID_PLACEHOLDER|$VISIONAI_XRAY_PNEUMONIA_MODEL_DEEP_LEARNING_OCID|g" healthai-backend-springboot-deployment.yaml
 kubectl apply -f healthai-backend-springboot-deployment.yaml -n health
 
 

health/springboot-backend/deploy.sh

@@ -28,6 +28,36 @@ spec:
           value: Welcome12345*
         - name: OCI_REGION
           value: us-phoenix-1
+        - name: OCICONFIG_FILE
+          value: "/root/.oci/config"
+        - name: OCICONFIG_PROFILE
+          value: "DEFAULT"
+        - name: COMPARTMENT_ID
+          value: "COMPARTMENT_ID_PLACEHOLDER"
+        - name: OBJECTSTORAGE_NAMESPACE
+          value: "OBJECTSTORAGE_NAMESPACE_PLACEHOLDER"
+        - name: OBJECTSTORAGE_BUCKETNAME
+          value: "OBJECTSTORAGE_BUCKETNAME_PLACEHOLDER"
+        - name: OBJECTSTORAGE_REGION
+          value: "OBJECTSTORAGE_REGION_PLACEHOLDER"
+        - name: ORDS_ENDPOINT_URL
+          value: "ORDS_ENDPOINT_URL_PLACEHOLDER"
+        - name: OCI_VISION_SERVICE_ENDPOINT
+          value: "OCI_VISION_SERVICE_ENDPOINT_PLACEHOLDER"
+        - name: OCI_SPEECH_SERVICE_ENDPOINT
+          value: "OCI_SPEECH_SERVICE_ENDPOINT_PLACEHOLDER"
+        - name: OCI_GENAI_SERVICE_ENDPOINT
+          value: "OCI_GENAI_SERVICE_ENDPOINT_PLACEHOLDER"
+        - name: OPENAI_API_KEY
+          value: "OPENAI_API_KEY_PLACEHOLDER"
+        - name: VISIONAI_XRAY_BREASTCANCER_MODEL_OCID
+          value: "VISIONAI_XRAY_BREASTCANCER_MODEL_OCID_PLACEHOLDER"
+        - name: VISIONAI_XRAY_LUNGCANCER_MODEL_OCID
+          value: "VISIONAI_XRAY_LUNGCANCER_MODEL_OCID_PLACEHOLDER"
+        - name: VISIONAI_XRAY_PNEUMONIA_MODEL_OCID
+          value: "VISIONAI_XRAY_PNEUMONIA_MODEL_OCID_PLACEHOLDER"
+        - name: VISIONAI_XRAY_PNEUMONIA_MODEL_DEEP_LEARNING_OCID
+          value: "VISIONAI_XRAY_PNEUMONIA_MODEL_DEEP_LEARNING_OCID_PLACEHOLDER"
 #          value: Welcome12345
 #        - name: spring.datasource.password
 #          valueFrom:
@@ -38,11 +68,25 @@ spec:
         volumeMounts:
         - name: creds
           mountPath: /healthai/creds
+        - name: oci-config
+          mountPath: /root/.oci
+          readOnly: true
+        - name: oci-private-key
+          mountPath: /root/.ssh
+          readOnly: true
         ports:
         - containerPort: 8080
       restartPolicy: Always
       volumes:
       - name: creds
         secret:
           secretName: healthai-backend-db-tns-admin-secret
+      - name: oci-config
+        configMap:
+          name: oci-config
+          defaultMode: 0600
+      - name: oci-private-key
+        secret:
+          secretName: oci-private-key
+          defaultMode: 0600
 

health/springboot-backend/env.properties

@@ -51,4 +51,5 @@ echo ""
 echo "💡 To follow logs in real-time, use:"
 for POD in $PODS; do
     echo "   kubectl logs -f $POD -n health"
+    kubectl logs -f $POD -n health
 done

health/springboot-backend/healthai-backend-springboot-deployment.yaml

@@ -19,7 +19,7 @@
 		<spring-cloud.version>2022.0.4</spring-cloud.version>
 		<oracle.jdbc.version>21.9.0.0</oracle.jdbc.version>
 		<spring.vault.version>3.1.1</spring.vault.version>
-		<oci.sdk.version>3.35.0</oci.sdk.version>
+		<oci.sdk.version>3.45.0</oci.sdk.version>
 		<jib-maven-plugin.version>3.3.1</jib-maven-plugin.version>
 		<liquibase.version>4.17.2</liquibase.version>
 		<docker.registry>${env.DOCKER_REGISTRY}</docker.registry>
@@ -43,9 +43,10 @@
 		</dependency>
 		<dependency>
 			<groupId>com.oracle.oci.sdk</groupId>
-			<artifactId>oci-java-sdk-common-httpclient-jersey</artifactId>
+			<artifactId>oci-java-sdk-common-httpclient-jersey3</artifactId>
 			<version>${oci.sdk.version}</version>
 		</dependency>
+		
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-simple</artifactId>
@@ -108,11 +109,12 @@
 			<artifactId>spring-jdbc</artifactId>
 		</dependency>
 
