feat(core): implement daily automated scanning and enhance error handling

- Add Hangfire recurring job for daily repository scanning at midnight UTC
- Enhance GitHub OAuth configuration validation with proper error handling
- Fix nullable reference warnings across multiple entities
- Simplify MainLayout by removing FluentThemeProvider wrapper
- Update documentation for dual authentication strategy (GitHub App + OAuth)
- Enhance Hangfire integration docs with recurring job configuration
- Update cursor rules to reflect Fluent UI usage

BREAKING CHANGE: Removed FluentThemeProvider from MainLayout.razor

Author: mackowski

.cursor/rules/coding-practices.mdc

@@ -35,9 +35,9 @@ You are a senior Blazor and .NET developer and an expert in `C#`, `ASP.NET Core`
 - Use `C#`'s expressive syntax (e.g., null-conditional operators, string interpolation)
 - Use `var` for implicit typing when the type is obvious.
 
-### Frontend Development (Blazor & MudBlazor)
-- Use `MudBlazor` components to build the UI for a consistent look and feel.
-- Adhere to a consistent styling and theming strategy using `MudBlazor`'s theme provider.
+### Frontend Development (Blazor & Fluent UI)
+- Use `Microsoft.FluentUI.AspNetCore.Components` to build the UI for a consistent look and feel.
+- Adhere to a consistent styling and theming strategy using Fluent UI's theme provider.
 - Manage application state carefully. For complex state, consider using a cascading parameter-based state container.
 
 ### Error Handling and Validation
@@ -119,4 +119,12 @@ You are a senior Blazor and .NET developer and an expert in `C#`, `ASP.NET Core`
 - Configure queues and workers appropriately for production environments.
 - Refer to `/docs/hangfire-integration.md` for more details.
 
+### Action Service
+- Use `IActionService` to process automated actions for policy violations.
+- The service supports three action types: `create-issue`, `archive-repo`, and `log-only`.
+- All actions are logged to the `ActionLog` table with status tracking.
+- Duplicate issue prevention is built-in for `create-issue` actions.
+- Individual action failures don't block processing of other violations.
+- Refer to `/docs/action-service.md` for detailed usage examples and configuration.
+
 Follow the official Microsoft documentation and `ASP.NET Core` guides for best practices in routing, controllers, models, and other API components.

.cursor/rules/setup.mdc

@@ -4,8 +4,14 @@ alwaysApply: true
 ---
 # Setup commands
 To run this project locally:
-1. `cd 10xGitHubPolicies.App`
-2. `dotnet restore`
-3. `dotnet run`
+1. `cd 10xGitHubPolicies`
+2. `docker-compose up -d`
+3. `cd 10xGitHubPolicies.App`
+4. `dotnet restore`
+5. `dotnet ef database update`
+6. `dotnet dev-certs https --trust`
+7. `dotnet run --launch-profile https`
 
-Alternatively, you can run from the root directory using `dotnet run --project 10xGitHubPolicies.App/10xGitHubPolicies.App.csproj`.
+Alternatively, you can run from the root directory using `dotnet run --project 10xGitHubPolicies.App/10xGitHubPolicies.App.csproj --launch-profile https`.
+
+**Important**: Always use the HTTPS profile to ensure OAuth authentication works correctly.

10xGitHubPolicies.App/Data/Entities/PolicyViolation.cs

@@ -18,5 +18,5 @@ public class PolicyViolation
     public Policy Policy { get; set; } = null!;
 
     [NotMapped]
-    public string PolicyType { get; set; }
+    public string PolicyType { get; set; } = string.Empty;
 }

10xGitHubPolicies.App/Program.cs

@@ -59,8 +59,8 @@
 })
 .AddGitHub(options =>
 {
-    options.ClientId = builder.Configuration["GitHub:ClientId"];
-    options.ClientSecret = builder.Configuration["GitHub:ClientSecret"];
+    options.ClientId = builder.Configuration["GitHub:ClientId"] ?? throw new InvalidOperationException("GitHub:ClientId is not configured");
+    options.ClientSecret = builder.Configuration["GitHub:ClientSecret"] ?? throw new InvalidOperationException("GitHub:ClientSecret is not configured");
     options.CallbackPath = "/signin-github";
     options.Scope.Add("read:org");
     options.SaveTokens = true; // Save access token for team verification
@@ -134,6 +134,16 @@
     Authorization = new[] { new HangfireAuthorizationFilter() }
 });
 
