Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: create create_design_document pattern #1070

Merged
merged 1 commit into from
Oct 25, 2024
Merged

feat: create create_design_document pattern #1070

merged 1 commit into from
Oct 25, 2024

Conversation

xvnpw
Copy link
Contributor

@xvnpw xvnpw commented Oct 23, 2024

What this Pull Request (PR) does

New pattern: create_design_document - it creates structured design document with initial description of idea or project.

Related issues

Please reference any open issues this PR relates to in here.
If it closes an issue, type closes #[ISSUE_NUMBER].

Screenshots

Input

# AI Nutrition-Pro

## Business background

Dietitians use online applications to create meals, diets and calculate calories called meal planners. Different professionals have different ways of creating diets, which gives a personal style to it. LLMs can reproduce this personal style of writing based on samples of already created content. Meal planners can use LLMs to speed up diet creation for dietitians.

## Project Overview

AI Nutrition-Pro will be backend API application that will have the possibility to integrate with any meal planner application for dietitians. It will reproduce the personal style of a nutrition specialist based on samples.

Dietitians will not use the application directly but from their meal planner applications. There will be no user interface exposed to Dietitians. Integration will be using meal plan applications backend.

Direct clients of AI Nutrition-Pro will be applications like DietMaster Pro, Nutritionist Pro, or others. Those clients will send to AI Nutrition-Pro samples of content and AI Nutrition-Pro will generate requested type of content based on that. AI Nutrition-Pro will use LLM to generate requested content.

## Core Features

- multi-tenant API application - where tenant is client application like DietMaster Pro, Nutritionist Pro, or others.
- each tenant can contain many dietitians.
- each dietitian can have multiple customers.
- the application will be deployed into AWS cloud and use cloud-based services to store and process data.
- the application will store and process PII information that might contain personal health data of customers.
- ChatGPT 3.5 will be used as LLM.

## High level connection view

mermaid
flowchart TB
    DietMaster-Pro --> AI-Nutrition-Pro
    Nutritionist-Pro --> AI-Nutrition-Pro
    subgraph AWS
    AI-Nutrition-Pro
    end
    subgraph OpenAI
    ChatGPT-3.5
    end
    AI-Nutrition-Pro --> ChatGPT-3.5

Output

# AI Nutrition-Pro Design Document

## BUSINESS POSTURE

The business priorities and goals for AI Nutrition-Pro are to enhance the efficiency and personalization of diet creation for dietitians by integrating with existing meal planner applications. The key objectives are to provide a seamless and secure backend API service that can reproduce the personal style of nutrition specialists using LLMs. 

Most important business risks include:
1. Ensuring data privacy and protection, especially concerning PII and personal health data.
2. Maintaining high availability and reliability of the API service.
3. Ensuring scalability to handle multiple tenants and large volumes of data.

## SECURITY POSTURE

Existing Security Controls:
- security control: Use of AWS cloud services with built-in security features for data storage and processing.
- security control: Integration with ChatGPT 3.5 will be secured using OpenAI's recommended practices.
- security control: API access will be secured using API keys and OAuth2.

Accepted Risks:
- accepted risk: Dependency on third-party services like OpenAI for LLM functionality, which may introduce latency or service outages.

Recommended Security Controls:
- Implement encryption for data at rest and in transit.
- Establish a comprehensive logging and monitoring system to detect and respond to security incidents.
- Conduct regular security audits and vulnerability assessments.

Security Requirements:
- The system must comply with data protection regulations such as GDPR and HIPAA.
- Role-based access control should be implemented to restrict access to sensitive data.
- Data anonymization techniques should be applied to reduce the risk of exposing PII.

