Restore cybersecurity user profile UX and personalize advisor responses

Add extended profile and onboarding APIs, signup knowledge level with optional timezone, chat profile context injection, and sidebar profile menu. Refresh Canvas Insights and Documents copy for security operations themes.

Co-authored-by: Cursor <cursoragent@cursor.com>

cybersecurity_config.yaml

@@ -8,6 +8,15 @@ app:
   primary_color: "#0F172A"
   logo_icon: "Shield"
   footer_text: "© 2026 Neon AI. All rights reserved."
+  user_avatars:
+    - { id: "shield-slate", icon: "Shield", color: "#0F172A", bg: "#F1F5F9" }
+    - { id: "user-blue", icon: "User", color: "#2563EB", bg: "#EFF6FF" }
+    - { id: "lock-red", icon: "Lock", color: "#DC2626", bg: "#FEF2F2" }
+    - { id: "terminal-green", icon: "Terminal", color: "#059669", bg: "#ECFDF5" }
+    - { id: "bug-amber", icon: "Bug", color: "#F59E0B", bg: "#FFFBEB" }
+    - { id: "server-cyan", icon: "Server", color: "#0891B2", bg: "#ECFEFF" }
+    - { id: "key-purple", icon: "KeyRound", color: "#7C3AED", bg: "#F3E8FF" }
+    - { id: "radar-rose", icon: "Radar", color: "#E11D48", bg: "#FFF1F2" }
 
 homepage:
   headline_prefix: "Strengthen Your Security Posture with"
@@ -31,15 +40,34 @@ homepage:
 login:
   subtitle: "Sign in to continue your security journey"
   signup_subtitle: "Create your account for personalized guidance from our cybersecurity advisor panel"
+  knowledge_levels:
+    - { value: "", label: "Select your cybersecurity knowledge level" }
+    - { value: "newcomer", label: "New to cybersecurity" }
+    - { value: "foundational", label: "Foundational — coursework or self-study" }
+    - { value: "practitioner", label: "Practitioner — hands-on experience" }
+    - { value: "experienced", label: "Experienced — multi-year professional" }
+    - { value: "expert", label: "Expert / specialist" }
+  timezones:
+    - { value: "", label: "Select timezone (optional)" }
+    - { value: "America/New_York", label: "Eastern (US)" }
+    - { value: "America/Chicago", label: "Central (US)" }
+    - { value: "America/Denver", label: "Mountain (US)" }
+    - { value: "America/Los_Angeles", label: "Pacific (US)" }
+    - { value: "America/Anchorage", label: "Alaska (US)" }
+    - { value: "Pacific/Honolulu", label: "Hawaii (US)" }
+    - { value: "Europe/London", label: "UK / Ireland" }
+    - { value: "Europe/Paris", label: "Central Europe" }
+    - { value: "Asia/Tokyo", label: "Japan" }
+    - { value: "Asia/Singapore", label: "Singapore" }
+    - { value: "Australia/Sydney", label: "Australia (East)" }
+    - { value: "UTC", label: "UTC" }
   academic_stages:
-    - { value: "", label: "Select your experience level" }
-    - { value: "student", label: "Student / Learner" }
-    - { value: "career-changer", label: "Career Changer" }
-    - { value: "junior-analyst", label: "Junior Analyst" }
-    - { value: "soc-analyst", label: "SOC Analyst" }
-    - { value: "engineer", label: "Security Engineer" }
-    - { value: "architect", label: "Architect / Lead" }
-    - { value: "manager", label: "Manager / Director" }
+    - { value: "", label: "Select your cybersecurity knowledge level" }
+    - { value: "newcomer", label: "New to cybersecurity" }
+    - { value: "foundational", label: "Foundational — coursework or self-study" }
+    - { value: "practitioner", label: "Practitioner — hands-on experience" }
+    - { value: "experienced", label: "Experienced — multi-year professional" }
+    - { value: "expert", label: "Expert / specialist" }
 
 chat_page:
   placeholder: "Ask your advisors about threats, controls, incidents, compliance, or your security career..."

multi_llm_chatbot_backend/app/api/routes/auth.py

@@ -1,6 +1,6 @@
 from fastapi import APIRouter, HTTPException, Depends, status
 from datetime import datetime, timedelta
-from app.models.user import UserCreate, UserLogin, User, Token, UserResponse
+from app.models.user import UserCreate, UserLogin, User, Token, UserResponse, UserUpdate
 from pydantic import BaseModel, model_validator
 from typing import Optional
 from app.core.auth import (
@@ -89,6 +89,18 @@ async def signup(user_data: UserCreate):
         # Insert user into database
         result = await db.users.insert_one(user.dict(by_alias=True))
         user.id = result.inserted_id
+
+        profile_seed = {}
+        if user_data.researchArea:
+            profile_seed["timezone"] = user_data.researchArea
+        if profile_seed:
+            profile_seed["user_id"] = user.id
+            profile_seed["updated_at"] = datetime.utcnow()
+            await db.user_profiles.update_one(
+                {"user_id": user.id},
+                {"$set": profile_seed},
+                upsert=True,
+            )
         
         # Create access token
         access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
@@ -225,23 +237,36 @@ async def change_password(
 
 @router.patch("/me", response_model=UserResponse)
 async def update_profile(
-    body: UpdateProfileRequest,
+    body: UserUpdate,
     current_user: User = Depends(get_current_active_user),
 ):
-    """
-    Update the authenticated user's profile fields.
-    @param body: UpdateProfileRequest with optional firstName and lastName
-    @param current_user: Authenticated user from dependency injection
-    @return: UserResponse with the updated profile information
-    """
+    """Update account fields (name, email, avatar, signup preferences)."""
     try:
-        updates = {}
-        if body.first_name is not None:
-            updates["firstName"] = body.first_name
-        if body.last_name is not None:
-            updates["lastName"] = body.last_name
         db = get_database()
+        updates = {k: v for k, v in body.dict().items() if v is not None}
+        if body.firstName is not None:
+            updates["firstName"] = body.firstName.strip()
+        if body.lastName is not None:
+            updates["lastName"] = body.lastName.strip()
+        if not updates:
+            return create_user_response(current_user)
+
+        if "email" in updates and updates["email"] != current_user.email:
+            existing = await get_user_by_email(updates["email"])
+            if existing:
+                raise HTTPException(
+                    status_code=status.HTTP_400_BAD_REQUEST,
+                    detail="Email already in use",
+                )
+
         await db.users.update_one({"_id": current_user.id}, {"$set": updates})
+        if body.researchArea:
+            await db.user_profiles.update_one(
+                {"user_id": current_user.id},
+                {"$set": {"timezone": body.researchArea, "updated_at": datetime.utcnow()},
+                 "$setOnInsert": {"user_id": current_user.id}},
+                upsert=True,
+            )
         updated_user = await db.users.find_one({"_id": current_user.id})
         return create_user_response(User(**updated_user))
 

multi_llm_chatbot_backend/app/api/routes/chat.py

@@ -22,6 +22,33 @@ logger = logging.getLogger(__name__)
 router = APIRouter()
 session_manager = get_session_manager()
 
+_PROFILE_FIELDS = [
+    "cyber_role", "organization_type", "primary_domains", "certifications",
+    "tools_stack", "compliance_focus", "current_goals", "learning_preferences", "timezone",
+]
+
+
+async def _attach_user_profile_context(session, user: User) -> None:
+    """Load Mongo profile + signup fields into session for persona prompts."""
+    try:
+        db = get_database()
+        profile = await db.user_profiles.find_one({"user_id": user.id}) or {}
+        parts = []
+        if user.academicStage:
+            parts.append(f"knowledge_level: {user.academicStage}")
+        if user.researchArea and not profile.get("timezone"):
+            parts.append(f"timezone: {user.researchArea}")
+        for key in _PROFILE_FIELDS:
+            val = profile.get(key)
+            if val:
+                if isinstance(val, list):
+                    val = ", ".join(str(v) for v in val)
+                parts.append(f"{key}: {val}")
+        if parts:
+            session.user_profile_context = "USER SECURITY PROFILE: " + "; ".join(parts)
+    except Exception as prof_err:
+        logger.warning(f"Could not load user profile: {prof_err}")
+
 # Enhanced data models
 class UserInput(BaseModel):
     user_input: str
@@ -91,6 +118,7 @@ async def chat_stream(
                 sid = await get_or_create_session_for_request_async(request)
 
             session = session_manager.get_session(sid)
+            await _attach_user_profile_context(session, current_user)
 
             # Append user message to in-memory session and persist to MongoDB
             session.append_message("user", message.user_input)

multi_llm_chatbot_backend/app/api/routes/onboarding.py

@@ -0,0 +1,150 @@
+# NEON AI (TM) SOFTWARE, Software Development Kit & Application Framework
+# All Rights Reserved 2008-2025
+# Licensed under the BSD 3-Clause License
+# https://opensource.org/licenses/BSD-3-Clause
+#
+# Copyright (c) 2008-2025, Neongecko.com Inc.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+# 3. Neither the name of the copyright holder nor the names of its contributors
+#    may be used to endorse or promote products derived from this software
+#    without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+import logging
+from datetime import datetime
+from typing import Any, Dict, Optional
+
+from fastapi import APIRouter, Depends
+from pydantic import BaseModel
+
+from app.api.routes.user_profile import _is_field_filled
+from app.core.auth import get_current_active_user
+from app.core.bootstrap import create_llm_client
+from app.core.database import get_database
+from app.core.onboarding_agent import OnboardingAgent, PROFILE_FIELDS
+from app.models.user import User
+
+LOG = logging.getLogger(__name__)
+
+router = APIRouter()
+
+ONBOARDING_COLLECTION = "onboarding_conversations"
+
+
+class OnboardingMessage(BaseModel):
+    user_input: str
+
+
+def _progress(profile: Dict[str, Any]) -> int:
+    filled = sum(1 for k, *_ in PROFILE_FIELDS if _is_field_filled(profile.get(k)))
+    return int(filled / len(PROFILE_FIELDS) * 100)
+
+
+def _next_missing_question(profile: Dict[str, Any]) -> Optional[str]:
+    """Return the human-friendly question for the first unfilled field."""
+    for key, question, _desc in PROFILE_FIELDS:
+        if not _is_field_filled(profile.get(key)):
+            return question
+    return None
+
+
+@router.get("/onboarding/start")
+async def onboarding_start(
+    current_user: User = Depends(get_current_active_user),
+) -> Dict[str, Any]:
+    """Return conversation history (if any) and current progress.
+
+    If the user has an in-progress conversation it is returned so the
+    frontend can restore the chat.  Otherwise a fresh contextual welcome
+    message is generated based on which fields are still missing.
+    """
+    db = get_database()
+    profile = await db.user_profiles.find_one({"user_id": current_user.id}) or {}
+    progress = _progress(profile)
+
+    if progress >= 100:
+        await db[ONBOARDING_COLLECTION].delete_many({"user_id": current_user.id})
+        return {
+            "messages": [{"role": "agent",
+                          "text": "Your profile is already complete! Feel free to update anything by chatting here."}],
+            "progress": 100,
+            "complete": True,
+        }
+
+    conv = await db[ONBOARDING_COLLECTION].find_one({"user_id": current_user.id})
+
+    if conv and conv.get("messages"):
+        return {
+            "messages": conv["messages"],
+            "progress": progress,
+            "complete": False,
+        }
+
+    next_q = _next_missing_question(profile)
+    if progress == 0:
+        greeting = (
+            f"Hey {current_user.firstName}! I'd like to learn a bit about your security background so "
+            "your advisors can tailor depth and examples. "
+            f"Let's start — {next_q.lower() if next_q else 'tell me about your role and goals!'}"
+        )
+    else:
+        greeting = (
+            f"Welcome back, {current_user.firstName}! You're {progress}% done. "
+            f"Let's pick up where we left off — {next_q.lower() if next_q else 'what else can you tell me?'}"
+        )
+
+    messages = [{"role": "agent", "text": greeting}]
+    await db[ONBOARDING_COLLECTION].update_one(
+        {"user_id": current_user.id},
+        {"$set": {"messages": messages, "updated_at": datetime.utcnow()},
+         "$setOnInsert": {"user_id": current_user.id}},
+        upsert=True,
+    )
+
+    return {"messages": messages, "progress": progress, "complete": False}
+
+
+@router.post("/onboarding/chat")
+async def onboarding_chat(
+    msg: OnboardingMessage,
+    current_user: User = Depends(get_current_active_user),
+) -> Dict[str, Any]:
+    db = get_database()
+    profile = await db.user_profiles.find_one({"user_id": current_user.id}) or {}
+
+    agent = OnboardingAgent(create_llm_client())
+    result = await agent.chat(msg.user_input, current_user.id, profile)
+
+    user_msg = {"role": "user", "text": msg.user_input}
+    agent_msg = {"role": "agent", "text": result["reply"]}
+
+    await db[ONBOARDING_COLLECTION].update_one(
+        {"user_id": current_user.id},
+        {"$push": {"messages": {"$each": [user_msg, agent_msg]}},
+         "$set": {"updated_at": datetime.utcnow()},
+         "$setOnInsert": {"user_id": current_user.id}},
+        upsert=True,
+    )
+
+    if result.get("complete"):
+        await db[ONBOARDING_COLLECTION].delete_many({"user_id": current_user.id})
+
+    return result

