This pull request introduces the dedicated containerized infrastructure and configuration for deploying NexusReader's beta version in the Test environment.
### Summary of Changes
1. **Docker Infrastructure & Secrets**:
- **`docker-compose.test.yml`**: Configured dedicated database and auxiliary services (PostgreSQL 17, Qdrant, Neo4j) on isolated, non-standard ports to ensure zero conflict with the existing server configurations.
- **`.env.test.template`**: Provided an environment variable template showing required setups, including mandatory database passwords, API keys, and admin custom passwords.
- **`.gitignore`**: Excluded local `.env` files to prevent accidental commits of production or staging secrets.
2. **Database Hardening**:
- Configured Neo4j with basic authentication (`IDriver` instantiation uses basic auth when credentials are provided in configuration).
- Configured PostgreSQL to use mandatory authentication.
- Configured the admin seeder (`DbInitializer.cs`) to dynamically use `NEXUS_ADMIN_PASSWORD` from environment variables, falling back to a default password in local Development only.
3. **Feature-Flagged Restrictions**:
- **`appsettings.Test.json`**: Implemented `Features:AllowRegistration` and `Features:AllowPasswordReset` flags set to `false`.
- **Middleware Enforcement (`Program.cs`)**: Intercepts requests to `/identity/register` and `/identity/forgotPassword` (and their MVC/form variations) and rejects them with a `403 Forbidden` response in restricted environments.
- **OAuth Provisioning Guard (`Program.cs`)**: Blocks new account provisioning via Google OAuth callback by checking the `Features:AllowRegistration` configuration, redirecting users to the login page with a descriptive error.
- **UI Protection (`Login.razor`, `Register.razor`)**: Conditionally hides registration/password reset links and intercepts manual navigation attempts to `/account/register` by redirecting to login with a warning.
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #56
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
Resolves#55
# gamified Concepts Map Dashboard, Architecture Cleanup, & CSS Unification
This Pull Request completes the gamified **Concepts Map** interactive experience and executes a strict visual and architectural clean-up of the **NexusReader SaaS** platform by consolidating styling around the centralized **Nexus Neon** design system, enforcing Native AOT-compliant scoped-CSS, and resolving style drift.
---
### 🚀 Key Implementations
#### 1. Gamified Interactive Concepts Map Dashboard
* **Dynamic Skill-Tree Visualizer:** Implemented a gamified node-based interactive tree that reads concept connections dynamically, rendering progress nodes, unlocked/locked states, and active visual connection lines.
* **Premium UX Details:** Integrated high-fidelity hover effects, detailed sidebar popovers showing unlocked stats/summaries, and smooth parallax backdrops.
* **Secure Multi-Tenant Gating:** Hardened data queries using explicit `TenantId` gating to ensure complete layout isolation between system tenants.
#### 2. Architecture & Service Optimization
* **Service Abstraction (`IConceptsMapService`):** Introduced a clean service interface decoupled from the UI layers.
* **Polyglot Fallback Implementations:**
- **WasmConceptsMapService:** Implements efficient client-side fetching with error recovery/loading states.
- **ServerConceptsMapService:** Handles deep database graph mapping, relationship resolution, and multi-tenant checks.
* **CQRS Integrity:** Enforced the CQRS Result Pattern by using `MediatR` handlers to fetch data structures instead of placing database queries in UI modules.
#### 3. Nexus Neon CSS Unification & Zero-Style-Tag Standards
* **Central Design Tokens:** Solidified typography (`Inter` / `Merriweather`), primary brand green hues (`var(--nexus-neon)` at `#00ff99`), and glow variables inside the global `app.css`.
* **Zero Inline Style Tags:** Standardized all dashboard modules by completely eliminating inline `<style>` blocks in favor of scoped `.razor.css` companion files.
* **Consolidated Buttons & Glass Panels:**
- Standardized `.btn-nexus`, `.btn-nexus-primary`, and `.btn-nexus-secondary` throughout header/footer/card operations.
- Removed duplicate `.glass-panel` background, blur, and support-declaration overrides, making components cleanly inherit standard global styles.
* **Eliminated Brand Splitting:** Resolved legacy purple-indigo user avatar and conversation bubble gradients inside the AI Intelligence Hub (`Intelligence.razor.css`), migrating them to premium glassmorphic surfaces (`rgba(255, 255, 255, 0.05)`) contrasting beautifully against the emerald green AI theme.
