AI_DOCUMENT_MANAGEMENT_SYSTEM

icon

Document Management System with Fine-Grained AI Authorization

This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. It’s a document management system where users can create, view, edit, and delete documents based on their roles and document ownership, and AI agents can assist with document management based on their assigned permissions.

Features

User Authorization

AI Authorization

Document Intelligence

Technical Features

 

Demo Video and Resources

video

If you’re a reader, then this blog is for you: https://dev.to/rohan_sharma/access-granted-heres-the-recipe-behind-my-ai-dms-351b

 

Authorization Model

User Authorization

The application implements the following user authorization model:

Additionally, document owners have full control over their own documents regardless of their role.

AI Authorization

The application implements the following AI authorization model:

 

Getting Started

Prerequisites

Installation

  1. Clone the repository
    git clone https://github.com/RS-labhub/ai-document-management-system.git
    cd document-management-system
    
  2. Install dependencies:
    npm install
    

    or

     yarn install
    

    or

     bun install
    
  3. Set up environment variables:
    PERMIT_PDP_URL=your-permit-pdp-url
    PERMIT_SDK_TOKEN=your-permit-sdk-token
    GROQ_API_KEY=your-groq-api-key
    

Running the Application

npm run dev

The application will be available at http://localhost:3000.

Test Credentials

 

Setting Up Permit.io for AI Authorization

1. Install the Permit CLI

npm install -g @permitio/permit-cli

2. Login to Permit.io

permit login

3. Initialize a New Project

permit init

 

Implementation Details

AI Authorization Implementation

The application implements AI authorization through several key components:

1. AI Agent Management

The AIAgent interface defines the structure of AI agents:

export interface AIAgent {
  id: string;
  name: string;
  description: string;
  role: AIAgentRole;
  capabilities: AICapability[];
  createdBy: string;
  createdAt: string;
  updatedAt: string;
  isActive: boolean;
}

Administrators can manage AI agents through the admin panel, defining their roles and capabilities.

2. Permission Levels

The AIPermissionLevel enum defines the different levels of access that AI agents can have:

export enum AIPermissionLevel {
  NO_ACCESS = "no_access",
  READ_ONLY = "read_only",
  SUGGEST_ONLY = "suggest_only",
  FULL_ACCESS = "full_access",
}

3. AI Actions

The AIAction interface defines the structure of actions that AI agents can perform:

export interface AIAction {
  id: string;
  agentId: string;
  actionType: string;
  resourceType: string;
  resourceId: string;
  status: AIActionStatus;
  requestedAt: string;
  completedAt?: string;
  requestedBy: string;
  approvedBy?: string;
  rejectedBy?: string;
  metadata: Record<string, any>;
  result?: any;
}

4. Permission Checking

The checkAIPermission function checks if an AI agent has permission to perform an action:

export function checkAIPermission(
  agentId: string,
  action: string,
  resourceType: string,
  resourceId?: string
): {
  permitted: boolean;
  requiresApproval: boolean;
  permissionLevel: AIPermissionLevel;
} {
  // Implementation details...
}

5. Approval Workflow

The application implements an approval workflow for AI actions that require human oversight:

export async function requestAIAction(
  agentId: string,
  actionType: string,
  resourceType: string,
  resourceId: string,
  documentTitle: string,
  documentContent: string,
  metadata: Record<string, any>
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

export async function approveAIAction(
  actionId: string,
  userId: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

export async function rejectAIAction(
  actionId: string,
  userId: string,
  reason?: string
): Promise<{ success: boolean; action?: AIAction; message?: string }> {
  // Implementation details...
}

Integration with Permit.io

The application integrates with Permit.io through the permit.ts file, which provides functions for checking permissions:

import { Permit } from 'permitio';

// Initialize Permit SDK
const permit = new Permit({
  pdp: process.env.PERMIT_PDP_URL,
  token: process.env.PERMIT_SDK_TOKEN,
});

// Check if a user can perform an action on a resource
export async function checkPermission(
  userId: string,
  action: string,
  resourceType: string,
  resourceAttributes: Record<string, any> = {}
): Promise<boolean> {
  try {
    const permitted = await permit.check(userId, action, {
      type: resourceType,
      ...resourceAttributes,
    });
    return permitted;
  } catch (error) {
    console.error('Permission check failed:', error);
    return false;
  }
}

 

Benefits of AI Authorization

  1. Enhanced Security: Fine-grained control over what AI agents can access and modify
  2. Human Oversight: Approval workflows for sensitive AI operations
  3. Flexibility: Different permission levels for different AI agents and resources
  4. Auditability: Track all AI actions and approvals
  5. Compliance: Meet regulatory requirements for AI systems

 

Benefits of Externalized Authorization

  1. Separation of Concerns: Authorization logic is separated from application code
  2. Centralized Policy Management: All authorization rules are defined in one place
  3. Consistent Enforcement: Authorization is enforced consistently across the application
  4. Reduced Complexity: Complex authorization rules are handled by Permit.io
  5. Easier Maintenance: Changes to authorization rules don’t require code changes
  6. Audit Trail: All authorization decisions can be logged and audited

 

Conclusion

This project demonstrates how to implement fine-grained authorization for both users and AI agents in a Next.js application using Permit.io. By externalizing authorization, we can create more secure, maintainable, and flexible applications that can safely leverage AI capabilities while maintaining appropriate controls.

 

Setup and Contributing Guidelines

Set Up Your Environment

  1. Fork our repository to your GitHub account.
  2. Clone your fork to your local machine. Use the command git clone https://github.com/RS-labhub/AI_Document_Management_System.git.
  3. Create a new branch for your work. Use a descriptive name, like fix-login-bug or add-user-profile-page.

Commit Your Changes

Submit a Pull Request

Review and Merge

 

Meet the Author

Author

Contact

 

rrs00179 rohan-sharma=9386

 

Thank you for visting this Repo
If you like it, star ⭐ it