multi_llm_chatbot_backend/app/api/routes/user_profile.py

@@ -0,0 +1,177 @@
+import logging
+from datetime import datetime
+from typing import Any, Dict, List, Optional
+
+from fastapi import APIRouter, Depends
+from pydantic import BaseModel
+
+from app.core.auth import get_current_active_user
+from app.core.database import get_database
+from app.models.user import User
+from app.models.user_profile import UserProfileResponse, UserProfileUpdate
+
+LOG = logging.getLogger(__name__)
+
+router = APIRouter()
+
+PROFILE_FIELDS = [
+    "cyber_role",
+    "organization_type",
+    "primary_domains",
+    "certifications",
+    "tools_stack",
+    "compliance_focus",
+    "current_goals",
+    "learning_preferences",
+    "timezone",
+]
+
+LIST_FIELDS = {"primary_domains", "certifications", "tools_stack"}
+
+_SELECT_OPTIONS: Dict[str, List[str]] = {
+    "cyber_role": [
+        "Student / Learner",
+        "Career changer",
+        "SOC analyst",
+        "Security engineer",
+        "Architect / lead",
+        "Manager / director",
+        "Consultant",
+        "Other",
+    ],
+    "organization_type": [
+        "Startup",
+        "Mid-size company",
+        "Enterprise",
+        "Government / public sector",
+        "Education",
+        "MSP / MSSP",
+        "Independent / job seeker",
+    ],
+}
+
+
+def _is_field_filled(value: Any) -> bool:
+    if value is None:
+        return False
+    if isinstance(value, str):
+        return bool(value.strip())
+    if isinstance(value, list):
+        return len(value) > 0
+    return bool(value)
+
+
+def _calc_completion(doc: Dict[str, Any]) -> int:
+    filled = sum(1 for f in PROFILE_FIELDS if _is_field_filled(doc.get(f)))
+    return int(filled / len(PROFILE_FIELDS) * 100)
+
+
+_SELECT_LOOKUP: Dict[str, Dict[str, str]] = {
+    field: {opt.lower(): opt for opt in opts}
+    for field, opts in _SELECT_OPTIONS.items()
+}
+
+
+def _normalize_select(key: str, value: str) -> str:
+    lookup = _SELECT_LOOKUP.get(key)
+    if not lookup or not isinstance(value, str):
+        return value
+    v = value.strip()
+    if v.lower() in lookup:
+        return lookup[v.lower()]
+    for canonical_lower, canonical in lookup.items():
+        if canonical_lower in v.lower():
+            return canonical
+    return v
+
+
+def _normalize_field(key: str, value: Any) -> Any:
+    if key in LIST_FIELDS:
+        if isinstance(value, str):
+            return [s.strip() for s in value.split(",") if s.strip()]
+        if isinstance(value, list):
+            return value
+        return []
+    if key in _SELECT_OPTIONS:
+        return _normalize_select(key, value)
+    if isinstance(value, list):
+        return ", ".join(str(v) for v in value if v)
+    return value
+
+
+@router.get("/users/me/profile", response_model=UserProfileResponse)
+async def get_my_profile(
+    current_user: User = Depends(get_current_active_user),
+) -> UserProfileResponse:
+    db = get_database()
+    doc = await db.user_profiles.find_one({"user_id": current_user.id})
+    if not doc:
+        resp = UserProfileResponse(user_id=str(current_user.id))
+        if current_user.researchArea:
+            resp.timezone = current_user.researchArea
+        return resp
+    fields = {k: _normalize_field(k, doc.get(k)) for k in PROFILE_FIELDS}
+    return UserProfileResponse(
+        user_id=str(doc["user_id"]),
+        **fields,
+        advisor_notes=doc.get("advisor_notes"),
+        updated_at=doc.get("updated_at"),
+        completion_pct=_calc_completion(doc),
+    )
+
+
+@router.put("/users/me/profile", response_model=UserProfileResponse)
+async def update_my_profile(
+    updates: UserProfileUpdate,
+    current_user: User = Depends(get_current_active_user),
+) -> UserProfileResponse:
+    db = get_database()
+    update_data = {k: v for k, v in updates.dict().items() if v is not None}
+    update_data["updated_at"] = datetime.utcnow()
+    await db.user_profiles.update_one(
+        {"user_id": current_user.id},
+        {"$set": update_data, "$setOnInsert": {"user_id": current_user.id}},
+        upsert=True,
+    )
+    doc = await db.user_profiles.find_one({"user_id": current_user.id})
+    fields = {k: _normalize_field(k, doc.get(k)) for k in PROFILE_FIELDS}
+    return UserProfileResponse(
+        user_id=str(doc["user_id"]),
+        **fields,
+        advisor_notes=doc.get("advisor_notes"),
+        updated_at=doc.get("updated_at"),
+        completion_pct=_calc_completion(doc),
+    )
+
+
+class ClearDataRequest(BaseModel):
+    profile: bool = False
+    chats: bool = False
+    canvas: bool = False
+
+
+@router.post("/users/me/clear-data")
+async def clear_user_data(
+    req: ClearDataRequest,
+    current_user: User = Depends(get_current_active_user),
+) -> Dict[str, List[str]]:
+    db = get_database()
+    cleared: List[str] = []
+
+    if req.profile:
+        await db.user_profiles.delete_many({"user_id": current_user.id})
+        await db.onboarding_conversations.delete_many({"user_id": current_user.id})
+        cleared.append("profile")
+
+    if req.chats:
+        result = await db.chat_sessions.update_many(
+            {"user_id": current_user.id, "is_active": True},
+            {"$set": {"is_active": False, "updated_at": datetime.utcnow()}},
+        )
+        cleared.append(f"chats ({result.modified_count})")
+
+    if req.canvas:
+        await db.phd_canvases.delete_many({"user_id": str(current_user.id)})
+        cleared.append("canvas")
+
+    return {"cleared": cleared}

multi_llm_chatbot_backend/app/config.py

@@ -48,11 +48,19 @@ class FeatureConfig(_IconValidatorMixin):
     icon: str = "HelpCircle"
 
 
+class UserAvatarOption(BaseModel):
+    id: str
+    icon: str = "User"
+    color: str = "#2563EB"
+    bg: str = "#EFF6FF"
+
+
 class AppConfig(BaseModel):
     title: str = "Advisor Canvas"
     subtitle: str = "AI-Powered Guidance"
     primary_color: str = "#7C3AED"
     footer_text: str = ""
+    user_avatars: List[UserAvatarOption] = []
 
 
 class HomepageConfig(BaseModel):
@@ -72,6 +80,8 @@ class LoginConfig(BaseModel):
     subtitle: str = "Sign in to continue"
     signup_subtitle: str = "Create your account to get personalized guidance from expert advisors"
     academic_stages: List[AcademicStage] = []
+    knowledge_levels: List[AcademicStage] = []
+    timezones: List[AcademicStage] = []
 
 
 class ExampleCategory(_IconValidatorMixin):

multi_llm_chatbot_backend/app/core/auth.py

@@ -113,6 +113,7 @@ def create_user_response(user: User) -> UserResponse:
         email=user.email,
         academicStage=user.academicStage,
         researchArea=user.researchArea,
+        avatarId=user.avatarId,
         created_at=user.created_at,
         last_login=user.last_login
     )

multi_llm_chatbot_backend/app/core/database.py

@@ -73,6 +73,9 @@ async def create_indexes():
         await db.database.chat_sessions.create_index("user_id")
         await db.database.chat_sessions.create_index("created_at")
         await db.database.chat_sessions.create_index([("user_id", 1), ("created_at", -1)])
+
+        await db.database.user_profiles.create_index("user_id", unique=True)
+        await db.database.onboarding_conversations.create_index("user_id", unique=True)
         
         logger.info("Database indexes created successfully")
     except Exception as e:

multi_llm_chatbot_backend/app/core/improved_orchestrator.py

@@ -709,11 +709,6 @@ When analyzing the document context:
 
     Always cite your sources when referencing information from their documents using the format: "According to your [document_name]..." or "In your [section_name] from [document_name]..."
     """
-            
-            enhanced_context.append({
-                "role": "system",
-                "content": system_message
-            })
         else:
             # NO DOCUMENTS - Explicitly tell persona not to reference documents
             system_message = f"""{persona.system_prompt}
@@ -726,11 +721,17 @@ When analyzing the document context:
     3. Provide general guidance based on best practices in your area of expertise
 
     Do NOT make up document names or pretend to have access to files that don't exist."""
-            
-            enhanced_context.append({
-                "role": "system", 
-                "content": system_message
-            })
+
+        if hasattr(session, "user_profile_context") and session.user_profile_context:
+            system_message += (
+                f"\n\n{session.user_profile_context}\n"
+                "Use this background to calibrate technical depth, examples, and priorities."
+            )
+
+        enhanced_context.append({
+            "role": "system",
+            "content": system_message,
+        })
 
         # Add recent conversation messages (excluding system messages to avoid duplication)
         for message in recent_messages:

