cleanup

Author: BenjaminMichaelis

EssentialCSharp.Chat.Shared/Extensions/ServiceCollectionExtensions.cs

@@ -17,13 +17,14 @@ public static class ServiceCollectionExtensions
 
     /// <summary>
     /// Dispatches to <see cref="AddLocalAIServices"/> or <see cref="AddAzureOpenAIServices"/>
-    /// based on <c>AIOptions:UseLocalAI</c>. Replaces the <c>if (!IsDevelopment())</c> guard in
-    /// Program.cs so that AI services are always registered regardless of environment.
+    /// based on <c>AIOptions:UseLocalAI</c>. AI chat requires either local AI mode
+    /// or a configured Azure/Foundry endpoint in every environment.
     /// </summary>
     public static IHostApplicationBuilder AddAIServices(
         this IHostApplicationBuilder builder,
         IConfiguration configuration)
     {
+        builder.Services.Configure<AIOptions>(configuration.GetSection("AIOptions"));
         var aiOptions = configuration.GetSection("AIOptions").Get<AIOptions>() ?? new AIOptions();
 
         if (aiOptions.UseLocalAI)
@@ -34,14 +35,11 @@ public static IHostApplicationBuilder AddAIServices(
         {
             builder.Services.AddAzureOpenAIServices(configuration);
         }
-        else if (!builder.Environment.IsDevelopment())
+        else
         {
-            // Non-development without an endpoint is a misconfiguration — fail loudly.
             throw new InvalidOperationException(
-                "AIOptions:Endpoint is required when UseLocalAI=false in non-development environments. " +
-                "Set the endpoint or enable local AI mode with aspire secret set Parameters:UseLocalAI true");
+                "AI chat requires either AIOptions:UseLocalAI=true or AIOptions:Endpoint to be configured.");
         }
-        // else: development + no config — graceful degradation, chat endpoints unavailable.
 
         return builder;
     }

EssentialCSharp.Chat.Shared/Services/LocalAIChatService.cs

@@ -94,10 +94,14 @@ private void WarnUnsupportedFeatures(
 #pragma warning restore OPENAI001
     {
         if (tools is not null || reasoningEffortLevel is not null)
+        {
             _logger.LogWarning("LocalAIChatService: ResponseTool and ReasoningEffortLevel are Azure-specific and are ignored in local mode.");
+        }
 
         if (enableContextualSearch)
+        {
             _logger.LogWarning("LocalAIChatService: Vector search (RAG) is disabled in local mode (Phase 1). Run in Azure mode to enable contextual search.");
+        }
     }
 
     private List<ChatMessage> BuildMessages(string prompt, string? systemPrompt, string? previousResponseId)

EssentialCSharp.Chat.Tests/ServiceCollectionExtensionsTests.cs

@@ -0,0 +1,79 @@
+using EssentialCSharp.Chat.Common.Extensions;
+using EssentialCSharp.Chat.Common.Services;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Hosting;
+
+namespace EssentialCSharp.Chat.Tests;
+
+public class ServiceCollectionExtensionsTests
+{
+    [Test]
+    public async Task AddAIServices_WhenDevelopmentWithoutConfiguration_ThrowsInvalidOperationException()
+    {
+        var builder = CreateBuilder(Environments.Development);
+
+        await Assert.That(() => builder.AddAIServices(builder.Configuration))
+            .Throws<InvalidOperationException>();
+    }
+
+    [Test]
+    public async Task AddAIServices_WhenUseLocalAI_RegistersLocalAIService()
+    {
+        var builder = CreateBuilder(
+            Environments.Development,
+            new Dictionary<string, string?>
+            {
+                ["AIOptions:UseLocalAI"] = bool.TrueString,
+                ["ConnectionStrings:ollama-chat"] = "Endpoint=http://localhost:11434;Model=qwen2.5-coder:7b"
+            });
+
+        builder.AddAIServices(builder.Configuration);
+
+        var descriptor = builder.Services.LastOrDefault(service => service.ServiceType == typeof(IAIChatService));
+        await Assert.That(descriptor).IsNotNull();
+        await Assert.That(descriptor!.ImplementationType).IsEqualTo(typeof(LocalAIChatService));
+    }
+
+    [Test]
+    public async Task AddAIServices_WhenAzureEndpointConfigured_RegistersAzureAIService()
+    {
+        var builder = CreateBuilder(
+            Environments.Production,
+            new Dictionary<string, string?>
+            {
+                ["AIOptions:Endpoint"] = "https://example.openai.azure.com/",
+                ["AIOptions:ChatDeploymentName"] = "chat",
+                ["AIOptions:VectorGenerationDeploymentName"] = "embeddings",
+                ["ConnectionStrings:PostgresVectorStore"] = "Host=test.postgres.database.azure.com;Database=app;Username=user"
+            });
+
+        builder.AddAIServices(builder.Configuration);
+
+        await Assert.That(builder.Services.Any(service => service.ServiceType == typeof(AIChatService))).IsTrue();
+        await Assert.That(builder.Services.Any(service => service.ServiceType == typeof(IAIChatService))).IsTrue();
+    }
+
+    [Test]
+    public async Task AddAIServices_WhenProductionWithoutConfiguration_ThrowsInvalidOperationException()
+    {
+        var builder = CreateBuilder(Environments.Production);
+
+        await Assert.That(() => builder.AddAIServices(builder.Configuration))
+            .Throws<InvalidOperationException>();
+    }
+
+    private static HostApplicationBuilder CreateBuilder(
+        string environmentName,
+        Dictionary<string, string?>? settings = null)
+    {
+        var builder = new HostApplicationBuilder(new HostApplicationBuilderSettings
+        {
+            EnvironmentName = environmentName
+        });
+
+        builder.Configuration.Sources.Clear();
+        builder.Configuration.AddInMemoryCollection(settings ?? []);
+        return builder;
+    }
+}

