If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/microsoft/ailab shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

WAIT — Stale — last commit 2y ago

• 36+ active contributors
• Distributed ownership (top contributor 39% of recent commits)
• MIT licensed
• ⚠ Stale — last commit 2y ago
• ⚠ No CI workflows detected
• ⚠ No test directory detected

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live microsoft/ailab repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/microsoft/ailab.

What it runs against: a local clone of microsoft/ailab — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in microsoft/ailab | Confirms the artifact applies here, not a fork | | 2 | License is still MIT | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 712 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of microsoft/ailab. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/microsoft/ailab.git
#   cd ailab
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of microsoft/ailab and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "microsoft/ailab(\\.git)?\\b" \\
  && ok "origin remote is microsoft/ailab" \\
  || miss "origin remote is not microsoft/ailab (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(MIT)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"MIT\"" package.json 2>/dev/null) \\
  && ok "license is MIT" \\
  || miss "license drift — was MIT at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "BuildAnIntelligentBot/src/ChatBot/Startup.cs" \\
  && ok "BuildAnIntelligentBot/src/ChatBot/Startup.cs" \\
  || miss "missing critical file: BuildAnIntelligentBot/src/ChatBot/Startup.cs"
test -f "BuildAnIntelligentBot/src/ChatBot/EchoBot.cs" \\
  && ok "BuildAnIntelligentBot/src/ChatBot/EchoBot.cs" \\
  || miss "missing critical file: BuildAnIntelligentBot/src/ChatBot/EchoBot.cs"
test -f "BuildAnIntelligentBot/src/ChatBot/Controllers/BotController.cs" \\
  && ok "BuildAnIntelligentBot/src/ChatBot/Controllers/BotController.cs" \\
  || miss "missing critical file: BuildAnIntelligentBot/src/ChatBot/Controllers/BotController.cs"
test -f "BuildAnIntelligentBot/src/ChatBot/Dialogs/ReservationDialog.cs" \\
  && ok "BuildAnIntelligentBot/src/ChatBot/Dialogs/ReservationDialog.cs" \\
  || miss "missing critical file: BuildAnIntelligentBot/src/ChatBot/Dialogs/ReservationDialog.cs"
test -f "BuildAnIntelligentBot/src/ChatBot/Middlewares/PersonalityChatMiddleware.cs" \\
  && ok "BuildAnIntelligentBot/src/ChatBot/Middlewares/PersonalityChatMiddleware.cs" \\
  || miss "missing critical file: BuildAnIntelligentBot/src/ChatBot/Middlewares/PersonalityChatMiddleware.cs"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 712 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~682d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/microsoft/ailab"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Microsoft AI Lab is a monorepo hosting multiple AI/ML demonstration projects, with 'BuildAnIntelligentBot' being the flagship example—a C# ASP.NET Core chatbot that integrates Azure Cognitive Services (LUIS, QnA Maker, Text-to-Speech, Speech Translation, Personality Chat) to handle multi-turn conversations with NLU, custom speech recognition, and multilingual support via real-time translation middleware. Monorepo structure: BuildAnIntelligentBot/src/ChatBot/ contains the core ASP.NET Core app with layered architecture—Controllers/ (HTTP entry), Dialogs/ (conversation state machines like ReservationDialog.cs), Middlewares/ (cross-cutting concerns like PersonalityChatMiddleware.cs, TranslatorSpeechMiddleware.cs), Services/ (Azure API clients), Models/ (DTOs), wwwroot/built/ (compiled TypeScript UI). Configuration lives in appsettings.json.

AI/ML developers and engineers exploring Microsoft's Cognitive Services ecosystem who want production-grade bot examples with speech, NLU, and translation capabilities; also enterprise developers building conversational AI solutions needing full source code templates.

Actively developed showcase project (part of Microsoft's official AI Lab initiative), but showing signs of age—C# project targets .NET Framework era patterns (ASP.NET Core v2.x era based on middleware and Startup.cs structure), no obvious recent commit timestamps in the file listing, and no CI/test infrastructure visible. Verdict: Production-example quality but not actively maintained—safe to learn from but expect to modernize before production use.

