AegisRAG is a production-ready Retrieval-Augmented Generation (RAG) system with Role-Based Access Control (RBAC) that enables secure, intelligent question-answering over organizational documents. Built with modern async Python backend and a beautiful React frontend.
AegisRAG (Aegis + RAG) combines the protective power of "Aegis" (shield/protection) with Retrieval-Augmented Generation technology. This system merges the intelligence of Large Language Models (LLMs) with enterprise-grade security through role-based access control. Users can ask natural language questions about documents, and the AI assistant provides accurate answers based only on documents they have permission to access.
- 🔐 JWT-based Authentication - Secure token-based authentication system
- 👥 Role-Based Access Control - 8 distinct roles with granular document permissions
- 🤖 Intelligent RAG System - Azure OpenAI-powered question answering
- 📚 Vector Search - ChromaDB for efficient semantic document retrieval
- 💬 Session Management - Persistent chat history per user
- 🎨 Modern UI - Beautiful, responsive React interface with Framer Motion animations
- ⚡ Async Architecture - High-performance async Python backend
- 🔄 Real-time Updates - Live document access and chat interactions
- FastAPI - Modern async web framework
- Motor - Async MongoDB driver for user management
- ChromaDB - Vector database for document embeddings
- Azure OpenAI - LLM for intelligent responses
- Agno - Agent framework for RAG implementation
- JWT - Secure authentication tokens
- Bcrypt - Password hashing
- React 18 - Modern UI library
- TypeScript - Type-safe development
- Vite - Lightning-fast build tool
- TailwindCSS - Utility-first styling
- Framer Motion - Smooth animations
- Axios - HTTP client
- React Router - Client-side routing
- MongoDB - User data and authentication
- ChromaDB - Vector embeddings storage
- SQLite - User session and chat history
AegisRAG/
├── src/
│ ├── api/ # FastAPI backend
│ │ ├── auth/ # Authentication endpoints
│ │ ├── routes/ # API routes (chat, documents)
│ │ ├── middleware/ # JWT verification
│ │ ├── schemas/ # Pydantic models
│ │ └── api.py # Main FastAPI app
│ │
│ ├── db/ # Database layer
│ │ ├── core/ # MongoDB connection
│ │ ├── auth/ # Password hashing
│ │ ├── models/ # User models
│ │ ├── repositories/ # Data access layer
│ │ └── setup/ # Database initialization
│ │
│ ├── rag/ # RAG system
│ │ └── agent.py # Agno agent with RBAC
│ │
│ └── frontend/ # React application
│ ├── src/
│ │ ├── components/ # React components
│ │ ├── context/ # Auth & Toast contexts
│ │ ├── pages/ # Login & Dashboard
│ │ ├── services/ # API client
│ │ ├── types/ # TypeScript types
│ │ └── utils/ # Helper functions
│ └── dist/ # Production build
│
├── docs/ # Document repository
│ ├── hr_policy.md
│ ├── finance_report.md
│ ├── tech_update.md
│ ├── ai_research.md
│ ├── legal_compliance.md
│ ├── marketing_strategy.md
│ ├── sales_insights.md
│ ├── data_security.md
│ ├── product_roadmap.md
│ └── team_announcement.md
│
├── tmp/ # Runtime data
│ ├── embeddings/ # ChromaDB storage
│ └── memory/ # SQLite sessions
│
├── main.py # CLI entry point
├── pyproject.toml # Python dependencies
├── requirements.txt # Pip requirements
└── render.yaml # Deployment config
- Python 3.13+
- Node.js 18+
- MongoDB instance
- Azure OpenAI API access
Create a .env file in the root directory:
# MongoDB
MONGO_URI=mongodb+srv://username:[email protected]/database
# JWT Authentication
JWT_SECRET_KEY=your-secret-key-here
JWT_ALGORITHM=HS256
ACCESS_TOKEN_EXPIRE_MINUTES=30
# Azure OpenAI - Main Model
AZURE_OPENAI_API_KEY=your-api-key
ENDPOINT=https://your-resource.openai.azure.com/
DEPLOYMENT=your-deployment-name
API_VERSION=2024-08-01-preview
# Azure OpenAI - Embeddings
EMBEDDING_API_KEY=your-embedding-key
EMBEDDING_ENDPOINT=https://your-resource.openai.azure.com/
EMBEDDING_DEPLOYMENT=text-embedding-3-small
EMBEDDING_API_VERSION=2024-08-01-preview
# API Configuration
API_HOST=0.0.0.0
API_PORT=8000- Install Python dependencies:
pip install -r requirements.txt- Initialize the database with sample users:
python -m src.db.setup.init_data- Start the FastAPI server:
uvicorn src.api.api:app --reloadThe API will be available at http://localhost:8000
- API Documentation:
http://localhost:8000/docs - Health Check:
http://localhost:8000/health
- Navigate to frontend directory:
cd src/frontend- Install dependencies:
npm install- Configure API endpoint:
Create
src/frontend/.env:
VITE_API_URL=http://localhost:8000- Start development server:
npm run devThe frontend will be available at http://localhost:5173
Run the interactive CLI:
