Feature/chatbot notification integration
This Merge Request delivers a major update to the Support Service, transforming it into a resilient, AI-driven module. It introduces the advanced chatbot logic, a secure notification engine, and automated property polling from the Catalogue.
Key Changes
- AI Chatbot & RAG (Retrieval-Augmented Generation) Darvest Expert Assistant: Integrated OpenAI (GPT-4o) with a specialized system prompt focused on real-estate, blockchain, and NFTs.
Resilience: Added session recovery (automatic recreation on 404), fallback replies for quota/API issues, and support for anonymous multi-turn conversations.
Knowledge Integration: Aligned the chatbot logic to support context-aware responses (RAG) based on internal scraping data.
- Notification Engine & Security Ownership Security: Hardened the notification flow to prevent IDOR; users can only interact with their own notifications (enforced via JWT + Database checks).
Delivery Logic: Reordered notification sequences (Welcome -> KYC) for a better user onboarding experience.
Performance: Optimized template resolution and substring matching in the repository to prevent full-table scans.
- Catalogue Polling & External Integration Property Polling: Implemented PropertyPollingService to fetch new published projects from the Catalogue API and generate automated PROPERTY_ALERT notifications.
Cross-Service Clients: Added KycClient and CatalogueClient for seamless integration with the Gateway-backed ecosystem.
- Production & Observability Cloud-Ready Config: Added application-prod.yml with sanitized errors, graceful shutdown, and Actuator health probes for Kubernetes orchestration.
Observability: Standardized ApiErrorResponse and enhanced global exception handling for validation and malformed JSON.
Testing Performed Chatbot Flow: Verified session persistence and fallback mechanisms under API stress.
Security Scenarios: Confirmed that AccessDeniedException is thrown when attempting to read notifications belonging to other user IDs.
Polling Loop: Validated that property alerts are correctly deduplicated and created without breaking the scheduler thread.
Build: Verified that the production profile correctly disables Swagger and SQL logging as per security guidelines.