Heavy dependency on Azure Cognitive Services (Speech, Text Translator, QnA Maker, Personality Chat) with hardcoded credential patterns in ConfigurationCredentialProvider.cs and AzureAuthenticationService.cs—service availability and cost directly impact functionality. Old Node.js engine requirement (~6.10.x) in DirectLineToActionsOnGoogleLib is severely outdated (Node 6 EOL'd in April 2019). No visible test coverage or dependency lock files suggest maintenance debt.

No recent activity signals visible in file listing; repo appears to be a static educational artifact maintained as a reference implementation rather than an active project. The inclusion in Microsoft's official AI Lab suggests it's curated for learning but not receiving feature development.

git clone https://github.com/microsoft/ailab.git
cd BuildAnIntelligentBot/src/ChatBot
dotnet restore ChatBot.csproj
dotnet build ChatBot.csproj
# Configure appsettings.json with Azure service credentials
dotnet run

Daily commands: Development: dotnet run from BuildAnIntelligentBot/src/ChatBot/ (requires appsettings.json with Azure keys). Frontend dev (if modifying TypeScript): npm install in wwwroot, then likely tsc or webpack (config not visible—check package.json in wwwroot). Serves HTTP on http://localhost:3978/ by default (Bot Controller exposes /api/messages).

• BuildAnIntelligentBot/src/ChatBot/Startup.cs — Configures dependency injection, middleware pipeline, and bot framework initialization—essential for understanding how all services are wired together
• BuildAnIntelligentBot/src/ChatBot/EchoBot.cs — Core bot logic and message routing; handles all incoming user activities and orchestrates dialog/middleware execution
• BuildAnIntelligentBot/src/ChatBot/Controllers/BotController.cs — HTTP entry point for all bot messages from the DirectLine channel; validates tokens and forwards activities to the adapter
• BuildAnIntelligentBot/src/ChatBot/Dialogs/ReservationDialog.cs — Demonstrates the dialog framework pattern used for multi-turn conversations; model for adding new dialogs
• BuildAnIntelligentBot/src/ChatBot/Middlewares/PersonalityChatMiddleware.cs — Shows middleware integration pattern for adding cognitive services; example of how to enrich bot responses
• BuildAnIntelligentBot/src/ChatBot/Services/TranslatorSpeechService.cs — Abstracts Azure Cognitive Services integration; demonstrates service layer pattern for external API calls
• BuildAnIntelligentBot/src/ChatBot/appsettings.json — Contains all Azure service keys and configuration—critical for local development and deployment setup

Add a new Cognitive Service Integration

1. Create a new service class in BuildAnIntelligentBot/src/ChatBot/Services/ that calls the Azure API (follow TranslatorSpeechService.cs pattern) (BuildAnIntelligentBot/src/ChatBot/Services/YourNewService.cs)
2. Register the service in the dependency injection container within Startup.cs (BuildAnIntelligentBot/src/ChatBot/Startup.cs)
3. Either call the service directly in EchoBot.cs or wrap it in a middleware class for non-invasive integration (BuildAnIntelligentBot/src/ChatBot/EchoBot.cs)
4. Add required Azure credentials to appsettings.json and load them via MySettings class binding (BuildAnIntelligentBot/src/ChatBot/appsettings.json)

Add a new Dialog Flow

1. Create a new dialog class in BuildAnIntelligentBot/src/ChatBot/Dialogs/ extending ComponentDialog; use ReservationDialog.cs as a template (BuildAnIntelligentBot/src/ChatBot/Dialogs/YourNewDialog.cs)
2. Define a data model class in BuildAnIntelligentBot/src/ChatBot/Models/ to hold dialog state (BuildAnIntelligentBot/src/ChatBot/Models/YourDialogData.cs)
3. Register the dialog in Startup.cs and add state accessor in EchoBotAccessors.cs (BuildAnIntelligentBot/src/ChatBot/Startup.cs)
4. Call the new dialog from EchoBot.cs when the appropriate user intent is detected (BuildAnIntelligentBot/src/ChatBot/EchoBot.cs)