multi_llm_chatbot_backend/app/core/onboarding_agent.py

@@ -0,0 +1,178 @@
+"""
+OnboardingAgent — conversational profile gathering for cybersecurity advisors.
+"""
+
+import json
+import logging
+import re
+from datetime import datetime
+from typing import Any, Dict, List, Optional
+
+from app.core.database import get_database
+
+LOG = logging.getLogger(__name__)
+
+PROFILE_FIELDS: List[tuple] = [
+    ("cyber_role", "What best describes your role right now?",
+     "Job or learning role: student, SOC analyst, engineer, architect, manager, career changer, etc."),
+    ("organization_type", "What type of organization are you in (or targeting)?",
+     "Startup, enterprise, government, education, MSP, or independent/job seeker"),
+    ("primary_domains", "Which security domains do you focus on most?",
+     "Comma-separated areas such as network, cloud, appsec, GRC, IR, identity, OT"),
+    ("certifications", "Do you hold or are you pursuing any certifications?",
+     "List such as Security+, CySA+, CISSP, OSCP, CCSP, or none yet"),
+    ("tools_stack", "What tools or platforms do you work with regularly?",
+     "SIEM, EDR, cloud security, ticketing, SOAR, etc."),
+    ("compliance_focus", "Any compliance or regulatory frameworks you care about?",
+     "SOC 2, ISO 27001, NIST, HIPAA, PCI-DSS, FedRAMP, or none"),
+    ("current_goals", "What are you trying to accomplish in the next few months?",
+     "Incident readiness, certification, job search, architecture review, audit prep, etc."),
+    ("learning_preferences", "How do you prefer to learn new security concepts?",
+     "Hands-on labs, reading, videos, mentorship, certifications, capture-the-flag, etc."),
+    ("timezone", "What time zone are you usually in?",
+     "IANA timezone or region such as America/New_York, Europe/London, UTC"),
+]
+
+
+class OnboardingAgent:
+    def __init__(self, llm: Any) -> None:
+        self.llm = llm
+
+    SKIP_SENTINEL = "__skipped__"
+
+    @staticmethod
+    def _field_has_value(val: Any) -> bool:
+        if val is None:
+            return False
+        if isinstance(val, str):
+            return bool(val.strip())
+        if isinstance(val, list):
+            return len(val) > 0
+        return bool(val)
+
+    async def chat(self, user_input: str, user_id: Any, existing_profile: Dict[str, Any]) -> Dict[str, Any]:
+        filled = {k for k, _, _d in PROFILE_FIELDS
+                  if self._field_has_value(existing_profile.get(k))}
+        missing = [(k, q, desc) for k, q, desc in PROFILE_FIELDS if k not in filled]
+        completion = int(len(filled) / len(PROFILE_FIELDS) * 100)
+        current_field = missing[0][0] if missing else None
+
+        extracted = await self._extract_fields(user_input, missing, current_field)
+
+        db = get_database()
+        if extracted:
+            from app.api.routes.user_profile import _normalize_field
+            real_values: Dict[str, Any] = {}
+            skipped_keys: set = set()
+            for k, v in extracted.items():
+                if v == self.SKIP_SENTINEL:
+                    skipped_keys.add(k)
+                elif v:
+                    real_values[k] = _normalize_field(k, v)
+
+            update: Dict[str, Any] = {}
+            if real_values:
+                update.update(real_values)
+            for sk in skipped_keys:
+                update[sk] = ""
+
+            if update:
+                update["updated_at"] = datetime.utcnow()
+                await db.user_profiles.update_one(
+                    {"user_id": user_id},
+                    {"$set": update, "$setOnInsert": {"user_id": user_id}},
+                    upsert=True,
+                )
+                filled.update(real_values.keys())
+                filled.update(skipped_keys)
+                missing = [(k, q, desc) for k, q, desc in PROFILE_FIELDS if k not in filled]
+                completion = int(len(filled) / len(PROFILE_FIELDS) * 100)
+
+        if not missing:
+            return {
+                "reply": "Great — your security profile is complete. Your advisors will tailor depth, "
+                         "examples, and next steps to your role, tools, and goals.",
+                "progress": 100,
+                "complete": True,
+            }
+
+        reply = await self._generate_next_question(user_input, existing_profile, filled, missing)
+        return {"reply": reply, "progress": completion, "complete": False}
+
+    async def _extract_fields(
+        self, text: str, missing_fields: List[tuple], current_field: Optional[str] = None
+    ) -> Dict[str, Any]:
+        if not text.strip():
+            return {}
+        skip_instruction = ""
+        if current_field:
+            skip_instruction = (
+                f'\nThe question just asked was about "{current_field}". '
+                "If the user declines, refuses, says they don't know, says skip, "
+                f'return {{"{current_field}": "__skipped__"}}.'
+            )
+        field_descriptions = "\n".join(f'- "{k}": {desc}' for k, _q, desc in missing_fields)
+        system = (
+            "Extract cybersecurity profile fields from the user's message. "
+            "Return ONLY valid JSON with field names as keys. "
+            "For list fields return a JSON array. "
+            f"{skip_instruction}\n"
+            f"Fields:\n{field_descriptions}"
+        )
+        try:
+            raw = await self.llm.generate(
+                system_prompt=system,
+                context=[{"role": "user", "content": text}],
+                temperature=0.1,
+                max_tokens=512,
+            )
+            cleaned = re.sub(r"```(?:json)?", "", raw).strip()
+            m = re.search(r"\{.*\}", cleaned, re.DOTALL)
+            if m:
+                return json.loads(m.group(0))
+        except Exception as e:
+            LOG.warning(f"Extraction failed: {e}")
+        return {}
+
+    async def _generate_next_question(
+        self, user_input: str, profile: Dict[str, Any], filled: set, missing: List[tuple]
+    ) -> str:
+        filled_parts: List[str] = []
+        for k in filled:
+            val = profile.get(k)
+            if val:
+                filled_parts.append(f"{k}={val}")
+            else:
+                filled_parts.append(f"{k}=DECLINED")
+        filled_summary = ", ".join(filled_parts) or "nothing yet"
+        next_field_key, next_field_q, _ = missing[0]
+        system = (
+            "You are a friendly cybersecurity onboarding assistant. "
+            "You help users build a profile so AI security advisors can personalize answers.\n"
+            "RULES:\n"
+            "- Respond in exactly ONE short paragraph (2-3 sentences).\n"
+            "- Briefly acknowledge what they said, then ask ONE clear question.\n"
+            "- End with a question mark.\n"
+            "- No headings or labels like 'Question:'.\n"
+            "- If they skipped a topic, say 'No problem!' and move on.\n"
+            "- Never repeat topics already gathered or declined."
+        )
+        user_prompt = (
+            f"User just said: \"{user_input}\"\n"
+            f"Already gathered: {filled_summary}\n"
+            f"Next topic: {next_field_key} — {next_field_q}\n"
+            "Write a warm response that acknowledges them and asks about the next topic."
+        )
+        try:
+            reply = await self.llm.generate(
+                system_prompt=system,
+                context=[{"role": "user", "content": user_prompt}],
+                temperature=0.7,
+                max_tokens=300,
+            )
+            if reply and "?" not in reply:
+                reply = f"{reply} {next_field_q}"
+            return reply
+        except Exception as e:
+            LOG.error(f"Question generation failed: {e}")
+            return missing[0][1] if missing else "Tell me more about your security background!"

multi_llm_chatbot_backend/app/main.py

@@ -22,6 +22,8 @@ from app.api.routes import router as main_router
 from app.api.routes.auth import router as auth_router
 from app.api.routes.chat_sessions import router as chat_sessions_router
 from app.api.routes.phd_canvas import router as phd_canvas_router
+from app.api.routes.user_profile import router as user_profile_router
+from app.api.routes.onboarding import router as onboarding_router
 
 import logging
 
@@ -60,6 +62,8 @@ app.include_router(main_router)
 app.include_router(auth_router, prefix="/auth", tags=["authentication"])
 app.include_router(chat_sessions_router, prefix="/api", tags=["chat-sessions"])
 app.include_router(phd_canvas_router, prefix="/api", tags=["phd-canvas"])
+app.include_router(user_profile_router, prefix="/api", tags=["user-profile"])
+app.include_router(onboarding_router, prefix="/api", tags=["onboarding"])
 
 # Serve bundled avatar images
 _avatars_dir = Path(__file__).resolve().parent / "assets" / "avatars"

multi_llm_chatbot_backend/app/models/user.py

@@ -47,10 +47,20 @@ class User(BaseModel):
     hashed_password: str
     academicStage: Optional[str] = None
     researchArea: Optional[str] = None
+    avatarId: Optional[str] = None
     created_at: datetime = Field(default_factory=datetime.utcnow)
     last_login: Optional[datetime] = None
     is_active: bool = True
 
+class UserUpdate(BaseModel):
+    avatarId: Optional[str] = None
+    firstName: Optional[str] = None
+    lastName: Optional[str] = None
+    email: Optional[EmailStr] = None
+    academicStage: Optional[str] = None
+    researchArea: Optional[str] = None
+
+
 class UserResponse(BaseModel):
     id: str
     firstName: str
@@ -58,6 +68,7 @@ class UserResponse(BaseModel):
     email: str
     academicStage: Optional[str] = None
     researchArea: Optional[str] = None
+    avatarId: Optional[str] = None
     created_at: datetime
     last_login: Optional[datetime] = None
 

multi_llm_chatbot_backend/app/models/user_profile.py

@@ -0,0 +1,57 @@
+from datetime import datetime
+from typing import List, Optional
+
+from bson import ObjectId
+from pydantic import BaseModel, Field
+
+from app.models.user import PyObjectId
+
+
+class UserProfile(BaseModel):
+    class Config:
+        allow_population_by_field_name = True
+        arbitrary_types_allowed = True
+        json_encoders = {ObjectId: str}
+
+    id: PyObjectId = Field(default_factory=PyObjectId, alias="_id")
+    user_id: PyObjectId
+    cyber_role: Optional[str] = None
+    organization_type: Optional[str] = None
+    primary_domains: List[str] = []
+    certifications: List[str] = []
+    tools_stack: List[str] = []
+    compliance_focus: Optional[str] = None
+    current_goals: Optional[str] = None
+    learning_preferences: Optional[str] = None
+    timezone: Optional[str] = None
+    advisor_notes: Optional[str] = None
+    updated_at: datetime = Field(default_factory=datetime.utcnow)
+
+
+class UserProfileUpdate(BaseModel):
+    cyber_role: Optional[str] = None
+    organization_type: Optional[str] = None
+    primary_domains: Optional[List[str]] = None
+    certifications: Optional[List[str]] = None
+    tools_stack: Optional[List[str]] = None
+    compliance_focus: Optional[str] = None
+    current_goals: Optional[str] = None
+    learning_preferences: Optional[str] = None
+    timezone: Optional[str] = None
+    advisor_notes: Optional[str] = None
+
+
+class UserProfileResponse(BaseModel):
+    user_id: str
+    cyber_role: Optional[str] = None
+    organization_type: Optional[str] = None
+    primary_domains: List[str] = []
+    certifications: List[str] = []
+    tools_stack: List[str] = []
+    compliance_focus: Optional[str] = None
+    current_goals: Optional[str] = None
+    learning_preferences: Optional[str] = None
+    timezone: Optional[str] = None
+    advisor_notes: Optional[str] = None
+    updated_at: Optional[datetime] = None
+    completion_pct: int = 0