+// Configure recurring jobs
+RecurringJob.AddOrUpdate<IScanningService>(
+    "daily-scan",
+    service => service.PerformScanAsync(),
+    "0 0 * * *", // Daily at midnight UTC
+    new RecurringJobOptions
+    {
+        TimeZone = TimeZoneInfo.Utc
+    });
+
 // Add OAuth challenge endpoint
 app.MapGet("/challenge", async (HttpContext context) =>
 {

10xGitHubPolicies.App/Services/Configuration/ConfigurationService.cs

@@ -37,7 +37,7 @@ public ConfigurationService(
 
     public async Task<AppConfig> GetConfigAsync(bool forceRefresh = false)
     {
-        if (!forceRefresh && _cache.TryGetValue(AppConfigCacheKey, out AppConfig cachedConfig))
+        if (!forceRefresh && _cache.TryGetValue(AppConfigCacheKey, out AppConfig? cachedConfig) && cachedConfig != null)
         {
             _logger.LogInformation("Configuration found in cache.");
             return cachedConfig;
@@ -47,7 +47,7 @@ public async Task<AppConfig> GetConfigAsync(bool forceRefresh = false)
         try
         {
             // Double-check locking
-            if (!forceRefresh && _cache.TryGetValue(AppConfigCacheKey, out AppConfig configAfterLock))
+            if (!forceRefresh && _cache.TryGetValue(AppConfigCacheKey, out AppConfig? configAfterLock) && configAfterLock != null)
             {
                 _logger.LogInformation("Configuration found in cache after acquiring lock.");
                 return configAfterLock;

10xGitHubPolicies.App/Shared/MainLayout.razor

@@ -1,43 +1,40 @@
 @inherits LayoutComponentBase
+@using Microsoft.FluentUI.AspNetCore.Components
 
-<FluentThemeProvider>
-    <FluentLayout>
-        <FluentHeader>
-            <div style="display: flex; align-items: center; padding: 0 24px;">
-                <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size28.ShieldCheckmark)" style="font-size: 28px;" />
-                <span style="margin-left: 12px; font-size: var(--type-ramp-plus-2-font-size);">10x GitHub Policy Enforcer</span>
-            </div>
-            <FluentSpacer />
-            
-            <AuthorizeView>
-                <Authorized>
-                    <FluentStack Orientation="Orientation.Horizontal" VerticalAlignment="VerticalAlignment.Center">
-                        <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size20.Person)" />
-                        <span style="margin: 0 8px;">@context.User.Identity?.Name</span>
-                        <FluentButton Appearance="Appearance.Neutral" OnClick="Logout" Style="margin-left: 8px;">
-                            <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size20.Person)" />
-                        </FluentButton>
-                    </FluentStack>
-                </Authorized>
-                <NotAuthorized>
-                    <FluentButton Appearance="Appearance.Accent" OnClick="Login">
+<FluentLayout>
+    <FluentHeader>
+        <div style="display: flex; align-items: center; padding: 0 24px;">
+            <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size28.ShieldCheckmark)" style="font-size: 28px;" />
+            <span style="margin-left: 12px; font-size: var(--type-ramp-plus-2-font-size);">10x GitHub Policy Enforcer</span>
+        </div>
+        <FluentSpacer />
+        
+        <AuthorizeView>
+            <Authorized>
+                <FluentStack Orientation="Orientation.Horizontal" VerticalAlignment="VerticalAlignment.Center">
+                    <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size20.Person)" />
+                    <span style="margin: 0 8px;">@context.User.Identity?.Name</span>
+                    <FluentButton Appearance="Appearance.Neutral" OnClick="Logout" Style="margin-left: 8px;">
                         <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size20.Person)" />
-                        Login
                     </FluentButton>
-                </NotAuthorized>
-            </AuthorizeView>
-            
-            <FluentThemeSwitcher />
-        </FluentHeader>
-        <FluentStack Orientation="Orientation.Vertical" Style="width: 100%;">
-            <FluentBodyContent>
-                <div class="content" style="padding: 24px;">
-                    @Body
-                </div>
-            </FluentBodyContent>
-        </FluentStack>
-    </FluentLayout>
-</FluentThemeProvider>
+                </FluentStack>
+            </Authorized>
+            <NotAuthorized>
+                <FluentButton Appearance="Appearance.Accent" OnClick="Login">
+                    <FluentIcon Icon="@(Microsoft.FluentUI.AspNetCore.Components.Icons.Regular.Size20.Person)" />
+                    Login
+                </FluentButton>
+            </NotAuthorized>
+        </AuthorizeView>
+    </FluentHeader>
+    <FluentStack Orientation="Orientation.Vertical" Style="width: 100%;">
+        <FluentBodyContent>
+            <div class="content" style="padding: 24px;">
+                @Body
+            </div>
+        </FluentBodyContent>
+    </FluentStack>
+</FluentLayout>
 