Add Middleware for Message Processing

1. Create a new middleware class in BuildAnIntelligentBot/src/ChatBot/Middlewares/ implementing IMiddleware (see PersonalityChatMiddleware.cs example) (BuildAnIntelligentBot/src/ChatBot/Middlewares/YourNewMiddleware.cs)
2. Register and inject the middleware in the adapter pipeline within Startup.cs (BuildAnIntelligentBot/src/ChatBot/Startup.cs)
3. Override OnTurnAsync to intercept activities before/after bot logic execution (BuildAnIntelligentBot/src/ChatBot/Middlewares/YourNewMiddleware.cs)

Update Web Client UI

1. Modify the web client source TypeScript (not shown but built into wwwroot/built) or reference new card types from BuildAnIntelligentBot/src/ChatBot/wwwroot/built/CardBuilder.js (BuildAnIntelligentBot/src/ChatBot/wwwroot/default.htm)
2. Rebuild and deploy compiled JavaScript bundles to wwwroot/built/ directory (BuildAnIntelligentBot/src/ChatBot/wwwroot/built/Chat.js)
3. Reference new images or resources in BuildAnIntelligentBot/src/ChatBot/wwwroot/images/ (BuildAnIntelligentBot/src/ChatBot/wwwroot/images)

• Bot Framework SDK (C#) — Provides abstractions for multi-channel deployment (Teams, Slack, WebChat, DirectLine), built-in dialog and state management, and middleware pipeline
• Azure Cognitive Services (Speech, Translation, Text-to-Speech, QnA Maker) — Enables NLU, multi-language support, and voice interaction

Azure credentials in appsettings.json: Must manually populate service endpoints, API keys, and subscription IDs for Speech, Translator, LUIS, QnA Maker, Personality Chat—no defaults or mock values provided; app will fail silently on null credentials. Azure Translator Speech API deprecated: The code targets the old Speech Translation API (Translator Speech), which Microsoft retired in favor of Speech Services; may not work without updating Service references. Node 6.10 requirement: DirectLineToActionsOnGoogleLib package.json pins Node ~6.10.x (9+ years old)—npm install will fail on modern Node; this is a blocker for any Google Actions integration attempts. TypeScript source missing: wwwroot/built/ contains compiled JavaScript but no .ts source files visible—UI modifications require reverse-engineering from .js or finding source elsewhere. Dialog state persistence unclear: No visible database or state store configuration—production use would lose conversation state on app restart.

• Bot Framework Dialogs (State Machines) — ReservationDialog.cs shows how to model multi-turn conversations as composable state machines—core abstraction for any production chatbot avoiding spaghetti control flow
• Middleware Pipeline (ASP.NET Core + Bot Framework) — PersonalityChatMiddleware and TranslatorSpeechMiddleware demonstrate cross-cutting concerns (logging, translation, personality injection) without polluting dialog logic—essential pattern for clean bot architecture
• LUIS (Language Understanding Intelligent Service) — ReservationDialog.cs integrates LUIS for intent/entity extraction—understanding how NLU models augment bot responses is critical for scalable conversational AI
• Azure Cognitive Services Authentication (Bearer Tokens) — AzureAuthenticationService.cs handles token refresh for Azure APIs—understanding token lifecycle and credential rotation is non-obvious but essential for production bots
• Adaptive Cards — AdaptiveCardContainer.js renders rich, platform-agnostic UI responses—modern alternative to hardcoded HTML for structured bot output
• Text-to-Speech (Speech Synthesis) & Speech-to-Text (Recognition) — TextToSpeechService.cs and TranslatorSpeechService.cs show how to add voice I/O—critical for accessibility and voice-first bot UX
• Direct Line API (Bot Connector Protocol) — BotController.cs exposes /api/messages endpoint using Direct Line protocol—this is how web clients, mobile apps, and external services communicate with bots independent of platform

