feat(next): integrate Intercom provider lifecycle in app layout (#2162)

* feat(intercom): add svelte-intercom provider, hidden launcher, reactive boot options, and logout shutdown

* fix(intercom): consolidate update calls and fix context scoping in snippet

- Consolidate redundant intercom.update() calls into single effect tracking route and visibility
- Extract getIntercom() into separate snippet to avoid context scoping issues
- Both changes prevent duplicate updates and ensure context is properly available

* Keep Intercom support flows on the message list

Root cause: the sidebar support action was opening a fresh composer instead of the existing message history, and the new auth test needed immediate consistency so the seeded user was visible before login. The current staged set also carries the Intercom boot/auth wiring that this branch has been validating.

* triage template

* feat(intercom): implement token refresh and support link fallback

- Adds JWT expiration (1 hour) and issued-at claims to the Intercom token on the backend.
- Configures the frontend query to automatically refresh the token every 55 minutes to ensure continuous authentication.
- Centralizes help and documentation links and provides a fallback to GitHub issues when the Intercom messenger is unavailable or disabled.

* Tighten Intercom token refresh and contracts

Root cause: the Intercom token query reused a static cache key across auth-session changes, and the new auth/intercom contract updates were missing their HTTP and OpenAPI baselines.

* Minimize Intercom lockfile changes

Root cause: the initial package-lock regeneration pulled in unrelated transitive resolver updates instead of only recording the new Intercom packages required by the feature.

* Refactor Intercom setup into a dedicated shell component

- Encapsulates Intercom provider, initializer, and fallback logic into a reusable `IntercomShell` component.
- Simplifies the main app layout by removing nested provider logic.
- Updates the backend auth controller to correctly return 401 for unauthenticated Intercom token requests and aligns the OpenAPI documentation.

* Cleanup and format Intercom shell components

- Standardize file line endings across Intercom-related files.
- Reorder imports and alphabetize mock keys in the test suite.
- Refine property formatting for consistency in the Intercom shell component and main app layout.

* fixed linting

Author: niemyjski

.claude/agents/triage.md

@@ -160,9 +160,18 @@ For actionable issues, produce a plan an engineer can execute immediately:
 - [ ] Visual verification: [if UI, what to check in browser]
 ```
 
-## Step 7 — Deliver Results
+## Step 7 — Present Findings & Get Direction
 
-**If triaging a GitHub issue**, post findings directly:
+**Do not jump straight to action.** Present your findings first and ask the user what they'd like to do next. The goal is to make sure we do the right thing based on the user's judgment.
+
+**If triaging a GitHub issue:**
+
+1. Present your findings to the user (classification, severity, impact, root cause, implementation plan)
+2. Thank the reporter for filing the issue
+3. Ask the user to review your findings and choose next steps before posting anything to GitHub
+4. Only post the triage comment to GitHub after the user confirms the direction
+
+When posting (after user approval):
 
 ```bash
 gh issue comment <NUMBER> --body "$(cat <<'EOF'
@@ -181,6 +190,9 @@ gh issue comment <NUMBER> --body "$(cat <<'EOF'
 
 ### Related
 - [Links to related issues, similar patterns found elsewhere]
+
+---
+Thank you for reporting this issue! If you have any additional information, reproduction steps, or context that could help, please don't hesitate to share — it's always valuable.
 EOF
 )"
 
@@ -213,11 +225,16 @@ After posting the triage comment:
 
 # Final Ask (Required)
 
-Before ending triage, always call `vscode_askQuestions` (askuserquestion) and ask whether they want:
+Before ending triage, always call `vscode_askQuestions` (askuserquestion) with the following:
 
-- Deeper analysis on any specific area
-- To hand off to `@engineer` immediately
-- To adjust severity or priority
-- Any other follow-up
+1. **Thank the user** for reporting/raising the issue
+2. **Present your recommended next steps** as options and ask which direction to go:
+   - Deeper analysis on any specific area
+   - Hand off to `@engineer` to implement the proposed plan
+   - Adjust severity or priority
+   - Request more information from the reporter
+   - Any other follow-up
+3. **Ask if they have additional context** — "Do you have any additional information or context that might help with this issue?"
+4. **Ask what to triage next** — "Is there another issue you'd like me to triage?"
 