-<!--		<dependency>-->
-<!--			<groupId>com.theokanning.openai-gpt3-java</groupId>-->
-<!--			<artifactId>service</artifactId>-->
-<!--			<version>0.12.0</version>-->
-<!--		</dependency>-->
+		<!-- OpenAI Java SDK -->
+		<dependency>
+			<groupId>com.theokanning.openai-gpt3-java</groupId>
+			<artifactId>service</artifactId>
+			<version>0.18.2</version>
+		</dependency>
 
 		<dependency>
 			<groupId>com.oracle.oci.sdk</groupId>

health/springboot-backend/healthai-backend-springboot-deployment_template.yaml

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# setup-oci-credentials.sh - Create Kubernetes secrets and configmaps for OCI authentication
+
+echo "🔧 Setting up OCI credentials for Kubernetes deployment..."
+
+# Check if files exist
+if [ ! -f ~/.oci/config ]; then
+    echo "❌ Error: ~/.oci/config file not found"
+    echo "Please ensure your OCI config file exists at ~/.oci/config"
+    exit 1
+fi
+
+if [ ! -f ~/.ssh/oracleidentitycloudservice_paul.parkinson-05-07-03-14.pem ]; then
+    echo "❌ Error: Private key file not found at ~/.ssh/oracleidentitycloudservice_paul.parkinson-05-07-03-14.pem"
+    echo "Please ensure your OCI private key file exists"
+    exit 1
+fi
+
+echo "✅ Found required OCI credential files"
+
+# Create namespace if it doesn't exist
+# kubectl create namespace health --dry-run=client -o yaml | kubectl apply -f -
+
+# Delete existing secrets/configmaps if they exist (to update them)
+echo "🧹 Cleaning up existing OCI credentials..."
+kubectl delete configmap oci-config -n health --ignore-not-found=true
+kubectl delete secret oci-private-key -n health --ignore-not-found=true
+
+# Create ConfigMap for OCI config file
+echo "📝 Creating OCI config ConfigMap..."
+kubectl create configmap oci-config \
+    --from-file=config="$HOME/.oci/config" \
+    -n health
+
+if [ $? -eq 0 ]; then
+    echo "✅ Successfully created oci-config ConfigMap"
+else
+    echo "❌ Failed to create oci-config ConfigMap"
+    exit 1
+fi
+
+# Create Secret for private key file
+echo "🔐 Creating OCI private key Secret..."
+kubectl create secret generic oci-private-key \
+    --from-file=oracleidentitycloudservice_paul.parkinson-05-07-03-14.pem="$HOME/.ssh/oracleidentitycloudservice_paul.parkinson-05-07-03-14.pem" \
+    -n health
+
+if [ $? -eq 0 ]; then
+    echo "✅ Successfully created oci-private-key Secret"
+else
+    echo "❌ Failed to create oci-private-key Secret"
+    exit 1
+fi
+
+echo ""
+echo "🎉 OCI credentials setup complete!"
+echo ""
+echo "📋 Created resources:"
+echo "  • ConfigMap: oci-config (contains ~/.oci/config)"
+echo "  • Secret: oci-private-key (contains private key file)"
+echo ""
+echo "💡 Your deployment template is now configured to mount these at:"
+echo "  • /root/.oci/config (OCI configuration)"
+echo "  • /root/.ssh/oracleidentitycloudservice_paul.parkinson-05-07-03-14.pem (private key)"
+echo ""
+echo "🚀 You can now deploy your application with:"
+echo "  ./deploy.sh"
+echo ""
+
+# Verify the setup
+echo "🔍 Verifying setup..."
+echo "ConfigMaps in health namespace:"
+kubectl get configmaps -n health | grep oci-config || echo "❌ oci-config not found"
+
+echo "Secrets in health namespace:"
+kubectl get secrets -n health | grep oci-private-key || echo "❌ oci-private-key not found"
+
+echo ""
+echo "✅ Setup verification complete!"