• microsoft/botbuilder-js — Official Bot Framework SDK that BuildAnIntelligentBot uses; understanding the core framework is essential for dialog and middleware patterns
• microsoft/botbuilder-samples — Microsoft's official bot samples repo with more up-to-date examples and better-maintained dialog/NLU patterns than this AI Lab repo
• Azure-Samples/cognitive-services-speech-sdk — Official Speech Services SDK samples—needed if you want to replace the deprecated Translator Speech API with modern Speech-to-Text/Translation
• Azure-Samples/luis-nodejs-sample — LUIS integration examples; complements ReservationDialog.cs pattern for NLU intent handling
• microsoft/ailab — This is the parent repo itself—contains other AI projects (Sketch 2 Code, Style Transfer, JFK Files) alongside Build a Bot for cross-project learning

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add unit tests for ChatBot service layer (AzureAuthenticationService, TextToSpeechService, TranslatorSpeechService, TranslatorTextService)

The Services directory (BuildAnIntelligentBot/src/ChatBot/Services/) contains critical Azure integration logic for authentication, text-to-speech, and translation, but there are no corresponding test files. This is high-risk code that deserves coverage, especially for token handling in AzureAuthenticationService.cs and error scenarios in the translator services.

• [ ] Create BuildAnIntelligentBot/src/ChatBot.Tests/ directory structure
• [ ] Add unit tests for AzureAuthenticationService.cs covering token refresh, expiration, and error handling
• [ ] Add integration tests for TextToSpeechService.cs with mock Azure responses
• [ ] Add tests for TranslatorSpeechService.cs and TranslatorTextService.cs covering language detection and translation edge cases
• [ ] Add .csproj file for the test project with xUnit/Moq dependencies

Add GitHub Actions CI/CD workflow to validate C# builds and run tests

The repo contains a production C# chatbot application but has no CI pipeline. A GitHub Actions workflow would catch build failures, dependency issues, and test regressions on every PR. This is critical for a public AI sample repo that contributors will fork and learn from.

• [ ] Create .github/workflows/dotnet-build.yml that runs on PR and push events
• [ ] Configure the workflow to restore NuGet dependencies from BuildAnIntelligentBot/src/ChatBot/ChatBot.csproj
• [ ] Add build step using dotnet CLI for the ChatBot project
• [ ] Add test step to run any unit tests from the test project (once created)
• [ ] Configure workflow to validate that appsettings.json structure is preserved

Document the middleware pipeline and add code comments to PersonalityChatMiddleware.cs and TranslatorSpeechMiddleware.cs

The Middlewares directory contains sophisticated intent processing for personality and translation, but these are undocumented. New contributors cannot understand the middleware execution order, dependencies on EchoBotAccessors.cs, or how they integrate with the dialog system. The readme.md in BuildAnIntelligentBot/src/ChatBot/ does not explain this flow.

• [ ] Add XML documentation comments to PersonalityChatMiddleware.cs explaining personality scoring and fallback behavior
• [ ] Add XML documentation comments to TranslatorSpeechMiddleware.cs explaining language detection and translation flow
• [ ] Add sequence diagram or flowchart to BuildAnIntelligentBot/src/ChatBot/readme.md showing: BotController → Middleware Stack → Dialogs → Services
• [ ] Document the role of EchoBotAccessors.cs in state management across the middleware pipeline
• [ ] Add example appsettings.json entries required for each middleware

• Add unit tests for Services/TextToSpeechService.cs and Services/TranslatorTextService.cs—currently zero test coverage visible, would help validate Azure API integration without live service calls (mock HttpClient, verify payload construction).
• Document the TypeScript/JavaScript build pipeline in wwwroot/—README doesn't explain how to rebuild .ts source files or what transpiler/bundler is used; add a BUILD.md with exact commands and tsconfig.json reference.
• Modernize DirectLineToActionsOnGoogleLib/package.json Node.js version from ~6.10.x to ^18.0.0 and update dependencies (actions-on-google, botframework-directlinejs) to latest—test against Google Actions integration example.

