np-dms/lcbp3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b8954b300d59d71f41f4bdc4fe9d69b1b521142f
lcbp3/specs/200-fullstacks/227-ai-admin-console/spec.md
T

10 KiB
Raw Blame History

// File: specs/200-fullstacks/227-ai-admin-console/spec.md // Change Log: // - 2026-05-20: Feature Specification สำหรับระบบ AI Admin Console // - 2026-05-21: Restructure following spec-template.md with User Stories, FRs, Success Criteria

Feature Specification: AI Admin Console

Feature Branch: 227-ai-admin-console Created: 2026-05-20 Status: Draft Category: 200-fullstacks Input: ADR-027 AI Admin Panel and Dynamic Control Architecture

User Scenarios & Testing

User Story 1 - Superadmin Toggles AI System On/Off (Priority: P1)

As a Superadmin, I need to dynamically enable or disable AI features for all regular users without redeploying the system, so that I can perform maintenance, manage system load, or handle AI infrastructure issues gracefully.

Why this priority: This is the core control mechanism of the feature. Without it, the admin cannot perform emergency maintenance or manage system resources during high load periods.

Independent Test: Can be fully tested by a Superadmin toggling the AI switch and observing that regular users immediately see the disabled state (within polling interval) while the Superadmin retains full access.

Acceptance Scenarios:

  1. Given the AI system is currently enabled, When a Superadmin toggles the switch to disabled, Then the setting is persisted to database and cache, and regular users see disabled AI buttons within 30 seconds
  2. Given the AI system is currently disabled, When a Superadmin toggles the switch to enabled, Then regular users can access AI features again after the polling interval
  3. Given a regular user has AI permissions, When they attempt to use AI features while the system is disabled, Then they receive HTTP 503 with a user-friendly message explaining temporary unavailability

User Story 2 - Normal Users Experience Soft Fallback (Priority: P1)

As a regular user with AI permissions, I need clear visual feedback when AI features are temporarily disabled, so that I understand why AI buttons are unavailable and can complete my work manually without confusion.

Why this priority: Critical for user experience. Abrupt feature disappearance creates confusion and support tickets. Soft fallback maintains user trust.

Independent Test: Can be tested by disabling AI system and verifying that regular users see disabled buttons with tooltips and global banner, rather than errors or missing UI elements.

Acceptance Scenarios:

  1. Given the AI system is disabled by admin, When a regular user views a document form with AI suggestion buttons, Then those buttons appear disabled with a tooltip explaining "ระบบ AI ไม่พร้อมใช้งานชั่วคราว"
  2. Given the AI system is disabled, When a regular user loads any page, Then a global banner appears at the top stating AI is temporarily unavailable
  3. Given a regular user attempts direct API access to AI endpoints while disabled, When the request is made, Then the system returns HTTP 503 with recovery guidance

User Story 3 - Superadmin Monitors AI Health Status (Priority: P2)

As a Superadmin, I need real-time visibility into AI infrastructure health (Ollama, Qdrant, BullMQ queues), so that I can diagnose issues, monitor latency, and make informed decisions about enabling/disabling AI services.

Why this priority: Essential for operational awareness but secondary to the control mechanism itself.

Independent Test: Can be tested by accessing the AI Admin Console health dashboard and verifying all metrics display correctly with appropriate status indicators.

Acceptance Scenarios:

  1. Given the AI Admin Console is accessed, When a Superadmin views the health panel, Then they see Ollama latency, active model version, Qdrant collection stats, and BullMQ queue metrics (waiting/active/failed jobs)
  2. Given a service is experiencing issues, When health check runs, Then the status displays as degraded/down with relevant metrics highlighted
  3. Given the Superadmin is monitoring the system, When they refresh or view the dashboard, Then metrics are cached for 30 seconds to prevent excessive load

User Story 4 - Superadmin Uses RAG Playground Sandbox (Priority: P2)

As a Superadmin, I need an isolated RAG testing environment where I can query documents and receive AI-generated responses with citations, so that I can test and refine AI behavior without affecting production queues or user experiences.

Why this priority: Enables safe testing and troubleshooting of AI capabilities during maintenance windows.

Independent Test: Can be tested by submitting a RAG query in the sandbox and receiving a complete response with document citations, while verifying the job runs through the isolated sandbox queue.