EssentialCSharp.Web.Tests/ChatControllerTests.cs

@@ -0,0 +1,90 @@
+using System.Security.Claims;
+using System.Text.Json;
+using EssentialCSharp.Chat.Common.Services;
+using EssentialCSharp.Web.Controllers;
+using EssentialCSharp.Web.Models;
+using EssentialCSharp.Web.Services;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Logging;
+using Moq;
+
+namespace EssentialCSharp.Web.Tests;
+
+public class ChatControllerTests
+{
+    [Test]
+    public async Task StreamMessage_MissingCaptchaToken_Returns403WithCaptchaRequired()
+    {
+        var controller = CreateController();
+
+        await controller.StreamMessage(new ChatMessageRequest { Message = "hello" });
+
+        var body = await ReadJsonResponse(controller.HttpContext.Response);
+        await Assert.That(controller.HttpContext.Response.StatusCode).IsEqualTo(StatusCodes.Status403Forbidden);
+        await Assert.That(body["errorCode"].GetString()).IsEqualTo("captcha_required");
+    }
+
+    [Test]
+    public async Task StreamMessage_InvalidCaptcha_Returns403WithCaptchaFailed()
+    {
+        var captchaService = new Mock<ICaptchaService>();
+        captchaService
+            .Setup(service => service.VerifyAsync("bad-token", It.IsAny<string?>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync(new HCaptchaResult { Success = false });
+
+        var controller = CreateController(captchaService: captchaService.Object);
+
+        await controller.StreamMessage(new ChatMessageRequest { Message = "hello", CaptchaToken = "bad-token" });
+
+        var body = await ReadJsonResponse(controller.HttpContext.Response);
+        await Assert.That(controller.HttpContext.Response.StatusCode).IsEqualTo(StatusCodes.Status403Forbidden);
+        await Assert.That(body["errorCode"].GetString()).IsEqualTo("captcha_failed");
+    }
+
+    [Test]
+    public async Task StreamMessage_CaptchaServiceUnavailable_Returns503WithCaptchaUnavailable()
+    {
+        var captchaService = new Mock<ICaptchaService>();
+        captchaService
+            .Setup(service => service.VerifyAsync("token", It.IsAny<string?>(), It.IsAny<CancellationToken>()))
+            .ReturnsAsync((HCaptchaResult?)null);
+
+        var controller = CreateController(captchaService: captchaService.Object);
+
+        await controller.StreamMessage(new ChatMessageRequest { Message = "hello", CaptchaToken = "token" });
+
+        var body = await ReadJsonResponse(controller.HttpContext.Response);
+        await Assert.That(controller.HttpContext.Response.StatusCode).IsEqualTo(StatusCodes.Status503ServiceUnavailable);
+        await Assert.That(body["errorCode"].GetString()).IsEqualTo("captcha_unavailable");
+    }
+
+    private static ChatController CreateController(
+        IAIChatService? aiChatService = null,
+        ICaptchaService? captchaService = null)
+    {
+        var httpContext = new DefaultHttpContext
+        {
+            User = new ClaimsPrincipal(new ClaimsIdentity([new Claim(ClaimTypes.Name, "test-user")], "TestAuth"))
+        };
+        httpContext.Response.Body = new MemoryStream();
+
+        var controller = new ChatController(
+            Mock.Of<ILogger<ChatController>>(),
+            aiChatService ?? new Mock<IAIChatService>(MockBehavior.Strict).Object,
+            captchaService ?? new Mock<ICaptchaService>(MockBehavior.Strict).Object)
+        {
+            ControllerContext = new ControllerContext { HttpContext = httpContext }
+        };
+
+        return controller;
+    }
+
+    private static async Task<Dictionary<string, JsonElement>> ReadJsonResponse(HttpResponse response)
+    {
+        response.Body.Position = 0;
+        using var reader = new StreamReader(response.Body, leaveOpen: true);
+        var json = await reader.ReadToEndAsync();
+        return JsonSerializer.Deserialize<Dictionary<string, JsonElement>>(json)!;
+    }
+}

