Give bit Boilerplate AI Chatbot fresh access to the user auth state (#11955)

[ysmoradi]

closes #11955

Summary by CodeRabbit

• New Features

  • Added sign-in modal within chat for seamless user authentication
  • AI chat now personalizes initial greeting with user's display name

• Localization

  • Updated AI chat greetings across 10 supported languages to support personalized name insertion

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

The changes integrate sign-in functionality into the AI chatbot by adding authentication awareness, enabling the chatbot to prompt users to sign in via a modal, pass user context through the chat pipeline, and personalize greetings with the user's display name across multiple languages.

Changes

Cohort / File(s)	Summary
Client-Side Sign-In Integration src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/AppClientCoordinator.cs, src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/AppAiChatPanel.razor.cs	Added SignInModalService dependency and signal handler for SHOW_SIGN_IN_MODAL message. Extended AppAiChatPanel with CurrentUser cascading parameter to personalize initial AI response with user's display name.
Server-Side Chatbot Authentication src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppChatbot.cs, src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.Chatbot.cs, src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.cs	Introduced ShowSignInModal tool method for AI to invoke authentication flow. Extended ProcessNewMessage to accept ClaimsPrincipal user parameter and generate per-message authentication-aware variables. Updated hub to pass current user context. Explicitly updated HttpContext.User during authentication state changes.
System Prompt Documentation src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Data/Configurations/Chatbot/SystemPromptConfiguration.cs	Enhanced documentation with sign-in requirements across multiple sections. Added Authentication Tool section detailing ShowSignInModal utility. Modified unresolved-issues flow to automatically collect user email and save conversation history instead of manual follow-up.
Shared Messaging src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Services/SharedAppMessages.cs	Added SHOW_SIGN_IN_MODAL public constant to signal sign-in modal display and user input wait.
Localized Resource Strings src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.*\.resx (ar, de, es, fa, fr, hi, nl, resx, sv, zh)	Updated AiChatPanelInitialResponse across all language variants to include {0} placeholder enabling dynamic insertion of user display name into greeting.

Sequence Diagram

sequenceDiagram
    participant Client
    participant AppClientCoordinator
    participant SignInModalService
    participant HubConnection
    participant AppChatbot
    participant AppHub
    participant AppDbContext
    
    rect rgb(200, 220, 240)
    Note over Client,AppDbContext: Sign-In Flow Initiated by Chatbot
    AppChatbot->>AppChatbot: ShowSignInModal() invoked by AI
    AppChatbot->>HubConnection: Invoke SHOW_SIGN_IN_MODAL via SignalR
    HubConnection->>AppClientCoordinator: Receive SHOW_SIGN_IN_MODAL signal
    AppClientCoordinator->>SignInModalService: Call SignIn()
    SignInModalService->>Client: Display sign-in modal
    Client->>SignInModalService: User credentials submitted
    SignInModalService->>AppClientCoordinator: Return access token
    AppClientCoordinator->>HubConnection: Send token back
    HubConnection->>AppChatbot: Return UserDto
    end
    
    rect rgb(220, 240, 200)
    Note over AppChatbot,AppDbContext: Authenticated Chat Message Processing
    Client->>AppHub: Send chat message
    AppHub->>AppHub: Extract user from HttpContext
    AppHub->>AppChatbot: ProcessNewMessage(message, user)
    AppChatbot->>AppChatbot: Generate per-message auth-aware variables
    AppChatbot->>AppDbContext: Query user data for personalization
    AppChatbot->>Client: Return AI response with user context
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A sign-in modal hops into view,
The chatbot knows just who's who!
With user names and context aware,
Authentication flows everywhere~
From client to server, the user takes flight,
The AI chat now gets it just right! 🎯

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 63.64% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main objective: enabling the AI Chatbot to have fresh access to user authentication state, which aligns with the primary change across multiple files.
Linked Issues check	✅ Passed	The PR implements the requirement for AI chatbot awareness of user auth state changes through new sign-in modal support, user parameter passing, and auth state propagation across the application stack.
Out of Scope Changes check	✅ Passed	All code changes are directly related to the objective of enabling AI chatbot awareness of user auth state: sign-in modal integration, user parameter propagation, and localization updates for personalized greetings.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (3)

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.sv.resx (1)

1142-1144: Dynamic greeting placeholder in Swedish resource looks consistent

The {0} placeholder after “Hej” matches the base resource pattern and should work fine as long as call sites are updated as discussed for the main AppStrings.resx entry.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.fa.resx (1)

1139-1144: Persian AI chat greeting localized correctly with {0} placeholder

The updated Persian AiChatPanelInitialResponse follows the same {0} pattern as the base resource, enabling a personalized greeting while falling back cleanly when the argument is empty, assuming call sites are updated as already discussed.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.nl.resx (1)

1139-1144: Dutch AI chat greeting updated for dynamic user insertion

The Dutch AiChatPanelInitialResponse now accepts {0} after “Hallo”, matching the base pattern and enabling personalized greetings once call sites pass the appropriate argument.

