Opensearch Plugin - maduvena/jans-docs GitHub Wiki

title Dovie AI Demo: Permissioned Chat Bot


actor User
participant BOT
participant Deepseek
participant AS
participant API
participant OpenSearch
participant Disk
participant Plugin
participant Open Search Cedarling
participant Lock Server
participant ITDR


autonumber 1

User<->BOT: Invoke Bot
box over BOT: Dovie.ai\nStarting up!
BOT<->AS: Register
BOT<->AS: Get JWT Access Token
BOT->API: Get me all data for tenant Acme_Inc and Account Foo_Bar
API->OpenSearch: Return all data for tenant=acme_inc
OpenSearch<->Disk: fetch bits
OpenSearch->Plugin: Filter out unauthorized data
Plugin<->Open Search Cedarling: Authorize data against policies
Plugin->OpenSearch: data
OpenSearch->API: data
API->BOT: data
BOT<->Deepseek: train
BOT->User: Can I help you?
Open Search Cedarling->Lock Server: Send Logs
Lock Server->ITDR: Call ITDR API with identity-key corrolated data

• View Sequence Diagram here

Notes

• Although the diagram above only shows the Open Search Cedarling sending logs to the Lock Server, BOT, AS, and API also have Cedarling policy stores and logs. This is how we get a chain of custody from the device to the database (i.e. Zero Trust).

• What if certain records for tenant Acme are labeled confidential, and there is a policy that no confidential information should be returned to the bot.

Some basic reference documents:

1. Opensearch lingo - https://www.instaclustr.com/blog/learning-opensearch-from-scratch-part-1/

2. Deepseek - Opensearch connector + BOT https://opensearch.org/blog/OpenSearch-Now-Supports-DeepSeek-Chat-Models/