## DESIGN

### C4 CONTEXT

mermaid
graph TB
    DietMasterPro[DietMaster Pro] -->|Integrates with| AI_NutritionPro[AI Nutrition-Pro]
    NutritionistPro[Nutritionist Pro] -->|Integrates with| AI_NutritionPro
    AI_NutritionPro -->|Requests content from| ChatGPT35[ChatGPT 3.5]

| Name             | Type         | Description                                                 | Responsibilities                                | Security Controls                                 |
|------------------|--------------|-------------------------------------------------------------|-------------------------------------------------|---------------------------------------------------|
| DietMaster Pro   | External App | Meal planner application integrating with AI Nutrition-Pro  | Sends dietitian samples and requests content    | API key, OAuth2                                    |
| Nutritionist Pro | External App | Meal planner application integrating with AI Nutrition-Pro  | Sends dietitian samples and requests content    | API key, OAuth2                                    |
| AI Nutrition-Pro | System       | Backend API service for generating personalized content     | Processes requests, interfaces with ChatGPT 3.5 | Encryption, access control, logging                |
| ChatGPT 3.5      | External API | LLM API by OpenAI used for content generation               | Generates personalized content                  | OpenAI security practices, API key                 |

### C4 CONTAINER

mermaid
graph TB
    subgraph AI_NutritionPro
        APIService[API Service] --> ProcessingService[Processing Service]
        ProcessingService --> DataStore[Data Store]
        ProcessingService --> OpenAIConnector[OpenAI Connector]
    end
    OpenAIConnector --> ChatGPT35

| Name             | Type          | Description                                        | Responsibilities                              | Security Controls                                 |
|------------------|---------------|----------------------------------------------------|-----------------------------------------------|---------------------------------------------------|
| API Service      | Container     | Handles incoming requests and responses            | Validates requests, manages authentication    | API gateway, rate limiting                        |
| Processing Service| Container    | Processes data and interfaces with other services  | Applies business logic, manages data flow     | Data validation, logging                          |
| Data Store       | Container     | Stores samples and generated content               | Data storage and retrieval                    | Encryption, access control                        |
| OpenAI Connector | Container     | Manages communication with ChatGPT 3.5             | Handles API requests and responses            | API key, OpenAI security practices                |

### C4 DEPLOYMENT

mermaid
graph TB
    subgraph AWS_Cloud
        EC2Instance[EC2 Instance] --> APIService
        EC2Instance --> ProcessingService
        RDSInstance[RDS Instance] --> DataStore
    end
    OpenAICloud[OpenAI Cloud] --> ChatGPT35


| Name            | Type       | Description                              | Responsibilities                          | Security Controls                                 |
|-----------------|------------|------------------------------------------|-------------------------------------------|---------------------------------------------------|
| EC2 Instance    | Node       | AWS compute resource for running services| Hosts API and Processing services         | Security groups, IAM roles                        |
| RDS Instance    | Node       | AWS database service for data storage    | Hosts Data Store                          | Encryption, VPC isolation                         |
| OpenAI Cloud    | External   | OpenAI's infrastructure for ChatGPT 3.5  | Hosts ChatGPT 3.5 API                     | Managed by OpenAI                                 |

## RISK ASSESSMENT

- What are critical business processes we are trying to protect?
  The critical business processes include secure data handling, content generation, and maintaining service availability for meal planner integrations.

- What data are we trying to protect, and what is their sensitivity?
  We are trying to protect PII and personal health data of customers, which are highly sensitive and subject to data protection regulations.

## QUESTIONS & ASSUMPTIONS

Questions:
- What specific data protection regulations (e.g., HIPAA, GDPR) apply to AI Nutrition-Pro?
- What are the expected volumes of data and requests, and how will scalability be managed?

Assumptions:
- It is assumed that the meal planner applications will handle user consent and data collection in compliance with relevant regulations.
- It is assumed that OpenAI's ChatGPT 3.5 will remain available and reliable for content generation tasks.

@xvnpw xvnpw mentioned this pull request Oct 24, 2024
Merged
@eugeis eugeis merged commit 3a1bf73 into danielmiessler:main Oct 25, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xvnpw @eugeis