---
### 🧪 Verification & Build Gate Status
* **Successful Compilation Check:** Run `dotnet build NexusReader.slnx --no-restore` from the workspace root. Flawlessly succeeded with **zero compilation errors** (`Liczba błędów: 0`) under target `.NET 10`.
* **Verified Skills Synchrony:** The companion design guidelines skill (`nexus-ui-engine/SKILL.md`) has been fully updated to secure these layout and styling conventions for future dashboard features.
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #54
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
Resolves#52
This Pull Request introduces the **NexusSearchBox** search feature with premium unified styling, implements a robust **dynamic Qdrant collection auto-provisioning and batch-vector ingestion pipeline**, integrates a unified **Serilog logging infrastructure** for the Blazor Hybrid environment (MAUI), and resolves the **401 Unauthorized API header propagation error** inside mobile builds.
### 🚀 Key Implementations
#### 1. Premium `NexusSearchBox` & Semantic Search UI
* **NexusSearchBox Component:** Created an elegant search-as-you-type search box with smooth key navigation, quick-clearing, and seamless dynamic styling.
* **Unified Aesthetics:** Refactored the search box isolated styling to align perfectly with the dashboard's design system using glassmorphism, `--nexus-neon` token gradients, and smooth pulse/fade animations.
* **Semantic Search Integration:** Integrated semantic search query dispatching (`SearchLibrarySemanticallyQuery`) and wired up navigation seamlessly through the updated `ReaderNavigationService`.
* **Tests Hardening:** Added/adapted query assertions in `QueryTests.cs` to guarantee safe parameterization and error boundary mapping.
#### 2. Qdrant Collection Provisioning & Vector Ingestion
* **Dynamic Auto-Provisioning:** Implemented dynamic checking and lazy-creation of the `knowledge_units` collection using 768 dimensions and Cosine distance.
* **High-Performance Ingestion:** Optimized `ProcessKnowledgeUnitsAsync` with high-performance batch embedding generation using `_embeddingGenerator` and deterministic MD5 GUIDs for stable, duplicate-free upsertion.
* **Database Cache Clear Sync:** Integrated Qdrant collection deletion in `ClearCacheAsync` to ensure absolute consistency between the PostgreSQL database cache and vector database indices.
#### 3. Cross-Platform MAUI Logging (Serilog Infrastructure)
* **Serilog Integration:** Configured cross-platform Serilog routing in `SerilogConfiguration.cs`, streaming diagnostic logs safely across native platforms and the Blazor Webview container.
* **Interop Bridge:** Built `BlazorLoggingBridge.cs` to capture web console messages and pipe them directly to the native host logger.
* **Demo Interface:** Added an interactive `SerilogDemo.razor` sandbox under Pages.
#### 4. Resolving 401 Load Errors (Authentication Handler Flow)
* **Authentication Header Handler:** Implemented the `MobileAuthenticationHeaderHandler` to correctly extract, validate, and inject bearer JWT tokens into outbound API requests.
* **Configuration-based API Host:** Structured standard API URI routing to use clean configuration bindings in `appsettings.json`.
---
### 🧪 Verification & Build Status
* Run `dotnet build` from the solution root: Successfully compiled the full multi-targeted solution (`Liczba błędów: 0`).
* All unit and integration tests successfully executed and verified (`dotnet test`).
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Co-authored-by: Marek Jaisński <jasins.marek@gmail.com>
Reviewed-on: #51
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
This Pull Request implements the complete **Retrieval module (Read Path)** for the Knowledge-Map RAG (KM-RAG) architecture within the NexusReader platform. It resolves all requirements for vector-based semantic search, Neo4j graph context expansion, structured grounding with Google Gemini, API/Wasm integration, and an interactive front-end global Q&A panel.
Resolves#48
### 🚀 Key Implementations
1. **Grounded DTOs & Schema Definition**
- Added `GroundedResponseDto` and `CitationDto` for strict JSON Schema matching with Gemini.
2. **Core Service & Read Path Logic**
- Implemented the robust **5-step pipeline** in `KnowledgeService.AskQuestionAsync`:
1. *Embedding*: Query vectorization using `IEmbeddingGenerator`.