-Do not end with findings alone — confirm next action.
+Do not end with findings alone — always confirm next action and prompt for the next issue.

src/Exceptionless.Web/ClientApp/package-lock.json

@@ -88,6 +88,7 @@
         "pretty-ms": "^9.3.0",
         "runed": "^0.37.1",
         "shiki": "^4.0.2",
+        "svelte-intercom": "^0.0.35",
         "svelte-sonner": "^1.1.0",
         "svelte-time": "^2.1.0",
         "tailwind-merge": "^3.5.0",
@@ -100,4 +101,4 @@
     "overrides": {
         "storybook": "$storybook"
     }
-}
+}

src/Exceptionless.Web/ClientApp/package.json

@@ -1,9 +1,16 @@
-import { useFetchClient } from '@exceptionless/fetchclient';
+import { env } from '$env/dynamic/public';
+import { getIntercomTokenSessionKey, intercomTokenRefreshIntervalMs } from '$features/intercom/config';
+import { ProblemDetails, useFetchClient } from '@exceptionless/fetchclient';
+import { createQuery } from '@tanstack/svelte-query';
 
 import type { Login, TokenResult } from './models';
 
 import { accessToken } from './index.svelte';
 
+const queryKeys = {
+    intercom: (accessToken: null | string) => ['Auth', 'intercom', getIntercomTokenSessionKey(accessToken)] as const
+};
+
 export async function cancelResetPassword(token: string) {
     const client = useFetchClient();
     const response = await client.post(`auth/cancel-reset-password/${token}`, {
@@ -38,6 +45,23 @@ export async function forgotPassword(email: string) {
     return await client.get(`auth/forgot-password/${email}`);
 }
 
+export function getIntercomTokenQuery() {
+    return createQuery<TokenResult, ProblemDetails>(() => ({
+        enabled: () => !!accessToken.current && !!env.PUBLIC_INTERCOM_APPID,
+        queryFn: async ({ signal }) => {
+            const client = useFetchClient();
+            const response = await client.getJSON<TokenResult>('auth/intercom', {
+                signal
+            });
+
+            return response.data!;
+        },
+        queryKey: queryKeys.intercom(accessToken.current),
+        refetchInterval: intercomTokenRefreshIntervalMs,
+        staleTime: intercomTokenRefreshIntervalMs
+    }));
+}
+
 /**
  * Checks if an email address is already in use.
  * @param email The email address to check
@@ -72,7 +96,6 @@ export async function login(email: string, password: string) {
 export async function logout() {
     const client = useFetchClient();
     await client.get('auth/logout', { expectedStatusCodes: [200, 401] });
-
     accessToken.current = '';
 }
 

src/Exceptionless.Web/ClientApp/src/lib/features/auth/api.svelte.ts

@@ -12,6 +12,7 @@ export {
     cancelResetPassword,
     changePassword,
     forgotPassword,
+    getIntercomTokenQuery,
     isEmailAddressTaken,
     login,
     logout,

src/Exceptionless.Web/ClientApp/src/lib/features/auth/index.svelte.ts

@@ -0,0 +1,26 @@
+import { supportIssuesHref } from '$features/shared/help-links';
+import { describe, expect, it, vi } from 'vitest';
+
+import { openSupportChat } from './chat';
+
+describe('openSupportChat', () => {
+    it('opens Intercom messages when the messenger is available', () => {
+        const intercom = {
+            showMessages: vi.fn()
+        };
+        const openWindow = vi.fn();
+
+        openSupportChat(intercom, openWindow);
+
+        expect(intercom.showMessages).toHaveBeenCalledOnce();
+        expect(openWindow).not.toHaveBeenCalled();
+    });
+
+    it('falls back to the support issues page when the messenger is unavailable', () => {
+        const openWindow = vi.fn();
+
+        openSupportChat(undefined, openWindow);
+
+        expect(openWindow).toHaveBeenCalledWith(supportIssuesHref, '_blank', 'noopener,noreferrer');
+    });
+});

src/Exceptionless.Web/ClientApp/src/lib/features/intercom/chat.test.ts

@@ -0,0 +1,14 @@
+import { supportIssuesHref } from '$features/shared/help-links';
+
+export interface IntercomMessenger {
+    showMessages: () => void;
+}
+
+export function openSupportChat(intercom: IntercomMessenger | null | undefined, openWindow: typeof globalThis.open = globalThis.open) {
+    if (intercom) {
+        intercom.showMessages();
+        return;
+    }
+
+    openWindow?.(supportIssuesHref, '_blank', 'noopener,noreferrer');
+}

