Vamshi-Microsoft
diff --git a/‎.github/workflows/docker-build.yml‎
Lines changed: 94 additions & 0 deletions b/‎.github/workflows/docker-build.yml‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎content-gen/src/backend/app.py‎
Lines changed: 31 additions & 6 deletions b/‎content-gen/src/backend/app.py‎
Lines changed: 31 additions & 6 deletions
@@ -0,0 +1,94 @@
+name: Build Docker and Optional Push - Content Generation Solution Accelerator
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - demo
+    paths:
+      - 'content-gen/src/backend/**'
+      - 'content-gen/src/frontend/**'
+      - 'content-gen/src/frontend-server/**'
+      - '.github/workflows/docker-build.yml'
+  pull_request:
+    types:
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+    branches:
+      - main
+      - dev
+      - demo
+    paths:
+      - 'content-gen/src/backend/**'
+      - 'content-gen/src/frontend/**'
+      - 'content-gen/src/frontend-server/**'
+      - '.github/workflows/docker-build.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  actions: read
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Azure Container Registry
+        if: ${{ (github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo')) || (github.event_name == 'workflow_dispatch' && (github.ref_name == 'dependabotchanges'||github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo')) }}
+        uses: azure/docker-login@v2 
+        with:
+          login-server: ${{ secrets.ACR_LOGIN_SERVER }}
+          username: ${{ secrets.ACR_USERNAME }}
+          password: ${{ secrets.ACR_PASSWORD }}
+
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+        
+      - name: Output ACR Login Server
+        run: |
+          echo "ACR Login Server: ${{ secrets.ACR_LOGIN_SERVER }}"
+
+      - name: Determine Tag Name Based on Branch
+        id: determine_tag
+        run: |
+         if [[ "${{ github.ref_name }}" == "main" ]]; then
+          echo "tagname=latest" >> $GITHUB_OUTPUT
+         elif [[ "${{ github.ref_name }}" == "dev" ]]; then
+          echo "tagname=dev" >> $GITHUB_OUTPUT
+         elif [[ "${{ github.ref_name }}" == "demo" ]]; then
+          echo "tagname=demo" >> $GITHUB_OUTPUT
+         elif [[ "${{ github.ref_name }}" == "dependabotchanges" ]]; then
+          echo "tagname=dependabotchanges" >> $GITHUB_OUTPUT
+         else
+          echo "tagname=default" >> $GITHUB_OUTPUT
+       
+         fi      
+      - name: Build and Push Docker Image for Frontend Server
+        uses: docker/build-push-action@v6
+        with:
+          context: ./content-gen/src
+          file: ./content-gen/src/WebApp.Dockerfile
+          push: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo'  || github.ref_name == 'dependabotchanges'  }}
+          tags: |
+            ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}/content-gen-app:${{ steps.determine_tag.outputs.tagname }}
+            ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}/content-gen-app:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }}
+
+      - name: Build and Push Docker Image for Backend Server
+        uses: docker/build-push-action@v6
+        with:
+          context: ./content-gen/src/backend
+          file: ./content-gen/src/backend/ApiApp.Dockerfile
+          push: ${{ github.ref_name == 'main' || github.ref_name == 'dev' || github.ref_name == 'demo'  || github.ref_name == 'dependabotchanges' }}
+          tags: |
+            ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}/content-gen-api:${{ steps.determine_tag.outputs.tagname }}
+            ${{ secrets.ACR_LOGIN_SERVER || 'acrlogin.azurecr.io' }}/content-gen-api:${{ steps.determine_tag.outputs.tagname }}_${{ steps.date.outputs.date }}_${{ github.run_number }}
@@ -49,14 +49,14 @@ def get_authenticated_user():
     Get the authenticated user from EasyAuth headers.
     
     In production (with App Service Auth), the X-Ms-Client-Principal-Id header
-    contains the user's ID. In development mode, returns empty/None values.
+    contains the user's ID. In development mode, returns "anonymous".
     """
     user_principal_id = request.headers.get("X-Ms-Client-Principal-Id", "")
     user_name = request.headers.get("X-Ms-Client-Principal-Name", "")
     auth_provider = request.headers.get("X-Ms-Client-Principal-Idp", "")
 
     return {
-        "user_principal_id": user_principal_id or "",
+        "user_principal_id": user_principal_id or "anonymous",
         "user_name": user_name or "",
         "auth_provider": auth_provider or "",
         "is_authenticated": bool(user_principal_id)
@@ -216,7 +216,33 @@ async def parse_brief():
         logger.warning(f"Failed to save brief message to CosmosDB: {e}")
 
     orchestrator = get_orchestrator()
-    parsed_brief, clarifying_questions = await orchestrator.parse_brief(brief_text)
+    parsed_brief, clarifying_questions, rai_blocked = await orchestrator.parse_brief(brief_text)
+    
+    # Check if request was blocked due to harmful content
+    if rai_blocked:
+        # Save the refusal as assistant response
+        try:
+            cosmos_service = await get_cosmos_service()
+            await cosmos_service.add_message_to_conversation(
+                conversation_id=conversation_id,
+                user_id=user_id,
+                message={
+                    "role": "assistant",
+                    "content": clarifying_questions,  # This is the refusal message
+                    "agent": "ContentSafety",
+                    "timestamp": datetime.now(timezone.utc).isoformat()
+                }
+            )
+        except Exception as e:
+            logger.warning(f"Failed to save RAI response to CosmosDB: {e}")
+        
+        return jsonify({
+            "rai_blocked": True,
+            "requires_clarification": False,
+            "requires_confirmation": False,
+            "conversation_id": conversation_id,
+            "message": clarifying_questions
+        })
 
     # Check if we need clarifying questions
     if clarifying_questions:
@@ -1051,14 +1077,13 @@ async def list_conversations():
     List conversations for a user.
     
     Uses authenticated user from EasyAuth headers. In development mode
-    (when not authenticated), returns conversations where user_id is empty/null.
+    (when not authenticated), uses "anonymous" as user_id.
     
     Query params:
         limit: Max number of results (default 20)
     """
-    # Get authenticated user from headers
     auth_user = get_authenticated_user()
-    user_id = auth_user["user_principal_id"]  # Empty string if not authenticated
+    user_id = auth_user["user_principal_id"]
 
     limit = int(request.args.get("limit", 20))