2. *Semantic Search*: Multi-tenant vector search with Qdrant, supporting scoping to a specific book or global search.
3. *Graph Expansion*: Fetching connected concepts and parent relationships using Neo4j Cypher.
4. *Citation Hydration*: Cross-referencing results with PostgreSQL to fetch book titles and accurate chapter citations.
5. *Grounded Generation*: Strict structured generation via `IChatClient` (Gemini) preventing hallucinations and using citations.
3. **CQRS & Endpoints**
- Added `AskLibraryQuestionQuery` and its handler.
- Mapped `/api/knowledge/ask` and `/api/knowledge/search` endpoints inside `Program.cs`.
- Updated `WasmKnowledgeService` to support proxying retrieval requests.
4. **Premium Blazor UI Panel**
- Implemented `/intelligence` (Global AI Q&A) with a curated HSL palette, dark theme, smooth micro-animations, loading shimmers, and side-by-side citation cards.
- Registered the panel within the `MainHubLayout` sidebar.
5. **Test Coverage**
- Wrote comprehensive xUnit tests in `QueryTests.cs` using Moq and FluentAssertions to assert that handlers correctly validate input and interact with services.
### 🧪 Verification
- Verified compilation and build gate successfully (`dotnet build`: 0 errors).
- All 7 tests passed perfectly (`dotnet test`).
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #49
Reviewed-by: Marek Jaisński <jasins.marek@gmail.com>
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
This PR provides critical stabilization, memory leak resolution, and security enhancements for the NexusReader application, specifically focusing on Blazor InteractiveAuto lifecycle safety, thread-safe automated authentication token refresh, and deduplication of active AI service queries.
### Key Enhancements
#### 1. Security & Lifecycle Stabilization (`AuthenticationHeaderHandler.cs` & `Library.razor`)
* **Secure Token Propagation (CWE-200)**: Modified the outbound delegating handler to only append JWT Bearer headers to trusted base origin requests matching the application's configured `NavigationManager.BaseUri`, preventing potential token leakage to external services.
* **Captive Dependency & Memory Leak Fix (CWE-400)**: Avoided capturing scoped dependencies in a singleton handler by wrapping the resolution of `IIdentityService` inside a dedicated, disposable `IServiceProvider` scope (`_serviceProvider.CreateScope()`).
* **Thread-Safe Automated Refresh**: Embedded a `SemaphoreSlim` lock around the automated `RefreshTokenAsync` renewal sequence to handle concurrent API requests gracefully without triggering duplicate token refresh attempts.
* **Pre-rendering Safety**: Deferred the secure book loading query in `Library.razor` from `OnInitializedAsync` to client-side `OnAfterRenderAsync(firstRender: true)` to avoid inevitable `401 Unauthorized` responses and logs during the server pre-rendering phase.
#### 2. Robust AI Request Deduplication (`KnowledgeService.cs`)
* **State Recovery Guards**: Enhanced the thread-safe `Lazy<Task<Result<KnowledgePacket>>>` deduplication map by adding thorough failure handling blocks. Active requests are guaranteed to be cleaned up (`TryRemove`) inside `finally` and failed results pathways, ensuring future retries can run immediately if an initial request encounters an error.
#### 3. Idempotent AI UI Fetching & JSRuntime Guards
* **Interactive Guards**: Added an `_isInteractive` check to `GroundednessBadge.razor` and `AiAssistantBubble.razor` components, deferring WebAssembly API executions and DOM updates to client-side `OnAfterRenderAsync`.
* **State Synchronization**: Integrated a synchronous `OnParametersSet` to properly reset groundedness badges when content changes.
* **Flicker Elimination**: Moved JSRuntime local-storage checks in `Home.razor` (for focus mode preferences) to `OnAfterRenderAsync(firstRender: true)`, resolving startup JSInterop exceptions and eliminating layout shifts.
### Verification Performed
* Mandatory build gate verified: `Kompilacja powiodła się.` with zero compile errors (`dotnet build NexusReader.slnx --no-restore`).
* Validated dependency resolution patterns and async safety (no `async void`).
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #45
Reviewed-by: Marek Jaisński <jasins.marek@gmail.com>
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
This Pull Request encapsulates all outstanding AI, Blazor InteractiveAuto lifecycle, pgvector, and Firefox authorization/session compatibility fixes.
