Antigravity 711822f5de fix(ui/security): Enforce idempotent AI fetching, secure auth handler, and memory leak guards (#45)
This PR provides critical stabilization, memory leak resolution, and security enhancements for the NexusReader application, specifically focusing on Blazor InteractiveAuto lifecycle safety, thread-safe automated authentication token refresh, and deduplication of active AI service queries.

### Key Enhancements

#### 1. Security & Lifecycle Stabilization (`AuthenticationHeaderHandler.cs` & `Library.razor`)
* **Secure Token Propagation (CWE-200)**: Modified the outbound delegating handler to only append JWT Bearer headers to trusted base origin requests matching the application's configured `NavigationManager.BaseUri`, preventing potential token leakage to external services.
* **Captive Dependency & Memory Leak Fix (CWE-400)**: Avoided capturing scoped dependencies in a singleton handler by wrapping the resolution of `IIdentityService` inside a dedicated, disposable `IServiceProvider` scope (`_serviceProvider.CreateScope()`).
* **Thread-Safe Automated Refresh**: Embedded a `SemaphoreSlim` lock around the automated `RefreshTokenAsync` renewal sequence to handle concurrent API requests gracefully without triggering duplicate token refresh attempts.
* **Pre-rendering Safety**: Deferred the secure book loading query in `Library.razor` from `OnInitializedAsync` to client-side `OnAfterRenderAsync(firstRender: true)` to avoid inevitable `401 Unauthorized` responses and logs during the server pre-rendering phase.

#### 2. Robust AI Request Deduplication (`KnowledgeService.cs`)
* **State Recovery Guards**: Enhanced the thread-safe `Lazy<Task<Result<KnowledgePacket>>>` deduplication map by adding thorough failure handling blocks. Active requests are guaranteed to be cleaned up (`TryRemove`) inside `finally` and failed results pathways, ensuring future retries can run immediately if an initial request encounters an error.

#### 3. Idempotent AI UI Fetching & JSRuntime Guards
* **Interactive Guards**: Added an `_isInteractive` check to `GroundednessBadge.razor` and `AiAssistantBubble.razor` components, deferring WebAssembly API executions and DOM updates to client-side `OnAfterRenderAsync`.
* **State Synchronization**: Integrated a synchronous `OnParametersSet` to properly reset groundedness badges when content changes.
* **Flicker Elimination**: Moved JSRuntime local-storage checks in `Home.razor` (for focus mode preferences) to `OnAfterRenderAsync(firstRender: true)`, resolving startup JSInterop exceptions and eliminating layout shifts.

### Verification Performed
* Mandatory build gate verified: `Kompilacja powiodła się.` with zero compile errors (`dotnet build NexusReader.slnx --no-restore`).
* Validated dependency resolution patterns and async safety (no `async void`).

---------

Co-authored-by: Marek Jasiński <jasins.marek@gmail.com>
Reviewed-on: #45
Reviewed-by: Marek Jaisński <jasins.marek@gmail.com>
Co-authored-by: Antigravity <antigravity@google.com>
Co-committed-by: Antigravity <antigravity@google.com>
2026-05-20 17:27:39 +00:00

📖 Nexus Reader

Nexus Reader is a state-of-the-art, cross-platform Blazor .NET 10 immersive e-book reader, powered by Native AOT, Clean Architecture, CQRS, and interactive D3.js Relationship Graphs built on vector-based AI semantics.


Features & Architecture Highlights

📁 Ingestion & Description persistence

  • Extracted and persistent book descriptions from EPUB package metadata during book ingestion.
  • The Description field propagates cleanly from the Ebook entity through Mapster to LastReadBookDto and UserProfileDto.
  • Implemented deep-link route activation: /reader/{bookId}?chapter=N.
  • Allows instant resume of reading session coordinates and loads the specific chapter chapter directly via URL query parameters.

🛡️ Downstream AI Resilience

  • Standard resilience engine in DependencyInjection.cs utilizing the Polly package (ai-retry).
  • Automatically intercepts, handles, and retries on both rate-limits (429 Too Many Requests) and downstream capacity overloads (503 ServiceUnavailable / high demand).

⚙️ Concurrent Request Deduplication

  • Multi-client InteractiveAuto Blazor circuit synchronization is backed by a thread-safe active task registry in KnowledgeService which ensures that identical concurrent requests await a single shared task instance, eliminating redundant LLM queries.

🛠️ Build & Verification Gate

Ensure the dotnet workload matches the active SDK, and compile the full solution utilizing:

dotnet build NexusReader.slnx --no-restore

Run test suite:

dotnet test --no-restore
S
Description
No description provided
Readme 16 MiB
Languages
C# 46.2%
HTML 25.8%
CSS 23%
JavaScript 4.1%
Shell 0.8%
Other 0.1%