phd-advisor-frontend/src/components/AccountModal.js

@@ -0,0 +1,339 @@
+import React, { useState } from 'react';
+import { User, Mail, Save, Trash2, AlertTriangle, X, Loader2, CheckCircle, Lock, ChevronDown, ChevronUp, Eye, EyeOff } from 'lucide-react';
+import { useTheme } from '../contexts/ThemeContext';
+
+const AccountModal = ({ user, authToken, onClose, onAccountUpdated, onAccountDeleted }) => {
+  const { isDark } = useTheme();
+  const [firstName, setFirstName] = useState(user?.firstName || '');
+  const [lastName, setLastName] = useState(user?.lastName || '');
+  const [email, setEmail] = useState(user?.email || '');
+  const [saving, setSaving] = useState(false);
+  const [saved, setSaved] = useState(false);
+  const [error, setError] = useState(null);
+  const [showPassword, setShowPassword] = useState(false);
+  const [currentPassword, setCurrentPassword] = useState('');
+  const [newPassword, setNewPassword] = useState('');
+  const [confirmPassword, setConfirmPassword] = useState('');
+  const [changingPw, setChangingPw] = useState(false);
+  const [pwSuccess, setPwSuccess] = useState(false);
+  const [pwError, setPwError] = useState(null);
+  const [showCurrent, setShowCurrent] = useState(false);
+  const [showNew, setShowNew] = useState(false);
+  const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
+  const [deleting, setDeleting] = useState(false);
+  const [deleteInput, setDeleteInput] = useState('');
+
+  const hasChanges =
+    firstName !== (user?.firstName || '') ||
+    lastName !== (user?.lastName || '') ||
+    email !== (user?.email || '');
+
+  const handleSave = async () => {
+    if (!firstName.trim() || !email.trim()) {
+      setError('First name and email are required.');
+      return;
+    }
+    setSaving(true);
+    setError(null);
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/auth/me`, {
+        method: 'PATCH',
+        headers: { 'Authorization': `Bearer ${authToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ firstName: firstName.trim(), lastName: lastName.trim(), email: email.trim() }),
+      });
+      if (resp.ok) {
+        const updated = await resp.json();
+        setSaved(true);
+        if (onAccountUpdated) onAccountUpdated(updated);
+        setTimeout(() => setSaved(false), 2000);
+      } else {
+        const data = await resp.json().catch(() => ({}));
+        setError(data.detail || 'Failed to update account.');
+      }
+    } catch {
+      setError('Network error.');
+    } finally {
+      setSaving(false);
+    }
+  };
+
+  const handleChangePassword = async () => {
+    setPwError(null);
+    if (!currentPassword) { setPwError('Enter your current password.'); return; }
+    if (newPassword.length < 6) { setPwError('New password must be at least 6 characters.'); return; }
+    if (newPassword !== confirmPassword) { setPwError('New passwords do not match.'); return; }
+    setChangingPw(true);
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/auth/me/password`, {
+        method: 'POST',
+        headers: { 'Authorization': `Bearer ${authToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ current_password: currentPassword, new_password: newPassword }),
+      });
+      if (resp.ok) {
+        setPwSuccess(true);
+        setCurrentPassword(''); setNewPassword(''); setConfirmPassword('');
+        setTimeout(() => { setPwSuccess(false); setShowPassword(false); }, 2000);
+      } else {
+        const data = await resp.json().catch(() => ({}));
+        setPwError(data.detail || 'Failed to change password.');
+      }
+    } catch {
+      setPwError('Network error.');
+    } finally {
+      setChangingPw(false);
+    }
+  };
+
+  const handleDelete = async () => {
+    setDeleting(true);
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/auth/me`, {
+        method: 'DELETE',
+        headers: { 'Authorization': `Bearer ${authToken}` },
+      });
+      if (resp.ok) {
+        if (onAccountDeleted) onAccountDeleted();
+      } else {
+        setError('Failed to delete account.');
+        setShowDeleteConfirm(false);
+      }
+    } catch {
+      setError('Network error.');
+      setShowDeleteConfirm(false);
+    } finally {
+      setDeleting(false);
+    }
+  };
+
+  const overlay = {
+    position: 'fixed', inset: 0, background: 'rgba(0,0,0,0.5)',
+    display: 'flex', alignItems: 'center', justifyContent: 'center', zIndex: 9999,
+  };
+  const modal = {
+    background: isDark ? '#1f2937' : '#fff',
+    borderRadius: 16, padding: 28, width: 420, maxWidth: '92vw',
+    boxShadow: '0 20px 60px rgba(0,0,0,0.3)',
+    color: isDark ? '#f3f4f6' : '#111827',
+  };
+  const inputStyle = {
+    width: '100%', padding: '10px 12px', borderRadius: 10, fontSize: 14,
+    border: `1px solid ${isDark ? '#374151' : '#e5e7eb'}`,
+    background: isDark ? '#111827' : '#f9fafb',
+    color: isDark ? '#f3f4f6' : '#111827', outline: 'none',
+    boxSizing: 'border-box',
+  };
+  const labelStyle = {
+    display: 'block', fontSize: 12, fontWeight: 600,
+    color: isDark ? '#9ca3af' : '#6b7280', marginBottom: 5,
+  };
+
+  if (showDeleteConfirm) {
+    return (
+      <div style={overlay} onClick={() => setShowDeleteConfirm(false)}>
+        <div style={modal} onClick={e => e.stopPropagation()}>
+          <div style={{ textAlign: 'center', padding: '8px 0' }}>
+            <AlertTriangle size={48} style={{ color: '#ef4444', marginBottom: 14 }} />
+            <h3 style={{ margin: '0 0 10px', fontSize: 18 }}>Delete Account?</h3>
+            <p style={{ color: isDark ? '#9ca3af' : '#6b7280', fontSize: 13, lineHeight: 1.6, marginBottom: 18 }}>
+              This will <strong>permanently</strong> delete your account and all associated data
+              (profile, chats, canvas). This action cannot be undone.
+            </p>
+            <p style={{ fontSize: 13, marginBottom: 10 }}>
+              Type <strong>DELETE</strong> to confirm:
+            </p>
+            <input
+              value={deleteInput}
+              onChange={e => setDeleteInput(e.target.value)}
+              placeholder="DELETE"
+              style={{ ...inputStyle, textAlign: 'center', maxWidth: 200, margin: '0 auto 18px' }}
+            />
+            <div style={{ display: 'flex', gap: 10, justifyContent: 'center' }}>
+              <button
+                onClick={() => setShowDeleteConfirm(false)}
+                style={{
+                  padding: '10px 24px', borderRadius: 10,
+                  border: `1px solid ${isDark ? '#374151' : '#e5e7eb'}`,
+                  background: 'transparent', color: isDark ? '#d1d5db' : '#374151',
+                  fontSize: 14, cursor: 'pointer',
+                }}
+              >
+                Cancel
+              </button>
+              <button
+                onClick={handleDelete}
+                disabled={deleteInput !== 'DELETE' || deleting}
+                style={{
+                  padding: '10px 24px', borderRadius: 10, border: 'none',
+                  background: deleteInput === 'DELETE' ? '#ef4444' : (isDark ? '#374151' : '#e5e7eb'),
+                  color: deleteInput === 'DELETE' ? '#fff' : (isDark ? '#6b7280' : '#9ca3af'),
+                  fontSize: 14, fontWeight: 600, display: 'flex', alignItems: 'center', gap: 8,
+                  cursor: deleteInput === 'DELETE' ? 'pointer' : 'default',
+                  opacity: deleting ? 0.7 : 1,
+                }}
+              >
+                {deleting ? <Loader2 size={16} style={{ animation: 'spin 1s linear infinite' }} /> : <Trash2 size={16} />}
+                {deleting ? 'Deleting...' : 'Delete Forever'}
+              </button>
+            </div>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div style={overlay} onClick={onClose}>
+      <div style={modal} onClick={e => e.stopPropagation()}>
+        {/* Header */}
+        <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: 22 }}>
+          <div style={{ display: 'flex', alignItems: 'center', gap: 10 }}>
+            <User size={22} style={{ color: isDark ? '#60a5fa' : '#3b82f6' }} />
+            <h3 style={{ margin: 0, fontSize: 18 }}>Account</h3>
+          </div>
+          <button onClick={onClose} style={{ background: 'none', border: 'none', cursor: 'pointer', color: isDark ? '#9ca3af' : '#6b7280', padding: 4 }}>
+            <X size={20} />
+          </button>
+        </div>
+
+        {/* Fields */}
+        <div style={{ display: 'flex', gap: 12, marginBottom: 16 }}>
+          <div style={{ flex: 1 }}>
+            <label style={labelStyle}>First Name</label>
+            <input value={firstName} onChange={e => setFirstName(e.target.value)} style={inputStyle} />
+          </div>
+          <div style={{ flex: 1 }}>
+            <label style={labelStyle}>Last Name</label>
+            <input value={lastName} onChange={e => setLastName(e.target.value)} style={inputStyle} />
+          </div>
+        </div>
+
+        <div style={{ marginBottom: 20 }}>
+          <label style={labelStyle}>Email Address</label>
+          <div style={{ position: 'relative' }}>
+            <Mail size={16} style={{ position: 'absolute', left: 12, top: 12, color: isDark ? '#6b7280' : '#9ca3af' }} />
+            <input value={email} onChange={e => setEmail(e.target.value)} type="email" style={{ ...inputStyle, paddingLeft: 36 }} />
+          </div>
+        </div>
+
+        {/* Change Password */}
+        <div style={{
+          border: `1px solid ${isDark ? '#374151' : '#e5e7eb'}`, borderRadius: 12,
+          marginBottom: 20, overflow: 'hidden',
+        }}>
+          <button
+            onClick={() => { setShowPassword(!showPassword); setPwError(null); }}
+            style={{
+              width: '100%', padding: '10px 14px', display: 'flex', alignItems: 'center', gap: 8,
+              background: 'transparent', border: 'none', cursor: 'pointer',
+              color: isDark ? '#d1d5db' : '#374151', fontSize: 13, fontWeight: 600,
+            }}
+          >
+            <Lock size={15} />
+            Change Password
+            <span style={{ marginLeft: 'auto' }}>
+              {showPassword ? <ChevronUp size={16} /> : <ChevronDown size={16} />}
+            </span>
+          </button>
+          {showPassword && (
+            <div style={{ padding: '0 14px 14px' }}>
+              <div style={{ marginBottom: 10 }}>
+                <label style={labelStyle}>Current Password</label>
+                <div style={{ position: 'relative' }}>
+                  <input value={currentPassword} onChange={e => setCurrentPassword(e.target.value)}
+                    type={showCurrent ? 'text' : 'password'} style={inputStyle} placeholder="Enter current password" />
+                  <button onClick={() => setShowCurrent(!showCurrent)} style={{
+                    position: 'absolute', right: 8, top: 8, background: 'none', border: 'none',
+                    cursor: 'pointer', color: isDark ? '#6b7280' : '#9ca3af', padding: 2,
+                  }}>
+                    {showCurrent ? <EyeOff size={16} /> : <Eye size={16} />}
+                  </button>
+                </div>
+              </div>
+              <div style={{ marginBottom: 10 }}>
+                <label style={labelStyle}>New Password</label>
+                <div style={{ position: 'relative' }}>
+                  <input value={newPassword} onChange={e => setNewPassword(e.target.value)}
+                    type={showNew ? 'text' : 'password'} style={inputStyle} placeholder="At least 6 characters" />
+                  <button onClick={() => setShowNew(!showNew)} style={{
+                    position: 'absolute', right: 8, top: 8, background: 'none', border: 'none',
+                    cursor: 'pointer', color: isDark ? '#6b7280' : '#9ca3af', padding: 2,
+                  }}>
+                    {showNew ? <EyeOff size={16} /> : <Eye size={16} />}
+                  </button>
+                </div>
+              </div>
+              <div style={{ marginBottom: 12 }}>
+                <label style={labelStyle}>Confirm New Password</label>
+                <input value={confirmPassword} onChange={e => setConfirmPassword(e.target.value)}
+                  type={showNew ? 'text' : 'password'} style={inputStyle} placeholder="Re-enter new password" />
+              </div>
+              {pwError && (
+                <div style={{
+                  background: isDark ? 'rgba(239,68,68,0.12)' : '#fef2f2',
+                  color: '#ef4444', padding: '6px 10px', borderRadius: 8, fontSize: 12, marginBottom: 10,
+                }}>{pwError}</div>
+              )}
+              <button
+                onClick={handleChangePassword}
+                disabled={changingPw || !currentPassword || !newPassword}
+                style={{
+                  padding: '8px 20px', borderRadius: 10, border: 'none', fontSize: 13, fontWeight: 600,
+                  background: (currentPassword && newPassword) ? '#3b82f6' : (isDark ? '#374151' : '#e5e7eb'),
+                  color: (currentPassword && newPassword) ? '#fff' : (isDark ? '#6b7280' : '#9ca3af'),
+                  cursor: (currentPassword && newPassword) ? 'pointer' : 'default',
+                  display: 'flex', alignItems: 'center', gap: 7, opacity: changingPw ? 0.7 : 1,
+                }}
+              >
+                {changingPw ? <Loader2 size={14} style={{ animation: 'spin 1s linear infinite' }} /> :
+                 pwSuccess ? <CheckCircle size={14} /> : <Lock size={14} />}
+                {changingPw ? 'Updating...' : pwSuccess ? 'Password Changed!' : 'Update Password'}
+              </button>
+            </div>
+          )}
+        </div>
+
+        {error && (
+          <div style={{
+            background: isDark ? 'rgba(239,68,68,0.12)' : '#fef2f2',
+            color: '#ef4444', padding: '8px 12px', borderRadius: 8, fontSize: 13, marginBottom: 14,
+          }}>
+            {error}
+          </div>
+        )}
+
+        {/* Save */}
+        <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center' }}>
+          <button
+            onClick={handleSave}
+            disabled={!hasChanges || saving}
+            style={{
+              padding: '10px 24px', borderRadius: 10, border: 'none',
+              background: hasChanges ? '#3b82f6' : (isDark ? '#374151' : '#e5e7eb'),
+              color: hasChanges ? '#fff' : (isDark ? '#6b7280' : '#9ca3af'),
+              fontSize: 14, fontWeight: 600, cursor: hasChanges ? 'pointer' : 'default',
+              display: 'flex', alignItems: 'center', gap: 8, opacity: saving ? 0.7 : 1,
+            }}
+          >
+            {saving ? <Loader2 size={16} style={{ animation: 'spin 1s linear infinite' }} /> :
+             saved ? <CheckCircle size={16} /> : <Save size={16} />}
+            {saving ? 'Saving...' : saved ? 'Saved!' : 'Save Changes'}
+          </button>
+
+          <button
+            onClick={() => setShowDeleteConfirm(true)}
+            style={{
+              padding: '10px 16px', borderRadius: 10, border: 'none',
+              background: 'transparent', color: '#ef4444', fontSize: 13,
+              cursor: 'pointer', display: 'flex', alignItems: 'center', gap: 6,
+            }}
+          >
+            <Trash2 size={14} />
+            Delete Account
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default AccountModal;