Acceptance Scenarios:

  1. Given the AI system is disabled for regular users, When a Superadmin submits a RAG query in the sandbox, Then the query processes through the isolated queue and returns results with citations
  2. Given a RAG job is submitted, When it is processing, Then the Superadmin can poll for status updates every 5 seconds and see progress
  3. Given the sandbox queue has multiple jobs, When jobs are processed, Then Superadmin jobs have SUPERADMIN priority (higher than regular batch jobs)

User Story 5 - Superadmin Uses OCR Sandbox for Metadata Extraction (Priority: P2)

As a Superadmin, I need to upload PDF files to an isolated OCR sandbox to test metadata extraction capabilities, so that I can validate AI accuracy and tune extraction parameters without impacting production document processing.

Why this priority: Supports AI tuning and validation workflows, enabling data-driven improvements to extraction accuracy.

Independent Test: Can be tested by uploading a PDF to the OCR sandbox and receiving extracted metadata in JSON format with confidence scores.

Acceptance Scenarios:

  1. Given a PDF file is uploaded to the OCR sandbox, When processing completes, Then the system returns extracted metadata as formatted JSON with syntax highlighting
  2. Given an OCR job is submitted, When processing fails, Then the error is displayed inline in a red box with actionable guidance
  3. Given the queue length is >= 3, When additional sandbox requests are made, Then dynamic rate limiting applies (10 requests/hour per user)

Edge Cases

  • EC-001: What happens when Redis cache is unavailable? System must fall back to database query with <100ms latency penalty
  • EC-002: How does system handle concurrent toggle requests? Last-write-wins with optimistic locking; invalid cache after successful write
  • EC-003: What if Ollama/Qdrant times out during health check? Health service returns DEGRADED status, not DOWN; timeout is 5 seconds per service
  • EC-004: How are long-running sandbox jobs handled? Job status polling available; jobs can be cancelled by admin; results cached for 1 hour
  • EC-005: What happens if a Superadmin loses permissions mid-session? Next API request returns 403; UI redirects to unauthorized page

Requirements

Functional Requirements

  • FR-001: System MUST provide a toggle switch accessible only to Superadmin (system.manage_all) to enable/disable AI features system-wide
  • FR-002: System MUST persist AI enabled/disabled state to system_settings table with Redis caching for <1ms latency on status checks
  • FR-003: System MUST display disabled AI buttons with explanatory tooltips to regular users when AI is turned off
  • FR-004: System MUST show a global banner at the top of all pages when AI is disabled, visible only to users with AI permissions
  • FR-005: System MUST return HTTP 503 Service Unavailable to regular users attempting AI API calls when AI is disabled
  • FR-006: System MUST allow Superadmins full AI access (including sandbox) even when AI is disabled for regular users
  • FR-007: System MUST provide health monitoring dashboard showing Ollama latency, model version, Qdrant stats, and BullMQ queue metrics
  • FR-008: System MUST cache health check results for 30 seconds to prevent excessive infrastructure load
  • FR-009: System MUST provide isolated RAG sandbox queue (ai-admin-sandbox) with SUPERADMIN job priority
  • FR-010: System MUST provide isolated OCR sandbox for PDF metadata extraction with JSON output and syntax highlighting
  • FR-011: System MUST implement dynamic rate limiting for sandbox based on queue length (queue < 3: no limit, queue >= 3: 10 req/hr)
  • FR-012: System MUST poll AI status every 30 seconds from frontend for users with AI permissions
  • FR-013: System MUST support job status polling every 5 seconds for sandbox operations
  • FR-014: System MUST implement AiEnabledGuard with layered permission check (system.manage_all + ai.suggest/ai.rag_query bypass)

Key Entities

  • SystemSetting: Stores dynamic configuration values (AI_FEATURES_ENABLED, etc.) with metadata (data_type, category, validation_rules)
  • SandboxJob: Represents a sandbox operation (RAG query or OCR extraction) with priority, status, and results
  • HealthStatus: Aggregated health metrics from Ollama, Qdrant, and BullMQ with status indicators (HEALTHY/DEGRADED/DOWN)

Success Criteria

Measurable Outcomes

  • SC-001: Superadmin can toggle AI system state with changes reflected to regular users within 30 seconds
  • SC-002: AI status check API responds in under 1ms when cached, under 50ms on cache miss
  • SC-003: 100% of regular users see disabled AI buttons with tooltips when AI is turned off (no hidden or broken UI)
  • SC-004: Health dashboard displays all 3 services (Ollama, Qdrant, BullMQ) with <5 second data staleness
  • SC-005: Sandbox RAG queries return complete responses with citations within 2x normal queue processing time
  • SC-006: Sandbox OCR extraction returns valid JSON for 95% of test PDFs with clear error messages for failures
  • SC-007: Zero unauthorized access to admin endpoints (verified by security tests)
  • SC-008: System gracefully degrades when AI disabled with zero error reports from confused users
Reference in New Issue View Git Blame Copy Permalink