src/Exceptionless.Web/ClientApp/src/lib/features/intercom/chat.ts

@@ -0,0 +1,31 @@
+import { describe, expect, it } from 'vitest';
+
+import {
+    getIntercomTokenSessionKey,
+    intercomJwtLifetimeMs,
+    intercomTokenRefreshIntervalMs,
+    intercomTokenRefreshLeadTimeMs,
+    shouldLoadIntercomOrganization
+} from './config';
+
+describe('intercom token refresh cadence', () => {
+    it('refreshes five minutes before a one-hour token expires', () => {
+        expect(intercomJwtLifetimeMs).toBe(60 * 60 * 1000);
+        expect(intercomTokenRefreshLeadTimeMs).toBe(5 * 60 * 1000);
+        expect(intercomTokenRefreshIntervalMs).toBe(55 * 60 * 1000);
+        expect(intercomTokenRefreshIntervalMs).toBe(intercomJwtLifetimeMs - intercomTokenRefreshLeadTimeMs);
+    });
+
+    it('uses a stable non-secret session key for the current auth token', () => {
+        expect(getIntercomTokenSessionKey(null)).toBeNull();
+        expect(getIntercomTokenSessionKey('token-a')).toBe(getIntercomTokenSessionKey('token-a'));
+        expect(getIntercomTokenSessionKey('token-a')).not.toBe('token-a');
+        expect(getIntercomTokenSessionKey('token-a')).not.toBe(getIntercomTokenSessionKey('token-b'));
+    });
+
+    it('only loads organization details after Intercom is active for the session', () => {
+        expect(shouldLoadIntercomOrganization(undefined, true)).toBe(false);
+        expect(shouldLoadIntercomOrganization('app_123', false)).toBe(false);
+        expect(shouldLoadIntercomOrganization('app_123', true)).toBe(true);
+    });
+});

src/Exceptionless.Web/ClientApp/src/lib/features/intercom/config.test.ts

@@ -0,0 +1,20 @@
+export const intercomJwtLifetimeMs = 60 * 60 * 1000;
+export const intercomTokenRefreshLeadTimeMs = 5 * 60 * 1000;
+export const intercomTokenRefreshIntervalMs = intercomJwtLifetimeMs - intercomTokenRefreshLeadTimeMs;
+
+export function getIntercomTokenSessionKey(accessToken: null | string) {
+    if (!accessToken) {
+        return null;
+    }
+
+    let hash = 0;
+    for (const character of accessToken) {
+        hash = (hash * 31 + character.charCodeAt(0)) >>> 0;
+    }
+
+    return hash.toString(36);
+}
+
+export function shouldLoadIntercomOrganization(intercomAppId: null | string | undefined, isIntercomTokenReady: boolean) {
+    return !!intercomAppId && isIntercomTokenReady;
+}

src/Exceptionless.Web/ClientApp/src/lib/features/intercom/config.ts

@@ -0,0 +1,55 @@
+import type { ViewCurrentUser, ViewOrganization } from '$lib/generated/api';
+
+import { describe, expect, it } from 'vitest';
+
+import { buildIntercomBootOptions } from './context.svelte';
+
+describe('buildIntercomBootOptions', () => {
+    it('returns undefined when the intercom token is missing', () => {
+        // Arrange
+        const user = { id: '67620d1818f5a40d98f3e812' } as ViewCurrentUser;
+
+        // Act
+        const result = buildIntercomBootOptions(user, undefined, undefined);
+
+        // Assert
+        expect(result).toBeUndefined();
+    });
+
+    it('builds boot options from the current user organization and token', () => {
+        // Arrange
+        const organizationCreatedUtc = '2024-12-21T01:23:45.000Z';
+        const user = {
+            email_address: 'test-user@example.com',
+            full_name: 'Test User',
+            id: '67620d1818f5a40d98f3e812'
+        } as ViewCurrentUser;
+        const organization = {
+            billing_price: 29,
+            created_utc: organizationCreatedUtc,
+            id: '67620d1818f5a40d98f3e999',
+            name: 'Acme Corp',
+            plan_id: 'unlimited'
+        } as ViewOrganization;
+
+        // Act
+        const result = buildIntercomBootOptions(user, organization, 'signed-intercom-token');
+
+        // Assert
+        expect(result).toEqual({
+            company: {
+                createdAt: String(Math.floor(Date.parse(organizationCreatedUtc) / 1000)),
+                id: organization.id,
+                monthlySpend: 29,
+                name: 'Acme Corp',
+                plan: 'unlimited'
+            },
+            createdAt: String(parseInt('67620d18', 16)),
+            email: 'test-user@example.com',
+            hideDefaultLauncher: true,
+            intercomUserJwt: 'signed-intercom-token',
+            name: 'Test User',
+            userId: user.id
+        });
+    });
+});