🧹 Nitpick comments (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/AppClientCoordinator.cs (1)

297-302: Consider handling sign-in cancellation and errors.

The handler awaits SignIn() but doesn't handle the case where the user cancels the sign-in modal or an error occurs. If SignIn() fails or is cancelled, GetItem("access_token") may return a stale or null token.

Additionally, consider wrapping the sign-in call in InvokeAsync for consistency with other UI-affecting handlers in this file (e.g., lines 249-253, 259-263).

🔎 Proposed improvement

 hubConnection.Remove(SharedAppMessages.SHOW_SIGN_IN_MODAL);
 signalROnDisposables.Add(hubConnection.On(SharedAppMessages.SHOW_SIGN_IN_MODAL, async () =>
 {
-    await signInModalService.SignIn();
-    return await StorageService.GetItem("access_token");
+    return await InvokeAsync(async () =>
+    {
+        var success = await signInModalService.SignIn();
+        return success ? await StorageService.GetItem("access_token") : null;
+    });
 }));

Verify that SignInModalService.SignIn() returns a value indicating success/cancellation, or check the server-side handling in AppChatbot.ShowSignInModal for null/empty token scenarios.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 794e660 and 63cdcc5.

📒 Files selected for processing (17)

• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/AppClientCoordinator.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/AppAiChatPanel.razor.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Data/Configurations/Chatbot/SystemPromptConfiguration.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppChatbot.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.Chatbot.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.cs
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.ar.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.de.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.es.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.fa.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.fr.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.hi.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.nl.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.sv.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.zh.resx
• src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Services/SharedAppMessages.cs

🧰 Additional context used

🧬 Code graph analysis (3)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/AppClientCoordinator.cs (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Services/SharedAppMessages.cs (1)

• SharedAppMessages (9-127)

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.cs (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/Contracts/IAuthTokenProvider.cs (2)

• ClaimsPrincipal (9-9)
• ClaimsPrincipal (14-29)

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppChatbot.cs (2)

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Extensions/ClaimsPrincipalExtensions.cs (2)

• IsAuthenticated (5-8)
• GetEmail (20-23)

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Services/SharedAppMessages.cs (1)

• SharedAppMessages (9-127)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Agent
• GitHub Check: CodeQL analysis (csharp)

🔇 Additional comments (15)

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/Data/Configurations/Chatbot/SystemPromptConfiguration.cs (1)

71-123: Explicit “Requires sign-in” notes improve auth-aware guidance

Adding explicit “Requires sign-in.” bullets to Profile, Account, 2FA, Sessions, Dashboard, Categories, Products, Add/Edit Product, and Todo/Upgrade pages makes the auth requirements much clearer for the chatbot tools layer and aligns well with the PR objective.

Also applies to: 133-152

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.Chatbot.cs (1)

44-55: Passing HttpContext.User into ProcessNewMessage aligns chatbot with current auth state

Wiring Context.GetHttpContext()!.User through to ProcessNewMessage is exactly what you need so the chatbot can react to per-message authentication changes (e.g., after a mid-session sign-in).

The only assumption here is that Context.GetHttpContext() is never null in your hosting setup; if you ever host this hub in a context where HttpContext might be absent (tests, non-HTTP transports), you may want a null-guard and fallback to an anonymous principal.

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppHub.cs (1)

83-100: Syncing HttpContext.User with hub auth state is a solid improvement

Updating Context.GetHttpContext()!.User inside ChangeAuthenticationStateImplementation ensures any scoped services (like AppDbContext) that consult HttpContext.User see the current authentication state, which is important for the chatbot’s per-message behavior and for features keyed on the session.

As with the chatbot file, this assumes GetHttpContext() is never null for your hub connections. If there’s any chance of null (tests, alternate hosts), a defensive null-check with a fallback anonymous principal would avoid potential NullReferenceExceptions.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.resx (1)

1139-1144: Format argument is properly handled in code

The {0} placeholder in AiChatPanelInitialResponse is correctly implemented. The only usage in AppAiChatPanel.razor.cs (line 143) properly passes a format argument via the Localizer call, with conditional logic that passes an empty string for anonymous users or a space-prefixed display name for logged-in users. No runtime issues.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Services/SharedAppMessages.cs (1)

59-62: LGTM! New message constant properly defined.