EssentialCSharp.Web/Controllers/ChatController.cs

@@ -132,30 +132,44 @@ await Response.WriteAsJsonAsync(
     }
 
     /// <summary>
-    /// Verifies the hCaptcha token. Fails-open on service outage (returns success with warning)
-    /// since the endpoint is already protected by [Authorize] and rate limiting.
+    /// Verifies the hCaptcha token and denies chat access when verification cannot be completed.
     /// </summary>
     private async Task<(bool Success, IActionResult? Error)> VerifyCaptchaAsync(
         string? captchaToken, CancellationToken cancellationToken)
     {
         if (string.IsNullOrWhiteSpace(captchaToken))
-            return (false, StatusCode(StatusCodes.Status403Forbidden,
-                new { error = "Captcha verification required.", errorCode = "captcha_required", retryable = true }));
+            return (false, CreateCaptchaRequiredResult());
 
         var remoteIp = HttpContext.Connection.RemoteIpAddress?.ToString();
         var result = await _CaptchaService.VerifyAsync(captchaToken, remoteIp, cancellationToken);
 
         if (result is null)
         {
-            // hCaptcha service is unreachable — fail-open since [Authorize] + rate limiting still protect the endpoint.
-            _Logger.LogWarning("hCaptcha service unavailable for user {User} — allowing request", User.Identity?.Name);
-            return (true, null);
+            _Logger.LogWarning("hCaptcha service unavailable for user {User} — denying request", User.Identity?.Name);
+            return (false, CreateCaptchaUnavailableResult());
         }
 
         if (!result.Success)
-            return (false, StatusCode(StatusCodes.Status403Forbidden,
-                new { error = "Captcha verification failed.", errorCode = "captcha_failed", retryable = true }));
+            return (false, CreateCaptchaFailedResult());
 
         return (true, null);
     }
+
+    private ObjectResult CreateCaptchaRequiredResult() =>
+        StatusCode(StatusCodes.Status403Forbidden,
+            new { error = "Captcha verification required.", errorCode = "captcha_required", retryable = true });
+
+    private ObjectResult CreateCaptchaFailedResult() =>
+        StatusCode(StatusCodes.Status403Forbidden,
+            new { error = "Captcha verification failed.", errorCode = "captcha_failed", retryable = true });
+
+    private ObjectResult CreateCaptchaUnavailableResult() =>
+        StatusCode(StatusCodes.Status503ServiceUnavailable,
+            new
+            {
+                error = "Captcha verification is temporarily unavailable. Please try again later.",
+                errorCode = "captcha_unavailable",
+                retryable = true
+            });
+
 }

EssentialCSharp.Web/Program.cs

@@ -244,11 +244,10 @@ private static void Main(string[] args)
         // AIOptions__UseLocalAI=true enables Ollama local mode (set via aspire secret or dashboard).
         builder.AddAIServices(configuration);
 
-        // When using local Ollama, Polly's default 30s TotalRequestTimeout fires before LLM inference
-        // completes (qwen2.5-coder:7b consistently takes >30s). Override globally — this code path
-        // is only reached in local dev when UseLocalAI=true, so widening all clients is acceptable.
+        // When using local Ollama in development, Polly's default 30s TotalRequestTimeout fires
+        // before LLM inference completes (qwen2.5-coder:7b consistently takes >30s).
         var aiOptsForTimeout = configuration.GetSection("AIOptions").Get<EssentialCSharp.Chat.AIOptions>();
-        if (aiOptsForTimeout?.UseLocalAI == true)
+        if (builder.Environment.IsDevelopment() && aiOptsForTimeout?.UseLocalAI == true)
         {
             builder.Services.PostConfigureAll<HttpStandardResilienceOptions>(options =>
             {