python main.pyThe system includes 8 predefined roles with specific document access permissions:
| Role | Document Access | Use Case |
|---|---|---|
| Admin | All 10 documents | Full system access |
| HR Manager | HR policies, announcements | Human resources management |
| Finance Analyst | Financial reports, compliance, sales | Financial analysis |
| Tech Engineer | Tech updates, security, AI research, roadmap | Engineering team |
| Marketing Lead | Marketing strategy, sales insights, roadmap | Marketing campaigns |
| Legal Officer | Legal compliance, data security | Legal compliance |
| Data Analyst | AI research, sales insights, marketing | Data analysis |
| General Employee | HR policies, announcements | Basic employee access |
The system comes with pre-configured test users:
Admin:
- Username: rajesh_admin
- Password: admin123
HR Manager:
- Username: anjali_hr
- Password: hr123456
Finance Analyst:
- Username: priya_finance
- Password: finance123
Tech Engineer:
- Username: karthik_tech
- Password: tech123
Marketing Lead:
- Username: neha_marketing
- Password: marketing123
Legal Officer:
- Username: vikram_legal
- Password: legal123
Data Analyst:
- Username: sneha_data
- Password: data123
General Employee:
- Username: amit_employee
- Password: employee123
The system includes 10 sample documents covering various organizational topics:
- hr_policy.md - HR policies and guidelines
- team_announcement.md - Company announcements
- data_security.md - Security protocols
- finance_report.md - Financial reports
- tech_update.md - Technical updates
- ai_research.md - AI research findings
- legal_compliance.md - Legal compliance documents
- sales_insights.md - Sales data and insights
- marketing_strategy.md - Marketing strategies
- product_roadmap.md - Product development plans
POST /auth/login- User login (returns JWT token)POST /auth/register- Register new user (admin only)
POST /chat/query- Ask questions (requires authentication)GET /chat/accessible-documents- Get user's accessible documentsPOST /chat/clear-session- Clear chat history
GET /- API informationGET /health- Health check
- Beautiful gradient animations
- Secure JWT authentication
- Test credentials display
- Responsive design
- Real-time chat interface
- Document sidebar with access list
- User profile display
- Session management
- Smooth animations and transitions
- ChatInterface - Main chat component with message history
- DocumentsSidebar - Shows accessible documents
- Header - User info and navigation
- ProtectedRoute - Route authentication guard
- ToastContainer - Notification system
- JWT Authentication - Secure token-based auth with expiration
- Password Hashing - Bcrypt with salt rounds
- Role Validation - Server-side permission checks
- CORS Protection - Configurable CORS middleware
- Input Validation - Pydantic schema validation
- SQL Injection Prevention - Parameterized queries
- XSS Protection - React's built-in XSS prevention
The project includes a render.yaml configuration for easy deployment:
# Push to GitHub and connect to Render
# Render will automatically deploy using render.yamlcd src/frontend
npm run build
# Deploy dist/ folder to VercelOr use the included vercel.json configuration for automatic deployment.
pytestcd src/frontend
npm run type-checkcd src/frontend
npm run lintcd src/frontend
npm run build-
User Authentication
- User logs in with credentials
- Backend validates and returns JWT token
- Token includes user role information
-
Document Loading
- Documents are embedded using Azure OpenAI embeddings
- Stored in ChromaDB with role-based metadata
- Embeddings are cached to reduce API costs
-
Question Answering
- User asks a question
- System searches ChromaDB with role filters
- Only documents user has access to are searched
- Azure OpenAI generates answer from retrieved context
- Response includes source citations
-
Session Management
- Chat history stored in SQLite per user
- Context maintained across conversations
- Sessions can be cleared by user
- Fully async Python backend using
asyncio - Non-blocking database operations with Motor
- Concurrent request handling
- Semantic search using embeddings
- Efficient similarity search with ChromaDB
- Role-based filtering at vector level
- Agno framework for RAG implementation
- Tool-based architecture for extensibility
- Built-in memory and context management
- React 18 with hooks
- TypeScript for type safety
- Framer Motion for animations
- TailwindCSS for styling
- Vite for fast builds
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
For issues and questions, please open an issue on GitHub.
AegisRAG - Built with ❤️ using Agno, FastAPI, and React