711822f5de261018c8cf818e39fd8c99c7e5ef57
This PR provides critical stabilization, memory leak resolution, and security enhancements for the NexusReader application, specifically focusing on Blazor InteractiveAuto lifecycle safety, thread-safe automated authentication token refresh, and deduplication of active AI service queries. ### Key Enhancements #### 1. Security & Lifecycle Stabilization (`AuthenticationHeaderHandler.cs` & `Library.razor`) * **Secure Token Propagation (CWE-200)**: Modified the outbound delegating handler to only append JWT Bearer headers to trusted base origin requests matching the application's configured `NavigationManager.BaseUri`, preventing potential token leakage to external services. * **Captive Dependency & Memory Leak Fix (CWE-400)**: Avoided capturing scoped dependencies in a singleton handler by wrapping the resolution of `IIdentityService` inside a dedicated, disposable `IServiceProvider` scope (`_serviceProvider.CreateScope()`). * **Thread-Safe Automated Refresh**: Embedded a `SemaphoreSlim` lock around the automated `RefreshTokenAsync` renewal sequence to handle concurrent API requests gracefully without triggering duplicate token refresh attempts. * **Pre-rendering Safety**: Deferred the secure book loading query in `Library.razor` from `OnInitializedAsync` to client-side `OnAfterRenderAsync(firstRender: true)` to avoid inevitable `401 Unauthorized` responses and logs during the server pre-rendering phase. #### 2. Robust AI Request Deduplication (`KnowledgeService.cs`) * **State Recovery Guards**: Enhanced the thread-safe `Lazy<Task<Result<KnowledgePacket>>>` deduplication map by adding thorough failure handling blocks. Active requests are guaranteed to be cleaned up (`TryRemove`) inside `finally` and failed results pathways, ensuring future retries can run immediately if an initial request encounters an error. #### 3. Idempotent AI UI Fetching & JSRuntime Guards * **Interactive Guards**: Added an `_isInteractive` check to `GroundednessBadge.razor` and `AiAssistantBubble.razor` components, deferring WebAssembly API executions and DOM updates to client-side `OnAfterRenderAsync`. * **State Synchronization**: Integrated a synchronous `OnParametersSet` to properly reset groundedness badges when content changes. * **Flicker Elimination**: Moved JSRuntime local-storage checks in `Home.razor` (for focus mode preferences) to `OnAfterRenderAsync(firstRender: true)`, resolving startup JSInterop exceptions and eliminating layout shifts. ### Verification Performed * Mandatory build gate verified: `Kompilacja powiodła się.` with zero compile errors (`dotnet build NexusReader.slnx --no-restore`). * Validated dependency resolution patterns and async safety (no `async void`). --------- Co-authored-by: Marek Jasiński <jasins.marek@gmail.com> Reviewed-on: #45 Reviewed-by: Marek Jaisński <jasins.marek@gmail.com> Co-authored-by: Antigravity <antigravity@google.com> Co-committed-by: Antigravity <antigravity@google.com>
feat(ai-ux): deduplicate AI queries, handle ServiceUnavailable retries, and optimize reader canvas graph prerendering (#44)
feat(ai-ux): deduplicate AI queries, handle ServiceUnavailable retries, and optimize reader canvas graph prerendering (#44)
feat(ai-ux): deduplicate AI queries, handle ServiceUnavailable retries, and optimize reader canvas graph prerendering (#44)
📖 Nexus Reader
Nexus Reader is a state-of-the-art, cross-platform Blazor .NET 10 immersive e-book reader, powered by Native AOT, Clean Architecture, CQRS, and interactive D3.js Relationship Graphs built on vector-based AI semantics.
✨ Features & Architecture Highlights
📁 Ingestion & Description persistence
- Extracted and persistent book descriptions from EPUB package metadata during book ingestion.
- The
Descriptionfield propagates cleanly from theEbookentity through Mapster toLastReadBookDtoandUserProfileDto.
🔗 Deep-Link Routing
- Implemented deep-link route activation:
/reader/{bookId}?chapter=N. - Allows instant resume of reading session coordinates and loads the specific chapter chapter directly via URL query parameters.
🛡️ Downstream AI Resilience
- Standard resilience engine in
DependencyInjection.csutilizing the Polly package (ai-retry). - Automatically intercepts, handles, and retries on both rate-limits (
429 Too Many Requests) and downstream capacity overloads (503 ServiceUnavailable/high demand).
⚙️ Concurrent Request Deduplication
- Multi-client InteractiveAuto Blazor circuit synchronization is backed by a thread-safe active task registry in
KnowledgeServicewhich ensures that identical concurrent requests await a single shared task instance, eliminating redundant LLM queries.
🛠️ Build & Verification Gate
Ensure the dotnet workload matches the active SDK, and compile the full solution utilizing:
dotnet build NexusReader.slnx --no-restore
Run test suite:
dotnet test --no-restore
Description
Languages
C#
46.2%
HTML
25.8%
CSS
23%
JavaScript
4.1%
Shell
0.8%
Other
0.1%