AI Service

This service integrates 3rd party AI Services in App Suite UI, currently ChatGPT from OpenAI.

Architecture

The service offers the API for different AI actions and a micro frontend, actually the App Suite UI sources in form of an UI plugin which is created at build time. The UI Middleware loads the plugin code from the service for App Suite UI. There is no dedicated UI source container needed. Also frontend translations, end-to-end tests and unit tests are located here.

Configuration

As the AI Service delivers the frontend code for App Suite UI, it needs to be configured on the UI Middleware to get the code. Add the AI Service url to the list of baseUrls of the UI Middleware configuration. See the Config map section for details.

Example config map

baseUrls:
  - http://your-core-ui-source-pod/
  - http://your-ai-service-pod/
  - http://some-other-ui-pod/

Details can be found here: Helmchart config

Capability

Important: Starting with the AI-Service 2.0 and Core UI 8.28 the capability was renamed.

Capability: ai-service (was open-ai)

Feature toggle

Important: Starting with the AI-Service 2.0 and Core UI 8.28 the feature toggle was renamed.

Feature toggle:: ai (was open-ai)

Requirements

A running switchboard is needed to run the AI Service, otherwise the plugin won't even start

How to enable for users

AI integration is disabled for all users by default. To enable the feature for users, add the following:

Add capability ai-service which indicates a running AI-Service in your deployment
Enable the feature toggle for users with core ui setting io.ox/core//features/ai to true

Upsell configuration (for Ai Service 2.x)

AI integration supports the core upsell functionality and uses the core configuration for this. To enable upsell for the AI features set the following configuration

io.ox/core//upsell/activated = true
io.ox/core//upsell/enabled/ai-service = true
io.ox/core//features/ai = true

Remove the capability ai-service for all users that should see the upsell triggers. When enabled, all AI buttons and dropdowns are shown in the UI but will trigger an upsell event on the ox object.

Deployment Guide

Introduction

All configuration values can be found in values.yaml.

Note: You need to add the shared secret for JWT verification and this must match the secret configured for switchboard.

Accounting / Plans

Various commercial models within the AI service by restricting user access to paid APIs can be implemented. For instance, a "free" model might allow 10 requests per day or month, while a paid model allows 1000 requests per month. The user and brand limits can be configured via config map on the helm chart. A plan is an object with its key as the id for the plan and has the following properties:

name: The name of the plan
plan: The type of the plan (free, paid)
strategy: The strategy for the plan (duration, monthly)
duration: The duration of the plan (only for duration strategy, format is 30d for 30 days)
limit: The limit of requests per user and brand
enabled: The plan is enabled or not

example for plans:

plans:
  - premium:
      name: "Premium Plan"
      plan: "paid"
      strategy: "monthly"
      limit: 100
      enabled: true
  - trial:
      name: "Trial Plan"
      plan: "free"
      strategy: "duration"
      duration: "30d"
      limit: 100
      enabled: true
  - specialTrial:
      name: "Special Trial Plan"
      plan: "free"
      strategy: "monthly"
      limit: 5
      enabled: true

AI Service Database Configuration Documentation

This documentation provides a clear guide for configuring the AI service with an existing database, detailing the necessary steps and minimal grants required for the database user.

Steps to Configure the AI Service

Enable Database Configuration: Add the following configuration to enable the database for the AI service:
```
 database:
   enabled: true
```
Prepare the Database: The service expects an existing database to connect to and run initial migrations. Follow the steps below to set up the database correctly.

Database Schema Setup

To ensure the AI service operates correctly, you need to create the necessary tables and procedures in your database. Although the actual migration script will be executed automatically, it is essential to ensure that the database user has the appropriate permissions.

Minimal Required Grants

The minimal grants needed for the database user are:

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `your_database_name`.* TO 'your_db_user'@'%';

Replace your_database_name with the name of your database and your_db_user with the name of your database user.

Example Configuration

Here's an example of how to grant the necessary permissions:

CREATE USER 'ai_service_user'@'%' IDENTIFIED BY 'secure_password';

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `ai_service_db`.* TO 'ai_service_user'@'%';

FLUSH PRIVILEGES;

In this example:

ai_service_user is the database user for the AI service.
secure_password is the password for the database user.
ai_service_db is the database name for the AI service.

Helm Configuration

Parameter	Description	Default
`image.repository`	The image to be used for the deployment	`registry.open-xchange.com/core/ai-service`
`image.pullPolicy`	The imagePullPolicy for the deployment	`IfNotPresent`
`image.tag`	The image tag, defaults to app version	`""`
`hostname`	hostname for the ai-service deployment	`""`
`origins`	Allowed origins for CORS	`*`
`logLevel`	specify log level for service	`"info"`
`logJson`	log in JSON format	`false`
`exposeApiDocs`	Expose API documentation via Swagger UI at /api-docs	`false`
`ingress.enabled`	Generate ingress resource	`false`
`ingress.annotations`	Map of key-value pairs that will be added as annotations to the ingress resource	`{}`
`overrides.name`	Name of the chart	`"ai-service"`
`overrides.fullname`	Full name of the chart installation	`"RELEASE-NAME-ai-service"`
`jwtSecret.enabled`	Enable the secret for JWT	`true`
`jwt.sharedSecret`	Shared secret for JWT verification. This must match the secret configured for switchboard	`""`
`jwks.domain`	Domain of JWKS issuer like `example.com` leave empty if you want to use sharedSecret	`""`
`openaiSecret.enabled`	Enable the secret for openai	`true`
`openaiAPIKey`	OpenAI API Key	`""`
`azureSecret.enabled`	Enable the secret for Azure	`false`
`azureAPIUrl`	OpenAI Azure API Url (Internal use only)	`""`
`azureAPIKey`	OpenAI Azure API Key (Internal use only)	`""`
`database.enabled`	Use Database (mandatory for usage tracking and rate limiting)	`false`
`database.host`	SQL server hostname	`RELEASE-NAME-ai-service-sql`
`database.name`	Database name	`RELEASE-NAME-ai-service`
`database.connections`	Number of concurrent connections to the DB server	`"10"`
`database.user`	DB User with access rights to `sqlDB`	`""`
`database.password`	DB Password of `swDBUser`	`""`
`database.rootPassword`	Database root password to perform admin tasks	`""`
`database.rollback`	WARNING: This will roll back the migrations this version has rolled out	`false`
`cron.cleanupDb`	Database cleanup interval (Cron notation)	`0 0 * * * *`
`azureAPIVersion`	OpenAI Azure API Key (Internal use only)	`""`
`openaiBaseUrl`	Url of the OpenAI service (internal use only)	`""`
`usageTracking.enabled`	Enable usage tracking for requests per user and brand	`false`
`plans`	List of plans with limits for users and brands	see example above