phd-advisor-frontend/src/components/ClearDataModal.js

@@ -0,0 +1,185 @@
+import React, { useState } from 'react';
+import { Trash2, AlertTriangle, X, Loader2, CheckCircle } from 'lucide-react';
+import { useTheme } from '../contexts/ThemeContext';
+
+const ClearDataModal = ({ authToken, onClose, onDataCleared }) => {
+  const { isDark } = useTheme();
+  const [profile, setProfile] = useState(false);
+  const [chats, setChats] = useState(false);
+  const [canvas, setCanvas] = useState(false);
+  const [clearing, setClearing] = useState(false);
+  const [result, setResult] = useState(null);
+
+  const noneSelected = !profile && !chats && !canvas;
+
+  const handleClear = async () => {
+    if (noneSelected) return;
+    setClearing(true);
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/api/users/me/clear-data`, {
+        method: 'POST',
+        headers: {
+          'Authorization': `Bearer ${authToken}`,
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({ profile, chats, canvas }),
+      });
+      if (resp.ok) {
+        const data = await resp.json();
+        setResult(data.cleared);
+        if (onDataCleared) onDataCleared({ profile, chats, canvas });
+      } else {
+        setResult(['Error clearing data']);
+      }
+    } catch {
+      setResult(['Network error']);
+    } finally {
+      setClearing(false);
+    }
+  };
+
+  const overlay = {
+    position: 'fixed', inset: 0, background: 'rgba(0,0,0,0.5)',
+    display: 'flex', alignItems: 'center', justifyContent: 'center', zIndex: 9999,
+  };
+
+  const modal = {
+    background: isDark ? '#1f2937' : '#fff',
+    borderRadius: 16, padding: 28, width: 400, maxWidth: '90vw',
+    boxShadow: '0 20px 60px rgba(0,0,0,0.3)',
+    color: isDark ? '#f3f4f6' : '#111827',
+  };
+
+  const checkRow = {
+    display: 'flex', alignItems: 'center', gap: 12,
+    padding: '12px 14px', borderRadius: 10, cursor: 'pointer',
+    border: `1px solid ${isDark ? '#374151' : '#e5e7eb'}`,
+    marginBottom: 10, transition: 'all 0.15s ease',
+  };
+
+  const checkRowActive = (active) => ({
+    ...checkRow,
+    background: active
+      ? (isDark ? 'rgba(239,68,68,0.12)' : 'rgba(239,68,68,0.06)')
+      : 'transparent',
+    borderColor: active ? '#ef4444' : (isDark ? '#374151' : '#e5e7eb'),
+  });
+
+  const checkbox = (checked) => ({
+    width: 20, height: 20, borderRadius: 4, flexShrink: 0,
+    border: `2px solid ${checked ? '#ef4444' : (isDark ? '#6b7280' : '#9ca3af')}`,
+    background: checked ? '#ef4444' : 'transparent',
+    display: 'flex', alignItems: 'center', justifyContent: 'center',
+    transition: 'all 0.15s ease', color: '#fff', fontSize: 13, fontWeight: 700,
+  });
+
+  if (result) {
+    return (
+      <div style={overlay} onClick={onClose}>
+        <div style={modal} onClick={(e) => e.stopPropagation()}>
+          <div style={{ textAlign: 'center', padding: '16px 0' }}>
+            <CheckCircle size={48} style={{ color: '#22c55e', marginBottom: 16 }} />
+            <h3 style={{ margin: '0 0 12px', fontSize: 18 }}>Data Cleared</h3>
+            <p style={{ color: isDark ? '#9ca3af' : '#6b7280', fontSize: 14, lineHeight: 1.6 }}>
+              {result.join(', ')}
+            </p>
+            <button
+              onClick={onClose}
+              style={{
+                marginTop: 20, padding: '10px 32px', borderRadius: 10,
+                border: 'none', background: '#3b82f6', color: '#fff',
+                fontSize: 14, fontWeight: 600, cursor: 'pointer',
+              }}
+            >
+              Done
+            </button>
+          </div>
+        </div>
+      </div>
+    );
+  }
+
+  return (
+    <div style={overlay} onClick={onClose}>
+      <div style={modal} onClick={(e) => e.stopPropagation()}>
+        {/* Header */}
+        <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: 20 }}>
+          <div style={{ display: 'flex', alignItems: 'center', gap: 10 }}>
+            <AlertTriangle size={22} style={{ color: '#f59e0b' }} />
+            <h3 style={{ margin: 0, fontSize: 18 }}>Clear User Data</h3>
+          </div>
+          <button onClick={onClose} style={{ background: 'none', border: 'none', cursor: 'pointer', color: isDark ? '#9ca3af' : '#6b7280', padding: 4 }}>
+            <X size={20} />
+          </button>
+        </div>
+
+        <p style={{ color: isDark ? '#9ca3af' : '#6b7280', fontSize: 13, marginBottom: 18, lineHeight: 1.5 }}>
+          Select which data to clear. Profile data removal will reset your onboarding progress.
+        </p>
+
+        {/* Checkboxes */}
+        <div onClick={() => setProfile(!profile)} style={checkRowActive(profile)}>
+          <div style={checkbox(profile)}>{profile && '✓'}</div>
+          <div>
+            <div style={{ fontWeight: 600, fontSize: 14 }}>Profile Information</div>
+            <div style={{ fontSize: 12, color: isDark ? '#9ca3af' : '#6b7280', marginTop: 2 }}>
+              Major, GPA, career goals, learning style, etc. Resets "Tell us about yourself."
+            </div>
+          </div>
+        </div>
+
+        <div onClick={() => setChats(!chats)} style={checkRowActive(chats)}>
+          <div style={checkbox(chats)}>{chats && '✓'}</div>
+          <div>
+            <div style={{ fontWeight: 600, fontSize: 14 }}>Chat History</div>
+            <div style={{ fontSize: 12, color: isDark ? '#9ca3af' : '#6b7280', marginTop: 2 }}>
+              All conversation sessions and messages.
+            </div>
+          </div>
+        </div>
+
+        <div onClick={() => setCanvas(!canvas)} style={checkRowActive(canvas)}>
+          <div style={checkbox(canvas)}>{canvas && '✓'}</div>
+          <div>
+            <div style={{ fontWeight: 600, fontSize: 14 }}>Canvas</div>
+            <div style={{ fontSize: 12, color: isDark ? '#9ca3af' : '#6b7280', marginTop: 2 }}>
+              All collected insights and research notes.
+            </div>
+          </div>
+        </div>
+
+        {/* Actions */}
+        <div style={{ display: 'flex', gap: 10, marginTop: 22, justifyContent: 'flex-end' }}>
+          <button
+            onClick={onClose}
+            style={{
+              padding: '10px 20px', borderRadius: 10,
+              border: `1px solid ${isDark ? '#374151' : '#e5e7eb'}`,
+              background: 'transparent', color: isDark ? '#d1d5db' : '#374151',
+              fontSize: 14, cursor: 'pointer',
+            }}
+          >
+            Cancel
+          </button>
+          <button
+            onClick={handleClear}
+            disabled={noneSelected || clearing}
+            style={{
+              padding: '10px 20px', borderRadius: 10, border: 'none',
+              background: noneSelected ? (isDark ? '#374151' : '#e5e7eb') : '#ef4444',
+              color: noneSelected ? (isDark ? '#6b7280' : '#9ca3af') : '#fff',
+              fontSize: 14, fontWeight: 600, cursor: noneSelected ? 'default' : 'pointer',
+              display: 'flex', alignItems: 'center', gap: 8,
+              opacity: clearing ? 0.7 : 1,
+            }}
+          >
+            {clearing ? <Loader2 size={16} style={{ animation: 'spin 1s linear infinite' }} /> : <Trash2 size={16} />}
+            {clearing ? 'Clearing...' : 'Clear Selected'}
+          </button>
+        </div>
+      </div>
+    </div>
+  );
+};
+
+export default ClearDataModal;

phd-advisor-frontend/src/components/OnboardingChat.js

@@ -0,0 +1,153 @@
+import React, { useState, useEffect, useRef } from 'react';
+import { X, Send, MessageCircle } from 'lucide-react';
+
+const OnboardingChat = ({ authToken, onClose, userName }) => {
+  const [messages, setMessages] = useState([]);
+  const [input, setInput] = useState('');
+  const [loading, setLoading] = useState(false);
+  const [progress, setProgress] = useState(0);
+  const [complete, setComplete] = useState(false);
+  const endRef = useRef(null);
+
+  useEffect(() => {
+    startOnboarding();
+  }, []);
+
+  useEffect(() => {
+    endRef.current?.scrollIntoView({ behavior: 'smooth' });
+  }, [messages]);
+
+  const startOnboarding = async () => {
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/api/onboarding/start`, {
+        headers: { 'Authorization': `Bearer ${authToken}` },
+      });
+      if (resp.ok) {
+        const data = await resp.json();
+        setMessages(data.messages || [{ role: 'agent', text: data.reply }]);
+        setProgress(data.progress);
+        setComplete(data.complete || false);
+      }
+    } catch (e) {
+      setMessages([{ role: 'agent', text: "Hi! What is your security role and what are you trying to accomplish right now?" }]);
+    }
+  };
+
+  const sendMessage = async () => {
+    if (!input.trim() || loading) return;
+    const userText = input;
+    setInput('');
+    setMessages(prev => [...prev, { role: 'user', text: userText }]);
+    setLoading(true);
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/api/onboarding/chat`, {
+        method: 'POST',
+        headers: { 'Authorization': `Bearer ${authToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ user_input: userText }),
+      });
+      if (resp.ok) {
+        const data = await resp.json();
+        setMessages(prev => [...prev, { role: 'agent', text: data.reply }]);
+        setProgress(data.progress);
+        setComplete(data.complete);
+      }
+    } catch (e) {
+      setMessages(prev => [...prev, { role: 'agent', text: "Sorry, I had trouble processing that. Try again?" }]);
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div style={{
+      position: 'fixed', inset: 0, zIndex: 9999,
+      background: 'rgba(0,0,0,0.5)', display: 'flex',
+      alignItems: 'center', justifyContent: 'center',
+    }}>
+      <div style={{
+        background: 'var(--bg-primary)', borderRadius: 16,
+        width: '90%', maxWidth: 500, height: '70vh', maxHeight: 600,
+        display: 'flex', flexDirection: 'column', overflow: 'hidden',
+        boxShadow: '0 20px 60px rgba(0,0,0,0.3)',
+      }}>
+        {/* Header */}
+        <div style={{
+          padding: '14px 18px', borderBottom: '1px solid var(--border-primary)',
+          display: 'flex', justifyContent: 'space-between', alignItems: 'center',
+        }}>
+          <div style={{ display: 'flex', alignItems: 'center', gap: 8 }}>
+            <MessageCircle size={18} style={{ color: 'var(--accent-primary)' }} />
+            <span style={{ fontWeight: 600, color: 'var(--text-primary)', fontSize: 14 }}>
+              Tell us about yourself
+            </span>
+          </div>
+          <div style={{ display: 'flex', alignItems: 'center', gap: 12 }}>
+            <div style={{
+              background: 'var(--bg-secondary)', borderRadius: 8, padding: '4px 10px',
+              fontSize: 11, fontWeight: 600, color: 'var(--accent-primary)',
+            }}>{progress}% complete</div>
+            <button onClick={onClose} style={{ background: 'none', border: 'none', cursor: 'pointer', color: 'var(--text-secondary)' }}>
+              <X size={18} />
+            </button>
+          </div>
+        </div>
+
+        {/* Messages */}
+        <div style={{ flex: 1, overflowY: 'auto', padding: 16, display: 'flex', flexDirection: 'column', gap: 10 }}>
+          {messages.map((m, i) => (
+            <div key={i} style={{
+              alignSelf: m.role === 'user' ? 'flex-end' : 'flex-start',
+              maxWidth: '80%',
+              background: m.role === 'user' ? 'var(--accent-primary)' : 'var(--bg-secondary)',
+              color: m.role === 'user' ? '#fff' : 'var(--text-primary)',
+              padding: '10px 14px', borderRadius: 12, fontSize: 13, lineHeight: 1.5,
+            }}>
+              {m.text}
+            </div>
+          ))}
+          {loading && (
+            <div style={{ alignSelf: 'flex-start', color: 'var(--text-secondary)', fontSize: 12 }}>
+              Thinking...
+            </div>
+          )}
+          <div ref={endRef} />
+        </div>
+
+        {/* Input */}
+        {!complete && (
+          <div style={{
+            padding: '10px 14px', borderTop: '1px solid var(--border-primary)',
+            display: 'flex', gap: 8,
+          }}>
+            <input
+              value={input}
+              onChange={e => setInput(e.target.value)}
+              onKeyDown={e => e.key === 'Enter' && sendMessage()}
+              placeholder="Type your answer..."
+              disabled={loading}
+              style={{
+                flex: 1, padding: '8px 12px', borderRadius: 8,
+                border: '1px solid var(--border-primary)', background: 'var(--bg-secondary)',
+                color: 'var(--text-primary)', fontSize: 13, outline: 'none',
+              }}
+            />
+            <button
+              onClick={sendMessage}
+              disabled={!input.trim() || loading}
+              style={{
+                padding: '8px 12px', borderRadius: 8, border: 'none',
+                background: input.trim() ? 'var(--accent-primary)' : 'var(--bg-secondary)',
+                color: input.trim() ? '#fff' : 'var(--text-secondary)',
+                cursor: input.trim() ? 'pointer' : 'default',
+              }}
+            >
+              <Send size={16} />
+            </button>
+          </div>
+        )}
+      </div>
+    </div>
+  );
+};
+
+export default OnboardingChat;