 @code {
     [Inject] private NavigationManager Navigation { get; set; } = default!;

CHANGELOG.md

@@ -2,6 +2,28 @@
 
 All notable changes to this project will be documented in this file.
 
+## 1.1
+
+### Added
+- **Daily Automated Scanning**: Implemented recurring job configuration for automatic daily repository scanning
+  - Added `RecurringJob.AddOrUpdate()` configuration in `Program.cs` for daily scans at midnight UTC
+  - Scans run automatically without manual intervention using Hangfire's recurring job system
+  - Uses `IScanningService.PerformScanAsync()` for consistent scanning logic
+- **Enhanced Error Handling**: Improved configuration validation and error handling
+  - Added null checks and proper exception handling for GitHub OAuth configuration
+  - Enhanced error messages for missing configuration values
+
+### Changed
+- **UI Simplification**: Removed `FluentThemeProvider` wrapper from `MainLayout.razor` for cleaner component structure
+- **Code Quality**: Fixed nullable reference warnings across multiple files
+  - `PolicyViolation.cs`: Added default value for `PolicyType` property
+  - `ConfigurationService.cs`: Enhanced null checking for cached configuration
+- **Documentation**: Updated Hangfire integration documentation to include recurring job configuration
+
+### Fixed
+- **Nullable Reference Warnings**: Resolved compiler warnings for nullable reference types
+- **Configuration Caching**: Improved thread safety and null handling in configuration service
+
 ## 1.0
 
 ### Added

README.md

@@ -29,6 +29,10 @@ The 10x GitHub Policy Enforcer is a GitHub App with an accompanying web UI desig
 
 It uses a flexible policy evaluation engine to scan repositories for compliance with a centrally managed configuration file. When violations are found, it can automatically perform actions like creating issues in the repository or archiving it. The web dashboard provides a clear overview of your organization's compliance posture.
 
+The application uses a dual-authentication strategy:
+- **GitHub App**: For backend services to perform automated scans and actions
+- **GitHub OAuth App**: For user authentication to the web dashboard
+
 ---
 
 ## Features
@@ -132,7 +136,10 @@ The application will be available at:
 The application is configured via `appsettings.json` and user secrets for sensitive data.
 
 ### GitHub App Settings
-You need to configure the GitHub App settings. During development, it's required to use the .NET Secret Manager to keep secrets out of source control.
+The application uses a dual-authentication strategy requiring both a GitHub App (for backend services) and a GitHub OAuth App (for user authentication).
+
+#### GitHub App (Backend Services)
+The GitHub App is used by backend services to perform automated scans and actions against the GitHub API.
 
 1.  Initialize user secrets for the project (if you haven't already):
     ```sh
@@ -157,7 +164,27 @@ You need to configure the GitHub App settings. During development, it's required
     ```
     Replace `your-organization-name` with your GitHub organization's slug.
 