The SHOW_SIGN_IN_MODAL constant is well-documented and follows the established pattern for server-to-client command messages. This enables the server to prompt the client to show the sign-in modal when needed, which aligns with the PR's objective of making the AI chatbot auth-aware.

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/AppAiChatPanel.razor.cs (3)

4-4: LGTM! Import added for user identity context.

The import enables access to the UserDto type used in the cascading parameter.

---

16-17: LGTM! Cascading parameter enables auth-aware chatbot.

The nullable CurrentUser parameter properly handles both authenticated and anonymous user scenarios, enabling the chatbot to personalize greetings and be aware of the user's authentication state.

---

143-143: LGTM! Greeting personalization logic is correct.

The implementation properly formats the greeting:

• When no user or empty DisplayName: passes empty string → "Greetings!"
• When user has DisplayName: passes " {name}" (with leading space) → "Greetings John!"

The ternary expression correctly handles null/empty cases, and the space is appropriately added in the C# code rather than the localized strings.

Note: The greeting is set when SetDefaultValues() is called (on init and chat clear). If a user signs in during an active chat session, the greeting won't update until the chat is cleared. This is likely acceptable UX, but worth noting.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.es.resx (1)

1143-1143: LGTM! Localization updated to support dynamic greeting across all supported languages.

The addition of the {0} placeholder enables personalized greetings with the user's display name. The positioning is grammatically correct across all 10 localization files (English, Arabic, German, Spanish, Farsi, French, Hindi, Dutch, Swedish, and Chinese), and the format string will work properly with the calling code that passes either an empty string or a space-prefixed name.

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/AppClientCoordinator.cs (1)

27-29: LGTM on dependency injections.

The SignInModalService injection follows the existing pattern and is appropriately placed within the SignalR-related dependencies block.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.fr.resx (1)

1142-1144: Localization placeholder added correctly.

The {0} placeholder enables dynamic personalization with the user's display name. The pattern is consistent across all locale files in this PR.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.ar.resx (1)

1142-1144: LGTM!

The placeholder addition aligns with the coordinated localization effort across all supported languages.

src/Templates/Boilerplate/Bit.Boilerplate/src/Shared/Resources/AppStrings.de.resx (1)

1142-1144: LGTM!

The German localization follows the same placeholder pattern for dynamic greeting personalization.

src/Templates/Boilerplate/Bit.Boilerplate/src/Server/Boilerplate.Server.Api/SignalR/AppChatbot.cs (2)

72-79: Good separation of per-session vs per-message variables.

The renaming to variablesDefault and the comment clarify the intent: these values are stable per SignalR connection. The per-message variablesPrompt (lines 114-122) correctly captures dynamic auth state.

---

95-100: LGTM on signature update.

Adding ClaimsPrincipal? user parameter enables per-message authentication awareness, aligning with the PR objective of making the chatbot aware of auth state changes.

[Copilot]

Pull request overview

This PR enhances the AI chatbot in the bit Boilerplate template by providing it with fresh access to user authentication state. The changes enable the chatbot to check if a user is authenticated, prompt for sign-in when accessing protected features, and personalize greetings with the user's name.

Key Changes:

• Added authentication state awareness to the chatbot by passing the current user's ClaimsPrincipal to chat processing
• Implemented a new sign-in modal mechanism that can be triggered by the chatbot via SignalR
• Updated chatbot system prompts to include authentication requirements for various pages and features
• Personalized initial chatbot greeting to include the user's display name when available

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 12 comments.

Show a summary per file

File	Description
SharedAppMessages.cs	Added new SHOW_SIGN_IN_MODAL message constant for chatbot-triggered authentication
AppStrings.*.resx (10 files)	Updated AI chat panel greeting messages to include user name placeholder across all localizations
AppHub.cs	Updates HttpContext.User when authentication state changes to ensure fresh auth state
AppHub.Chatbot.cs	Passes current user ClaimsPrincipal to chatbot message processing
AppChatbot.cs	Adds ShowSignInModal tool, authentication state variables, user info to chat context, and related imports/dependencies
SystemPromptConfiguration.cs	Documents authentication requirements for protected pages and adds instructions for using the ShowSignInModal tool
AppAiChatPanel.razor.cs	Personalizes initial greeting message with current user's display name
AppClientCoordinator.cs	Handles SHOW_SIGN_IN_MODAL message from server and returns access token after sign-in