phd-advisor-frontend/src/components/ProfileWalkthrough.js

@@ -0,0 +1,243 @@
+import React, { useState, useEffect } from 'react';
+import { X, ChevronLeft, ChevronRight, Check } from 'lucide-react';
+
+const STEPS = [
+  {
+    title: 'Role & environment',
+    fields: [
+      { key: 'cyber_role', label: 'Your role', type: 'select', options: ['Student / Learner', 'Career changer', 'SOC analyst', 'Security engineer', 'Architect / lead', 'Manager / director', 'Consultant', 'Other'] },
+      { key: 'organization_type', label: 'Organization type', type: 'select', options: ['Startup', 'Mid-size company', 'Enterprise', 'Government / public sector', 'Education', 'MSP / MSSP', 'Independent / job seeker'] },
+      { key: 'timezone', label: 'Time zone', type: 'text', placeholder: 'e.g. America/New_York' },
+    ],
+  },
+  {
+    title: 'Focus & tools',
+    fields: [
+      { key: 'primary_domains', label: 'Primary domains (comma-separated)', type: 'text', placeholder: 'e.g. cloud, appsec, IR, GRC, identity' },
+      { key: 'certifications', label: 'Certifications (comma-separated)', type: 'text', placeholder: 'e.g. Security+, CISSP, OSCP, or none yet' },
+      { key: 'tools_stack', label: 'Tools & platforms (comma-separated)', type: 'text', placeholder: 'e.g. Splunk, CrowdStrike, AWS, Jira' },
+    ],
+  },
+  {
+    title: 'Goals & learning',
+    fields: [
+      { key: 'compliance_focus', label: 'Compliance / frameworks', type: 'text', placeholder: 'e.g. SOC 2, NIST CSF, ISO 27001, HIPAA' },
+      { key: 'current_goals', label: 'Current goals', type: 'textarea', placeholder: 'Audit prep, cert study, incident readiness, architecture review...' },
+      { key: 'learning_preferences', label: 'How you learn best', type: 'text', placeholder: 'Labs, reading, CTFs, mentorship, certifications...' },
+    ],
+  },
+];
+
+const ProfileWalkthrough = ({ authToken, onClose, existingProfile }) => {
+  const [step, setStep] = useState(0);
+  const [formData, setFormData] = useState({});
+  const [saving, setSaving] = useState(false);
+  const [loading, setLoading] = useState(true);
+
+  useEffect(() => {
+    let cancelled = false;
+    const fetchProfile = async () => {
+      try {
+        const resp = await fetch(`${process.env.REACT_APP_API_URL}/api/users/me/profile`, {
+          headers: { 'Authorization': `Bearer ${authToken}` },
+        });
+        if (resp.ok && !cancelled) {
+          const profile = await resp.json();
+          const init = {};
+          STEPS.forEach(s => s.fields.forEach(f => {
+            const val = profile[f.key];
+            if (Array.isArray(val)) init[f.key] = val.join(', ');
+            else if (val) init[f.key] = val;
+          }));
+          setFormData(init);
+        }
+      } catch (e) {
+        // Fall back to existingProfile prop
+        if (!cancelled && existingProfile) {
+          const init = {};
+          STEPS.forEach(s => s.fields.forEach(f => {
+            const val = existingProfile[f.key];
+            if (Array.isArray(val)) init[f.key] = val.join(', ');
+            else if (val) init[f.key] = val;
+          }));
+          setFormData(init);
+        }
+      } finally {
+        if (!cancelled) setLoading(false);
+      }
+    };
+    fetchProfile();
+    return () => { cancelled = true; };
+  }, [authToken, existingProfile]);
+
+  const handleChange = (key, value) => setFormData(prev => ({ ...prev, [key]: value }));
+
+  const saveProfile = async () => {
+    const payload = { ...formData };
+    ['primary_domains', 'certifications', 'tools_stack'].forEach(k => {
+      if (typeof payload[k] === 'string') {
+        payload[k] = payload[k].split(',').map(s => s.trim()).filter(Boolean);
+      }
+    });
+    const hasData = Object.values(payload).some(v =>
+      Array.isArray(v) ? v.length > 0 : Boolean(v)
+    );
+    if (!hasData) return;
+    try {
+      await fetch(`${process.env.REACT_APP_API_URL}/api/users/me/profile`, {
+        method: 'PUT',
+        headers: { 'Authorization': `Bearer ${authToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify(payload),
+      });
+    } catch (e) {
+      console.error('Failed to save profile:', e);
+    }
+  };
+
+  const handleSave = async () => {
+    setSaving(true);
+    await saveProfile();
+    setSaving(false);
+    onClose();
+  };
+
+  const handleClose = async () => {
+    await saveProfile();
+    onClose();
+  };
+
+  const currentStep = STEPS[step];
+  const isLast = step === STEPS.length - 1;
+
+  return (
+    <div onClick={handleClose} style={{
+      position: 'fixed', inset: 0, zIndex: 9999,
+      background: 'rgba(0,0,0,0.5)', display: 'flex',
+      alignItems: 'center', justifyContent: 'center',
+    }}>
+      <div onClick={e => e.stopPropagation()} style={{
+        background: 'var(--bg-primary)', borderRadius: 16,
+        width: '90%', maxWidth: 480, padding: 24,
+        boxShadow: '0 20px 60px rgba(0,0,0,0.3)',
+      }}>
+        {loading ? (
+          <div style={{ textAlign: 'center', padding: 40, color: 'var(--text-secondary)', fontSize: 14 }}>
+            Loading profile...
+          </div>
+        ) : <>
+        {/* Header */}
+        <div style={{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: 20 }}>
+          <h3 style={{ margin: 0, fontSize: 16, color: 'var(--text-primary)' }}>
+            {currentStep.title} ({step + 1}/{STEPS.length})
+          </h3>
+          <button onClick={handleClose} style={{ background: 'none', border: 'none', cursor: 'pointer', color: 'var(--text-secondary)' }}>
+            <X size={18} />
+          </button>
+        </div>
+
+        {/* Progress bar */}
+        <div style={{ height: 4, background: 'var(--bg-secondary)', borderRadius: 2, marginBottom: 20 }}>
+          <div style={{
+            height: '100%', borderRadius: 2, background: 'var(--accent-primary)',
+            width: `${((step + 1) / STEPS.length) * 100}%`, transition: 'width 0.3s',
+          }} />
+        </div>
+
+        {/* Fields */}
+        <div style={{ display: 'flex', flexDirection: 'column', gap: 14 }}>
+          {currentStep.fields.map(f => (
+            <div key={f.key}>
+              <label style={{ display: 'block', fontSize: 12, fontWeight: 600, color: 'var(--text-secondary)', marginBottom: 4 }}>
+                {f.label}
+              </label>
+              {f.type === 'select' ? (
+                <select
+                  value={formData[f.key] || ''}
+                  onChange={e => handleChange(f.key, e.target.value)}
+                  style={{
+                    width: '100%', padding: '8px 10px', borderRadius: 8,
+                    border: '1px solid var(--border-primary)', background: 'var(--bg-secondary)',
+                    color: 'var(--text-primary)', fontSize: 13,
+                  }}
+                >
+                  <option value="">Select...</option>
+                  {f.options.map(o => <option key={o} value={o}>{o}</option>)}
+                </select>
+              ) : f.type === 'textarea' ? (
+                <textarea
+                  value={formData[f.key] || ''}
+                  onChange={e => handleChange(f.key, e.target.value)}
+                  placeholder={f.placeholder}
+                  rows={3}
+                  style={{
+                    width: '100%', padding: '8px 10px', borderRadius: 8,
+                    border: '1px solid var(--border-primary)', background: 'var(--bg-secondary)',
+                    color: 'var(--text-primary)', fontSize: 13, resize: 'vertical',
+                  }}
+                />
+              ) : (
+                <input
+                  type="text"
+                  value={formData[f.key] || ''}
+                  onChange={e => handleChange(f.key, e.target.value)}
+                  placeholder={f.placeholder}
+                  style={{
+                    width: '100%', padding: '8px 10px', borderRadius: 8,
+                    border: '1px solid var(--border-primary)', background: 'var(--bg-secondary)',
+                    color: 'var(--text-primary)', fontSize: 13,
+                  }}
+                />
+              )}
+            </div>
+          ))}
+        </div>
+
+        {/* Navigation */}
+        <div style={{ display: 'flex', justifyContent: 'space-between', marginTop: 24 }}>
+          <button
+            onClick={() => setStep(s => s - 1)}
+            disabled={step === 0}
+            style={{
+              display: 'flex', alignItems: 'center', gap: 4, padding: '8px 14px',
+              borderRadius: 8, border: '1px solid var(--border-primary)',
+              background: 'var(--bg-secondary)', color: 'var(--text-primary)',
+              cursor: step === 0 ? 'default' : 'pointer', opacity: step === 0 ? 0.4 : 1,
+              fontSize: 13,
+            }}
+          >
+            <ChevronLeft size={14} /> Back
+          </button>
+          {isLast ? (
+            <button
+              onClick={handleSave}
+              disabled={saving}
+              style={{
+                display: 'flex', alignItems: 'center', gap: 4, padding: '8px 16px',
+                borderRadius: 8, border: 'none',
+                background: 'var(--accent-primary)', color: '#fff',
+                cursor: 'pointer', fontSize: 13, fontWeight: 600,
+              }}
+            >
+              <Check size={14} /> {saving ? 'Saving...' : 'Save Profile'}
+            </button>
+          ) : (
+            <button
+              onClick={() => setStep(s => s + 1)}
+              style={{
+                display: 'flex', alignItems: 'center', gap: 4, padding: '8px 14px',
+                borderRadius: 8, border: 'none',
+                background: 'var(--accent-primary)', color: '#fff',
+                cursor: 'pointer', fontSize: 13, fontWeight: 600,
+              }}
+            >
+              Next <ChevronRight size={14} />
+            </button>
+          )}
+        </div>
+        </>}
+      </div>
+    </div>
+  );
+};
+
+export default ProfileWalkthrough;

phd-advisor-frontend/src/components/Sidebar.js

@@ -7,12 +7,17 @@ import {
   Trash2,
   LogOut,
   User,
-  Settings,
+  UserCircle,
+  DatabaseZap,
+  KeyRound,
   PanelLeft,
   FileText,
   ChevronRight,
   Clock
 } from 'lucide-react';
+import * as LucideIcons from 'lucide-react';
+import { useAppConfig } from '../contexts/AppConfigContext';
+import UserAvatarPicker from './UserAvatarPicker';
 import CopyrightNotice from './CopyrightNotice';
 import '../styles/Sidebar.css';
 
@@ -34,8 +39,18 @@ const Sidebar = ({
   widgetGroups = [],
   deliverableProjects = [],
   insightSections = [],
+  userAvatarId,
+  onAvatarChange,
+  onOpenProfile,
+  onOpenAccount,
+  onOpenClearData,
 }) => {
+  const { config } = useAppConfig();
   const isOnCanvas = pageContext === 'canvas';
+  const [showAvatarPicker, setShowAvatarPicker] = useState(false);
+  const avatarOptions = config?.app?.user_avatars || [];
+  const currentAvatar = avatarOptions.find(a => a.id === userAvatarId);
+  const AvatarIcon = currentAvatar ? (LucideIcons[currentAvatar.icon] || User) : User;
   const [expanded, setExpanded] = useState(() => {
     try { return JSON.parse(localStorage.getItem('sidebar-expanded-v1') || '{}'); } catch { return {}; }
   });
@@ -198,8 +213,17 @@ const Sidebar = ({
             <>
               <div className="user-section">
                 <div className="user-info">
-                  <div className="user-avatar">
-                    <User size={20} />
+                  <div
+                    className="user-avatar"
+                    onClick={() => onAvatarChange && setShowAvatarPicker(true)}
+                    style={{
+                      cursor: onAvatarChange ? 'pointer' : undefined,
+                      backgroundColor: currentAvatar?.bg || undefined,
+                      color: currentAvatar?.color || undefined,
+                    }}
+                    title={onAvatarChange ? 'Change avatar' : undefined}
+                  >
+                    <AvatarIcon size={20} />
                   </div>
                   <div className="user-details">
                     <span className="user-name">{user.firstName} {user.lastName}</span>
@@ -227,9 +251,21 @@ const Sidebar = ({
                     