-### GitHub OAuth App Settings
+#### GitHub App Setup
+To create a GitHub App for backend services:
+
+1. Go to [GitHub Developer Settings](https://github.com/settings/apps)
+2. Click "New GitHub App"
+3. Configure the following:
+   - **GitHub App name**: 10x GitHub Policy Enforcer
+   - **Homepage URL**: `https://localhost:7040/` (for local development)
+   - **Webhook URL**: Leave empty for local development
+   - **Repository permissions**:
+     - **Administration**: Read & write (to archive repositories)
+     - **Contents**: Read-only (to check for file presence)
+     - **Issues**: Read & write (to create and check for duplicate issues)
+     - **Metadata**: Read-only (to list repositories)
+   - **Organization permissions**: None required
+4. After creating the app:
+   - Note the **App ID** (found on the app's general page)
+   - Generate a **Private Key** (download the `.pem` file)
+   - Install the app on your organization and note the **Installation ID**
+
+#### GitHub OAuth App (User Authentication)
 For user authentication, you need to create a GitHub OAuth App:
 
 1. Go to [GitHub Developer Settings](https://github.com/settings/developers)
@@ -227,7 +254,7 @@ Detailed documentation for specific features and integrations:
 
 ### In Scope (MVP)
 *   ✅ `[done]` Configuration managed via a single `config.yaml` file in the `.github` repository.
-*   ⏳ `[todo]` Daily and on-demand scanning of all active repositories.
+*   ✅ `[done]` Daily and on-demand scanning of all active repositories.
 *   ✅ `[done]` Core policies:
     *   ✅ `[done]` Verify presence of `AGENTS.md`.
     *   ✅ `[done]` Verify presence of `catalog-info.yaml`.
@@ -250,21 +277,13 @@ Detailed documentation for specific features and integrations:
 *   Repository-level exceptions or overrides in the UI.
 
 ### Ideas
-*   Secure /hangfire
 *   Logs - production
 *   Advanced policy types (e.g., checking file content)
 *   Action - PR Blocking
 *   Action - Log only
 *   Action - Slack notification
 *   Exception policies
-*   Getting team ownership and 
-
-
----
-
-## Project Status
-
-This project is currently **in development**. The immediate focus is on delivering the Minimum Viable Product (MVP) features outlined in the project scope.
+*   Getting team ownership 
 
 ---
 

docs/hangfire-integration.md

@@ -43,10 +43,11 @@ The dashboard is accessible at the `/hangfire` endpoint of the application (e.g.
 
 ## Usage in the Application
 
-Hangfire is primarily used in two places:
+Hangfire is used in three main scenarios:
 
 1.  **On-Demand Repository Scanning**: When a user clicks the "Scan Now" button on the dashboard.
-2.  **Processing Actions for Violations**: After a scan is completed, a job is enqueued to process the configured actions for any violations found using the `ActionService`.
+2.  **Daily Automated Scanning**: A recurring job that automatically scans all repositories daily at midnight UTC.
+3.  **Processing Actions for Violations**: After a scan is completed, a job is enqueued to process the configured actions for any violations found using the `ActionService`.
 
 ### Enqueuing a Scan
 
@@ -68,6 +69,32 @@ private async Task StartScan()
 
 By using `_backgroundJobClient.Enqueue()`, the `PerformScanAsync` method is executed on a background thread by a Hangfire worker. This immediately returns control to the UI, which can then display a "Scanning..." status to the user.
 
+### Daily Automated Scanning
+
+The application is configured with a recurring job that automatically scans all repositories daily:
+
+```csharp
+// Program.cs
+
+// Configure recurring jobs
+RecurringJob.AddOrUpdate<IScanningService>(
+    "daily-scan",
+    service => service.PerformScanAsync(),
+    "0 0 * * *", // Daily at midnight UTC
+    new RecurringJobOptions
+    {
+        TimeZone = TimeZoneInfo.Utc
+    });
+```
+
+This configuration:
+- **Job Name**: `"daily-scan"` - unique identifier for the recurring job
+- **Cron Expression**: `"0 0 * * *"` - runs daily at midnight UTC
+- **Timezone**: UTC to ensure consistent execution times
+- **Service**: Uses `IScanningService.PerformScanAsync()` for the actual scanning logic
+
+The recurring job ensures that all repositories are automatically scanned for policy compliance without manual intervention, providing continuous monitoring of organizational compliance.
+
 ### Enqueuing Actions Post-Scan
 
 In the `ScanningService`, after a scan is successfully completed and violations have been saved, a job is enqueued for the `IActionService` to process the results.