ScriptPad release bundle
========================

This zip contains everything needed to deploy ScriptPad to a clinic:

  windows/
    ScriptPad-Server-Setup-<version>.msi  ★ RECOMMENDED installer for
                                            the server box. Installs the
                                            server + desktop launcher,
                                            adds the firewall rule,
                                            creates Start menu + Desktop +
                                            Startup shortcuts.
    ScriptPad_<version>_x64_en-US.msi     Desktop client installer
                                            (run on each workstation that
                                            should talk to the server).
    scriptpad-server.exe                  Standalone server binary
                                            (only needed if you're NOT
                                            using the MSI above — e.g.,
                                            running headless as a service).
    scriptpad-server-launcher.exe         Desktop launcher GUI binary
                                            (same — only needed without
                                            the MSI).
    run-server.ps1                        Headless PowerShell runner
                                            (Task Scheduler / service
                                            deployments).

  macos/
    ScriptPad_<version>_universal.dmg     Desktop client installer
                                            (macOS 11+).


Quick-start (recommended path)
------------------------------

1. ON THE CLINIC SERVER (Windows mini-PC or one workstation):

     Double-click `windows\ScriptPad-Server-Setup-<version>.msi`,
     accept the UAC prompt, and click Install. About 15 seconds.

     The installer:
       - copies the server + launcher to %ProgramFiles%\ScriptPad\
       - registers an inbound firewall rule on TCP 8443 (Domain +
         Private profiles only — Public Wi-Fi is NEVER opened)
       - creates Start menu, Desktop, and Startup shortcuts
       - creates the data folder at %ProgramData%\scriptpad
       - leaves your existing data untouched on upgrades

     After install, the Startup shortcut means the launcher (and
     thus the server) will run automatically every time the box
     boots. Or just double-click the Desktop shortcut now to
     launch it right away.

2. INSIDE THE LAUNCHER WINDOW:

     The server starts automatically. The first time, click
     "Show data folder" to confirm where patient data will land
     (C:\ProgramData\scriptpad). Bootstrap an admin from the
     client's login screen — there's no UI for that in the
     launcher.

     Close the launcher window (the X button) to minimize it
     to the system tray; the server keeps running. Right-click
     the tray icon for Start / Stop / Restart / Quit.

3. ON EACH WORKSTATION:

     - Windows: double-click `windows\ScriptPad_*.msi`
                (the client installer, not the server one).
     - macOS:   open `macos\ScriptPad_*.dmg` and drag ScriptPad.app
                to Applications. First launch needs right-click →
                Open because the app is not signed with an Apple
                Developer certificate.

4. IN THE CLIENT:

     Enter the server URL on the login screen (e.g.
     http://192.168.1.42:8443 — the launcher's window shows the
     exact LAN URL to use). Sign in as the bootstrap admin, then
     create user accounts under Admin → Users.


Alternative path: headless / service install
--------------------------------------------

If you don't want the launcher GUI (e.g., you want the server
running as a Windows service via NSSM or Task Scheduler):

  1. Copy `windows\scriptpad-server.exe` + `windows\run-server.ps1`
     to a folder of your choice.
  2. Open PowerShell in that folder and run:
         .\run-server.ps1 -Bind 0.0.0.0:8443
  3. Wire it into NSSM / Task Scheduler however you normally
     run background services.

Note: this path doesn't add the firewall rule for you. Run:
    New-NetFirewallRule -DisplayName "ScriptPad Server" `
        -Direction Inbound -Protocol TCP -LocalPort 8443 `
        -Action Allow -Profile Private,Domain


Updating
--------

Just run the new MSI. It detects the existing install and
upgrades in place. Patient data at C:\ProgramData\scriptpad is
preserved untouched. The Startup shortcut, firewall rule, and
other shortcuts are also kept.

After the MSI finishes, the launcher (which was already running)
will need to be relaunched — double-click the Desktop shortcut
or wait for the next Windows login.


Where data lives
----------------

Server:   C:\ProgramData\scriptpad
          Contents: server.db (SQLite), notes/, media/, backups/,
          plus scriptpad-server.log if logging is enabled.

Client:   %APPDATA%\reinaldo\scriptpad\data on Windows;
          ~/Library/Application Support/com.reinaldo.scriptpad on
          macOS. Contains scriptpad.log (rotating, 2 MB cap).
          The client never persists patient data locally —
          everything lives on the server.


Encrypted backups
-----------------

In the client: Admin → Backup & restore → Create encrypted
backup. The resulting .spbak file is AES-256-GCM sealed with the
password you provide. Restoring requires an empty target server.


Uninstalling
------------

Control Panel → Programs → ScriptPad Server → Uninstall. The
MSI removes the server + launcher + shortcuts + firewall rule.

It DOES NOT remove C:\ProgramData\scriptpad — your patient data
is preserved. Delete it manually if you no longer need it.


Documentation
-------------

Full operations guide (mini-PC sizing, Tailscale setup, backup
rotation, on-site deployment checklist) is in the source repo:
https://github.com/DitoXD/script_pad