                     {showUserMenu && (
                       <div className="user-menu">
-                        <button className="user-menu-item">
-                          <Settings size={16} />
-                          <span>Settings</span>
+                        <button className="user-menu-item" onClick={() => { setShowUserMenu(false); setShowAvatarPicker(true); }}>
+                          <User size={16} />
+                          <span>Change Avatar</span>
+                        </button>
+                        <button className="user-menu-item" onClick={() => { setShowUserMenu(false); if (onOpenProfile) onOpenProfile(); }}>
+                          <UserCircle size={16} />
+                          <span>Profile</span>
+                        </button>
+                        <button className="user-menu-item" onClick={() => { setShowUserMenu(false); if (onOpenAccount) onOpenAccount(); }}>
+                          <KeyRound size={16} />
+                          <span>Account</span>
+                        </button>
+                        <button className="user-menu-item" onClick={() => { setShowUserMenu(false); if (onOpenClearData) onOpenClearData(); }}>
+                          <DatabaseZap size={16} />
+                          <span>Clear User Data</span>
                         </button>
                         <button className="user-menu-item sign-out" onClick={onSignOut}>
                           <LogOut size={16} />
@@ -524,6 +560,15 @@ const Sidebar = ({
         </div>
       </div>
       
+      {showAvatarPicker && (
+        <UserAvatarPicker
+          options={avatarOptions}
+          currentId={userAvatarId}
+          onSelect={(id) => { onAvatarChange?.(id); setShowAvatarPicker(false); }}
+          onClose={() => setShowAvatarPicker(false)}
+        />
+      )}
+
       {isMobileOpen && (
         <div 
           className="mobile-sidebar-overlay visible" 

phd-advisor-frontend/src/components/Signup.js

@@ -1,5 +1,5 @@
 import React, { useState } from 'react';
-import { Eye, EyeOff, Mail, Lock, User, ArrowRight, BookOpen, Phone, GraduationCap } from 'lucide-react';
+import { Eye, EyeOff, Mail, Lock, User, ArrowRight, Shield, Phone, Globe } from 'lucide-react';
 import { useAppConfig } from '../contexts/AppConfigContext';
 import '../styles/Signup.css';
 
@@ -19,14 +19,22 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
   const [isLoading, setIsLoading] = useState(false);
   const [errors, setErrors] = useState({});
 
-  const academicStages = config?.login?.academic_stages?.length
-    ? config.login.academic_stages
-    : [
-        { value: '', label: 'Select your stage' },
-        { value: 'beginner', label: 'Beginner' },
-        { value: 'intermediate', label: 'Intermediate' },
-        { value: 'advanced', label: 'Advanced' },
-      ];
+  const knowledgeLevels = config?.login?.knowledge_levels?.length
+    ? config.login.knowledge_levels
+    : config?.login?.academic_stages?.length
+      ? config.login.academic_stages
+      : [
+          { value: '', label: 'Select your cybersecurity knowledge level' },
+          { value: 'newcomer', label: 'New to cybersecurity' },
+          { value: 'foundational', label: 'Foundational' },
+          { value: 'practitioner', label: 'Practitioner' },
+          { value: 'experienced', label: 'Experienced' },
+          { value: 'expert', label: 'Expert / specialist' },
+        ];
+
+  const timezones = config?.login?.timezones?.length
+    ? config.login.timezones
+    : [{ value: '', label: 'Select timezone (optional)' }];
 
   const handleInputChange = (e) => {
     const { name, value } = e.target;
@@ -75,7 +83,7 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
     }
     
     if (!formData.academicStage) {
-      newErrors.academicStage = 'Please select your academic stage';
+      newErrors.academicStage = 'Please select your cybersecurity knowledge level';
     }
     
     setErrors(newErrors);
@@ -140,7 +148,7 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
         {/* Header */}
         <div className="signup-header">
           <div className="logo-container">
-            <BookOpen className="logo-icon" />
+            <Shield className="logo-icon" />
           </div>
           <h1 className="signup-title">Join Our Community</h1>
           <p className="signup-subtitle">
@@ -285,13 +293,13 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
               </div>
             </div>
 
-            {/* Academic Stage */}
+            {/* Cybersecurity knowledge level */}
             <div className="form-group">
               <label htmlFor="academicStage" className="form-label">
-                Academic Stage
+                Cybersecurity knowledge level
               </label>
               <div className="input-container">
-                <GraduationCap className="input-icon" />
+                <Shield className="input-icon" />
                 <select
                   id="academicStage"
                   name="academicStage"
@@ -300,7 +308,7 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
                   className={`form-select ${errors.academicStage ? 'error' : ''}`}
                   disabled={isLoading}
                 >
-                  {academicStages.map(stage => (
+                  {knowledgeLevels.map(stage => (
                     <option key={stage.value} value={stage.value}>
                       {stage.label}
                     </option>
@@ -312,23 +320,27 @@ const Signup = ({ onNavigateToLogin, onNavigateToHome }) => {
               )}
             </div>
 
-            {/* Research Area (Optional) */}
+            {/* Time zone (optional) */}
             <div className="form-group">
               <label htmlFor="researchArea" className="form-label">
-                Research Area <span className="optional">(Optional)</span>
+                Time zone <span className="optional">(Optional)</span>
               </label>
               <div className="input-container">
-                <BookOpen className="input-icon" />
-                <input
-                  type="text"
+                <Globe className="input-icon" />
+                <select
                   id="researchArea"
                   name="researchArea"
                   value={formData.researchArea}
                   onChange={handleInputChange}
-                  className="form-input"
-                  placeholder="e.g., Computer Science, Biology, Psychology..."
+                  className="form-select"
                   disabled={isLoading}
-                />
+                >
+                  {timezones.map(tz => (
+                    <option key={tz.value} value={tz.value}>
+                      {tz.label}
+                    </option>
+                  ))}
+                </select>
               </div>
             </div>
 

phd-advisor-frontend/src/components/UserAvatarPicker.js

@@ -0,0 +1,81 @@
+import React from 'react';
+import * as LucideIcons from 'lucide-react';
+import { X } from 'lucide-react';
+
+const UserAvatarPicker = ({ avatarOptions, currentAvatarId, onSelect, onClose }) => {
+  const resolveIcon = (name) => LucideIcons[name] || LucideIcons.User;
+
+  return (
+    <div className="avatar-picker-overlay" onClick={onClose}>
+      <div className="avatar-picker-modal" onClick={e => e.stopPropagation()}>
+        <div className="avatar-picker-header">
+          <h3>Choose Your Avatar</h3>
+          <button onClick={onClose} className="avatar-picker-close"><X size={18} /></button>
+        </div>
+        <div className="avatar-picker-grid">
+          {avatarOptions.map(opt => {
+            const Icon = resolveIcon(opt.icon);
+            const isSelected = currentAvatarId === opt.id;
+            return (
+              <button
+                key={opt.id}
+                className={`avatar-option ${isSelected ? 'selected' : ''}`}
+                onClick={() => onSelect(opt.id)}
+                style={{
+                  '--av-color': opt.color,
+                  '--av-bg': opt.bg,
+                  border: isSelected ? `2px solid ${opt.color}` : '2px solid transparent',
+                }}
+              >
+                <div className="avatar-option-icon" style={{ backgroundColor: opt.bg, color: opt.color }}>
+                  <Icon size={24} />
+                </div>
+              </button>
+            );
+          })}
+        </div>
+      </div>
+
+      <style jsx>{`
+        .avatar-picker-overlay {
+          position: fixed; inset: 0; z-index: 9999;
+          background: rgba(0,0,0,0.5); display: flex;
+          align-items: center; justify-content: center;
+        }
+        .avatar-picker-modal {
+          background: var(--bg-primary); border-radius: 16px;
+          padding: 24px; min-width: 320px; max-width: 400px;
+          box-shadow: 0 20px 60px rgba(0,0,0,0.3);
+        }
+        .avatar-picker-header {
+          display: flex; justify-content: space-between; align-items: center;
+          margin-bottom: 16px;
+        }
+        .avatar-picker-header h3 {
+          margin: 0; color: var(--text-primary); font-size: 16px;
+        }
+        .avatar-picker-close {
+          background: none; border: none; cursor: pointer;
+          color: var(--text-secondary); padding: 4px;
+        }
+        .avatar-picker-grid {
+          display: grid; grid-template-columns: repeat(5, 1fr);
+          gap: 10px;
+        }
+        .avatar-option {
+          background: none; cursor: pointer; padding: 6px;
+          border-radius: 12px; transition: all 0.15s;
+          display: flex; align-items: center; justify-content: center;
+        }
+        .avatar-option:hover { transform: scale(1.1); }
+        .avatar-option.selected { background: var(--av-bg); }
+        .avatar-option-icon {
+          width: 44px; height: 44px; border-radius: 50%;
+          display: flex; align-items: center; justify-content: center;
+        }
+      `}</style>
+    </div>
+  );
+};
+
+export default UserAvatarPicker;

phd-advisor-frontend/src/components/canvas/CanvasDeliverables.js

@@ -32,8 +32,8 @@ const newId = (p) => p + Math.random().toString(36).slice(2, 8);
 export const TEMPLATES = [
   {
     id: 'research-paper',
-    name: 'Research Paper',
-    desc: 'Abstract → Introduction → Methods → Results → Discussion → References',
+    name: 'Security Assessment Report',
+    desc: 'Executive summary → Scope → Findings → Risk rating → Remediation → Appendix',
     icon: 'book',
     mode: 'paper',
     sections: [
@@ -47,8 +47,8 @@ export const TEMPLATES = [
   },
   {
     id: 'thesis-chapter',
-    name: 'Thesis Chapter',
-    desc: 'Standard chapter scaffolding for a dissertation.',
+    name: 'Incident Report',
+    desc: 'Timeline → Impact → Root cause → Containment → Lessons learned',
     icon: 'book',
     mode: 'paper',
     sections: [
@@ -466,7 +466,7 @@ const DeliverablesView = ({ allStates }) => {
           <div>
             <h1 className="page-title">Documents</h1>
             <div className="page-sub">
-              Your one-stop deliverable center. Drafts auto-save. Versions kept for rollback.
+              Security deliverables hub — policies, IR reports, audit evidence, and architecture briefs. Drafts auto-save. Versions kept for rollback.
               {projectList.length > 0 && ` · ${projectList.length} draft${projectList.length === 1 ? '' : 's'} in flight.`}
             </div>
           </div>