### Key Accomplishments:
1. **Concurrent Request Deduplication (Option B):** Implemented a thread-safe active task registry in `KnowledgeService` that groups concurrent graph extraction queries for the same content, preventing duplicate AI calls completely.
2. **Resilience Strategy for Downstream Demands:** Extended the `ai-retry` resilience pipeline to automatically intercept and retry on temporary Google API `503 ServiceUnavailable` / `high demand` spikes.
3. **Interactive Graph Generation Guard (Option A):** Prevented server-side prerender-phase graph requests in the reader canvas component.
4. **Firefox Compatibility & Cookie Handler:** Implemented an authentication endpoint and hybrid hidden-form submission flow to solve login, registration, and logout redirections and cookies securely.
5. **Autoscrolling & Graph Exclusions:** Added concept-to-block smooth scrolling, active block badging, and filtered out markdown code blocks from being extracted as nodes.
All unit tests compiled and passed 100% cleanly.
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #44
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
## Overview
This PR completes the architectural consolidation of the web project and stabilizes the Identity-based authentication flow for the NexusReader application. It also refines the UI aesthetic for the Book Ingestion Modal as requested in #33.
## Key Changes
- **Project Consolidation**: Fully merged `NexusReader.Web.New` into `NexusReader.Web`. This includes updating all namespace references, VS Code launch/task configurations, and CI/CD (`Dockerfile`).
- **Identity Stabilization**:
- Implemented `IIdentityService` on the server using `SignInManager<NexusUser>` and `UserManager<NexusUser>`.
- Fixed registration logic to include mandatory fields (`SubscriptionPlanId`, `TenantId`).
- Updated `Login.razor` to force a page reload on successful login, ensuring proper synchronization of authentication cookies between SignalR and the browser.
- **UI/UX Refinement**:
- Updated `BookIngestionModal` styling to follow the **Nexus Neon** design system.
- Added premium button styles with hover effects and glows.
- Improved modal layout and interaction feedback (shimmer effects, spinner colors).
- **Cleanup**: Removed obsolete interfaces and constants that were superseded by newer Application layer implementations.
## Verification
- Successfully built the solution: `dotnet build NexusReader.slnx --no-restore`
- Verified project structure and file moves.
- Validated server-side authentication logic.
Fixes#33
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #40
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
Resolves#32
### Changes:
- Added '[+] Add New Book' button to `Library.razor`.
- Wrapped the button in `AuthorizeView` for `Admin` and `ContentManager` roles.
- Updated `NexusButton` styling to follow standards: secondary gray background with neon glow on hover/focus.
- Refined `Library.razor` layout with a header and glassmorphism panel.
---------
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #38
Reviewed-by: Marek Jaisński <jasins.marek@gmail.com>
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
This PR implements the Hub Navigation system and the Profile Dashboard, while resolving critical session synchronization issues.
### Key Changes
- **Hub Navigation**: Introduced `MainHubLayout` with a premium glassmorphism sidebar, providing access to Dashboard, Library, Concepts Map, and Profile.
- **Profile Dashboard**: Implemented a high-fidelity Profile page (#27) with learning metrics, AI token usage tracking, and system rank visualization.
- **Stability Fixes**:
- Resolved an infinite network loop on the `/profile` page by implementing request deduplication and in-memory caching in `IdentityService`.
- Added environment-aware guards to prevent illegal JavaScript interop calls during server-side prerendering.
- Implemented automatic session invalidation on `401 Unauthorized` responses to handle stale authentication states gracefully.
- **Reader Integration**: Added a "Return to Dashboard" option in the reader toolbar (#26).
Closes#26Closes#27
Reviewed-on: #31
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Co-committed-by: Marek Jasiński <jasins.marek@gmail.com>
This PR implements proper logging and error handling for the Google OAuth callback as requested in issue #3.
### Changes:
- Added `ILogger<Program>` to the Google callback endpoint.
- Logged warning if external login info is null.
- Logged error details from `userManager.CreateAsync` if provisioning fails.
- Introduced specific error codes `UserAlreadyExists` and `LockedOut` to improve UX.
- Updated `Login.razor` to display descriptive Polish error messages based on the query parameter.
Fixes#3
Reviewed-on: #18
Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Co-committed-by: Marek Jasiński <jasins.marek@gmail.com>