• High · Outdated Node.js Engine Version — package.json - engines.node field. The package.json specifies Node.js ~6.10.x, which is an extremely outdated version (released in 2017). Node.js 6.x reached end-of-life on April 30, 2019, and contains numerous known security vulnerabilities. This version lacks modern security patches and cryptographic improvements. Fix: Update to Node.js LTS version 18.x or higher. Modernize the entire dependency stack to compatible versions.
• High · Vulnerable Dependencies - Outdated Package Versions — package.json - dependencies section. Multiple dependencies are pinned to outdated versions with known CVEs: body-parser@1.18.3, express@4.16.4, node-fetch@2.3.0, and ws@6.1.4. These versions contain publicly disclosed security vulnerabilities including prototype pollution, request smuggling, and DoS attacks. Fix: Update all dependencies to their latest stable versions. Specifically: express to >=4.19.0, body-parser to latest, ws to >=8.x, and node-fetch to >=3.x. Run 'npm audit' and address all findings.
• High · Hardcoded Credentials Risk in Configuration Files — BuildAnIntelligentBot/src/ChatBot/appsettings.json. The presence of 'appsettings.json' in the C# project (BuildAnIntelligentBot/src/ChatBot/appsettings.json) may contain Azure authentication credentials, API keys, or connection strings. These configuration files are often checked into version control with sensitive data exposed. Fix: Move sensitive configuration to environment variables or Azure Key Vault. Never commit appsettings.json with real credentials. Use appsettings.example.json as a template. Add appsettings.*.json to .gitignore.
• High · Potential Credential Exposure in Authentication Services — BuildAnIntelligentBot/src/ChatBot/Services/AzureAuthenticationService.cs, Models/AzureAuthToken.cs, ConfigurationCredentialProvider.cs. The codebase contains multiple authentication-related files (AzureAuthenticationService.cs, AzureAuthToken.cs, ConfigurationCredentialProvider.cs) that may handle or store credentials. Without proper encryption and secure storage, these could expose sensitive authentication tokens. Fix: Implement secure credential storage using Azure Key Vault or similar. Never log or expose authentication tokens. Use certificate-based authentication where possible. Implement token expiration and rotation.
• Medium · Speech and Audio Services - Potential Man-in-the-Middle Attacks — BuildAnIntelligentBot/src/ChatBot/Services/TranslatorSpeechService.cs, TextToSpeechService.cs. Services communicating with Azure Speech and Translator APIs (TranslatorSpeechService.cs, TextToSpeechService.cs) may not enforce HTTPS/TLS pinning. API keys transmitted over untrusted connections could be intercepted. Fix: Enforce HTTPS only for all external API communications. Implement certificate pinning for sensitive endpoints. Validate SSL/TLS certificates. Use secure headers like HSTS.
• Medium · Potential XSS Vulnerability in Dialog and Middleware Components — BuildAnIntelligentBot/src/ChatBot/Dialogs/ReservationDialog.cs, Middlewares/PersonalityChatMiddleware.cs. Dialog handlers (ReservationDialog.cs) and middleware (PersonalityChatMiddleware.cs) process user input and may render responses in web UI without proper sanitization. This could lead to Cross-Site Scripting (XSS) attacks through bot responses. Fix: Implement strict input validation and output encoding. Use framework-provided sanitization methods. Apply Content Security Policy (CSP) headers. Validate and escape all user-provided data before rendering.
• Medium · Missing CORS Configuration and CSRF Protection — BuildAnIntelligentBot/src/ChatBot/Controllers/BotController.cs. The BotController.cs exposes API endpoints that may lack proper CORS (Cross-Origin Resource Sharing) validation and CSRF token verification. This could allow unauthorized cross-origin requests and token hijacking. Fix: Implement strict CORS policies with

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.