phd-advisor-frontend/src/components/canvas/canvasData.js

@@ -11,19 +11,19 @@ export const INSIGHTS = [
     title: 'Program progress',
     icon: 'graph',
     category: 'progress',
-    confidence: 78,
-    summary: 'Primary recordings from 4 of 6 planned animals are complete. Remaining two scheduled for May 18 and May 25. Analysis pipeline working on existing data; first results draft expected June.',
+    confidence: 82,
+    summary: 'Zero Trust Phase 2 is 78% complete. MFA enforced for workforce; service accounts and legacy VPN exceptions remain the main gaps before audit sampling.',
     bullets: [
-      'V1 recordings: <strong>4/6 animals</strong> complete (M1–M4)',
-      'Pipeline: spike-sorting validated, GLM model converging on M1–M2',
-      '<strong>Risk:</strong> M3 fixation drift suspected; need re-review with adv.',
+      'Identity: <strong>MFA 94%</strong> workforce · service accounts in remediation',
+      'Network: micro-segmentation pilot on <strong>3 app tiers</strong>',
+      '<strong>Risk:</strong> 12 VPN exceptions still lack compensating controls',
     ],
     pinned: true,
-    sources: 12,
-    updatedMinutesAgo: 3,
+    sources: 18,
+    updatedMinutesAgo: 5,
     quotes: [
-      '"Animal M4 recording finished today, sorting completes tomorrow." — May 6 lab notes',
-      '"Pipeline is happy with M1, M2; M3 looks drifty." — chat with Reineke advisor',
+      '"MFA rollout blocked on two legacy HR integrations." — IAM workstream notes',
+      '"Auditors will sample VPN exception register first." — GRC advisor chat',
     ],
   },
   {
@@ -31,18 +31,18 @@ export const INSIGHTS = [
     title: 'Controls posture',
     icon: 'flask',
     category: 'theory',
-    confidence: 64,
-    summary: 'GLM with spike-history kernel + visual drive is your declared model. You\'ve resisted committing to a specific predictive-coding formulation; this comes up in every advisor meeting.',
+    confidence: 71,
+    summary: 'SOC 2 CC6/CC7 mappings are drafted. Detection use cases cover ransomware and cred theft; log retention and IR tabletop evidence are still thin.',
     bullets: [
-      'Decided: <strong>GLM with history kernel</strong> + drift-reg covariates',
-      'Open: which predictive-coding variant — Rao & Ballard vs. Bastos top-down',
-      'Open: how to operationalize "prediction error" from extracellular spikes',
+      'Mapped: <strong>CC6.1–CC6.7</strong> access controls with Okta + AWS',
+      'Open: centralized logging retention proof for <strong>365 days</strong>',
+      'Open: tabletop scenario for <strong>ransomware + exfil</strong> not yet run',
     ],
-    sources: 8,
-    updatedMinutesAgo: 12,
+    sources: 14,
+    updatedMinutesAgo: 14,
     quotes: [
-      '"Need to pick a PC formulation by next 1:1." — meeting notes May 2',
-      '"Bastos lets you predict laminar profile; Rao&Ballard does not." — methodologist chat',
+      '"Need SIEM retention screenshots before fieldwork." — compliance advisor',
+      '"Tabletop scheduled but not executed." — IR lead notes',
     ],
   },
   {
@@ -50,37 +50,37 @@ export const INSIGHTS = [
     title: 'Threat landscape',
     icon: 'book',
     category: 'literature',
-    confidence: 71,
-    summary: 'Strong on canonical predictive coding (Rao & Ballard 1999, Bastos 2012, Keller & Mrsic-Flogel 2018). Thin on recent feedback-circuit anatomy and on counter-evidence — this is showing up as a critique gap.',
+    confidence: 76,
+    summary: 'Strong coverage of identity attacks, SaaS misconfigurations, and supply-chain risks for your stack. Weaker on OT exposure and insider threat playbooks.',
     bullets: [
-      '<strong>Coverage:</strong> 47 papers; ~30 well-summarized',
-      '<strong>Gap:</strong> sparse on L5b feedback anatomy (Harris/Shepherd lab)',
-      '<strong>Gap:</strong> no engagement with anti-PC critiques (e.g. Heeger 2017)',
+      '<strong>Coverage:</strong> MITRE techniques for cloud identity & SaaS',
+      '<strong>Gap:</strong> limited intel on <strong>OAuth consent phishing</strong> variants',
+      '<strong>Gap:</strong> no formal insider-threat escalation path documented',
     ],
-    sources: 47,
-    updatedMinutesAgo: 22,
+    sources: 32,
+    updatedMinutesAgo: 28,
     quotes: [
-      '"Have you read Heeger 2017? It changes a lot." — lit-review aide',
-      '"L5b feedback anatomy is your weak spot." — devil\'s advocate',
+      '"OAuth abuse is the fastest-moving thread in your sector." — threat intel advisor',
+      '"Insider playbook is a one-pager — not enough for audit." — GRC advisor',
     ],
   },
   {
     id: 'i-questions',
-    title: 'Open research questions',
+    title: 'Open security questions',
     icon: 'sparkles',
     category: 'theory',
-    confidence: 58,
-    summary: 'Three live threads. Question 1 (does L2/3 spiking encode prediction error?) is the dissertation core. Q2 and Q3 are scoped to specific aims.',
+    confidence: 63,
+    summary: 'Three live threads. Q1 (scope of zero trust for contractors) gates architecture sign-off. Q2–Q3 affect detection engineering priorities.',
     bullets: [
-      '<strong>Q1:</strong> Does L2/3 firing during oddball encode prediction error vs. surprise?',
-      '<strong>Q2:</strong> How does this depend on context length (1 vs. 4 vs. 16 trials)?',
-      '<strong>Q3:</strong> Is the signal sharpened by feedback from V2/RSC?',
+      '<strong>Q1:</strong> Do contractors get full ZTNA or bastion-only access?',
+      '<strong>Q2:</strong> Which SIEM detections are in-scope for SOC 2 evidence?',
+      '<strong>Q3:</strong> Is customer data in EU regions in scope for DPA addendum?',
     ],
-    sources: 6,
-    updatedMinutesAgo: 38,
+    sources: 9,
+    updatedMinutesAgo: 41,
     quotes: [
-      '"Q1 is what the whole dissertation rests on." — methodologist',
-      '"Q3 is exciting but probably out of scope for the thesis." — Reineke',
+      '"Contractor access model blocks network design." — architect advisor',
+      '"EU data residency may expand audit scope." — privacy advisor',
     ],
   },
   {
@@ -88,19 +88,19 @@ export const INSIGHTS = [
     title: 'Next steps',
     icon: 'arrow',
     category: 'action',
-    confidence: 82,
-    summary: 'Concrete, near-term actions. Two of these have been on the list for 3+ weeks.',
+    confidence: 85,
+    summary: 'Near-term actions tied to audit date and production cutover. Two items have slipped one sprint.',
     bullets: [
-      'Re-review M3 drift artifact w/ adv. (overdue, 3w)',
-      'Draft Aim 2 analysis section (target: May 22)',
-      'Read Heeger 2017 + Aitchison & Lengyel 2017',
-      'Schedule pilot with M5 (May 18)',
+      'Close <strong>12 VPN exceptions</strong> or document compensating controls',
+      'Run ransomware tabletop & upload minutes to evidence locker',
+      'Ship <strong>5 high-fidelity detections</strong> to production SIEM',
+      'Finalize vendor SOC 2 bridge letter for subprocessors',
     ],
-    sources: 5,
-    updatedMinutesAgo: 8,
+    sources: 7,
+    updatedMinutesAgo: 9,
     quotes: [
-      '"Aim 2 draft has to land by May 22 or quals slip." — Reineke',
-      '"M3 review keeps getting punted." — last 3 advisor meetings',
+      '"VPN exceptions are the #1 audit finding risk." — GRC advisor',
+      '"Detections without tuning will false-positive in week one." — SOC advisor',
     ],
   },
   {
@@ -108,17 +108,17 @@ export const INSIGHTS = [
     title: 'Blockers & risks',
     icon: 'alert',
     category: 'risk',
-    confidence: 70,
-    summary: 'One technical, one structural. The structural one is more important and you are deferring it.',
+    confidence: 74,
+    summary: 'One technical blocker (legacy logging), one governance blocker (exception approvals). Governance is the higher audit risk.',
     bullets: [
-      '<strong>Technical:</strong> Drift on M3 — may lose 1 animal of data',
-      '<strong>Structural:</strong> No clear predictive-coding theory commitment yet → hard to define what counts as evidence',
+      '<strong>Technical:</strong> legacy app logs not reaching SIEM — 18% of prod traffic',
+      '<strong>Governance:</strong> exception approval SLA &gt; 10 days — auditors will flag',
     ],
-    sources: 4,
-    updatedMinutesAgo: 18,
+    sources: 6,
+    updatedMinutesAgo: 20,
     quotes: [
-      '"If M3 is unusable you\'re at n=5 — still publishable but tight." — methodologist',
-      '"Without a theory commitment you can\'t falsify anything." — devil\'s advocate',
+      '"Without those logs you cannot prove detective controls." — detection engineer',
+      '"Exception backlog reads as control failure." — devil\'s advocate advisor',
     ],
   },
 ];

phd-advisor-frontend/src/pages/ChatPage.js

@@ -12,6 +12,10 @@ import { useTheme } from '../contexts/ThemeContext';
 import '../styles/ChatPage.css';
 import '../styles/EnhancedChatInput.css';
 import AdvisorCarousel from '../components/AdvisorCarousel';
+import OnboardingChat from '../components/OnboardingChat';
+import ProfileWalkthrough from '../components/ProfileWalkthrough';
+import ClearDataModal from '../components/ClearDataModal';
+import AccountModal from '../components/AccountModal';
 
 const ChatPage = ({ user, authToken, onNavigateToHome, onNavigateToCanvas, onSignOut }) => {
   const { config, advisors, getAdvisorColors } = useAppConfig();
@@ -33,6 +37,46 @@ const ChatPage = ({ user, authToken, onNavigateToHome, onNavigateToCanvas, onSig
   const [isMobileMenuOpen, setIsMobileMenuOpen] = useState(false);
   const [sidebarRefreshTrigger, setSidebarRefreshTrigger] = useState(0);
 
+  const [userAvatarId, setUserAvatarId] = useState(
+    () => localStorage.getItem('userAvatarId') || (user?.avatarId ?? null)
+  );
+  const avatarOptions = config?.app?.user_avatars || [];
+
+  const handleAvatarChange = async (id) => {
+    setUserAvatarId(id);
+    localStorage.setItem('userAvatarId', id);
+    try {
+      await fetch(`${process.env.REACT_APP_API_URL}/auth/me`, {
+        method: 'PATCH',
+        headers: { Authorization: `Bearer ${authToken}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ avatarId: id }),
+      });
+    } catch (e) {
+      console.error('Failed to save avatar:', e);
+    }
+  };
+
+  const [showOnboarding, setShowOnboarding] = useState(false);
+  const [showProfileForm, setShowProfileForm] = useState(false);
+  const [showClearData, setShowClearData] = useState(false);
+  const [showAccount, setShowAccount] = useState(false);
+  const [userProfile, setUserProfile] = useState(null);
+
+  const loadProfile = async () => {
+    try {
+      const resp = await fetch(`${process.env.REACT_APP_API_URL}/api/users/me/profile`, {
+        headers: { Authorization: `Bearer ${authToken}` },
+      });
+      if (resp.ok) setUserProfile(await resp.json());
+    } catch (e) {
+      /* ignore */
+    }
+  };
+
+  useEffect(() => {
+    if (authToken) loadProfile();
+  }, [authToken]);
+
   
 
   const scrollToBottom = () => {
@@ -763,6 +807,11 @@ const handleNewChat = async (sessionId = null) => {
         onMobileToggle={setIsMobileMenuOpen}
         onNavigateToCanvas={onNavigateToCanvas}
         refreshTrigger={sidebarRefreshTrigger}
+        userAvatarId={userAvatarId}
+        onAvatarChange={handleAvatarChange}
+        onOpenProfile={() => setShowProfileForm(true)}
+        onOpenAccount={() => setShowAccount(true)}
+        onOpenClearData={() => setShowClearData(true)}
       />
       
       <div className={`main-chat-area ${isSidebarCollapsed ? 'sidebar-collapsed' : ''}`}>
@@ -947,10 +996,67 @@ const handleNewChat = async (sessionId = null) => {
                   ? `Reply to ${replyingTo.advisorName}...`
                   : chatPlaceholder
               }
+              showProfileButtons={!userProfile || userProfile.completion_pct < 100}
+              onOpenOnboarding={() => setShowOnboarding(true)}
+              onOpenProfileForm={() => setShowProfileForm(true)}
             />
           </div>
         </div>
       </div>
+
+      {showOnboarding && (
+        <OnboardingChat
+          authToken={authToken}
+          userName={user?.firstName}
+          onClose={() => { setShowOnboarding(false); loadProfile(); }}
+        />
+      )}
+
+      {showProfileForm && (
+        <ProfileWalkthrough
+          authToken={authToken}
+          existingProfile={userProfile}
+          onClose={() => { setShowProfileForm(false); loadProfile(); }}
+        />
+      )}
+
+      {showClearData && (
+        <ClearDataModal
+          authToken={authToken}
+          onClose={() => setShowClearData(false)}
+          onDataCleared={({ profile: clearedProfile, chats: clearedChats }) => {
+            if (clearedProfile) {
+              setUserProfile(null);
+              loadProfile();
+            }
+            if (clearedChats) {
+              setMessages([]);
+              setCurrentSessionId(null);
+              setCurrentSessionTitle('');
+              handleNewChat();
+            }
+          }}
+        />
+      )}
+
+      {showAccount && (
+        <AccountModal
+          user={user}
+          authToken={authToken}
+          onClose={() => setShowAccount(false)}
+          onAccountUpdated={(updated) => {
+            if (user) {
+              user.firstName = updated.firstName;
+              user.lastName = updated.lastName;
+              user.email = updated.email;
+            }
+          }}
+          onAccountDeleted={() => {
+            setShowAccount(false);
+            onSignOut();
+          }}
+        />
+      )}
     </div>
   );
 };