AI Models Configuration
AIIA is built with a multi-provider AI routing layer. Administrators can configure, test, and manage local (on-premise) and cloud-based LLM and embedding providers directly from the Admin → AI Models interface.
Supported AI Providers
AIIA supports both local and cloud AI providers to accommodate strict regulatory requirements, air-gapped deployments, or high-performance cloud processing:
| Provider | Type | Typical Models | Authentication | Best For |
|---|---|---|---|---|
| Ollama | Local / On-Premise | llama3, mistral, qwen2.5 | None | Sovereign, air-gapped deployments |
| Gemini | Cloud | gemini-1.5-pro, gemini-1.5-flash | API Key | Deep analysis, multilingual (Arabic) processing |
| OpenAI | Cloud | gpt-4o, gpt-4o-mini | API Key | Complex reasoning, structured output drafting |
| Anthropic | Cloud | claude-3-5-sonnet | API Key | Long-context audit report auditing & synthesis |
| DeepSeek | Cloud / Local | deepseek-chat, deepseek-coder | API Key | Cost-effective reasoning and extraction tasks |
| Custom | Local / Private | Open-Weights models | Custom Header | Dedicated client-hosted model endpoints |
Configuration Fields
When configuring an AI Model in the Admin → AI Models UI, the following parameters are required:
| Field | Description | Example |
|---|---|---|
| Model Name | A descriptive label for the model instance. | Production Reasoning LLM |
| Provider | The target API provider engine. | gemini, ollama, openai, anthropic |
| Model ID | The exact identifier matching the provider registry. | gemini-1.5-pro or llama3:8b |
| API URL | The base connection endpoint for the model API. | https://generativelanguage.googleapis.com |
| API Key | The authorization credentials key (masked & encrypted). | •••••abcd |
| Model Type | The model's target function. | llm (text generation), reasoning, embedding |
| System Prompt | Global system instructions prepended to all queries. | You are the AIIA audit assistant... |
Key Encryption & Security
To prevent key leakage and ensure compliance with Saudi enterprise standards:
- Encryption at Rest: All provider API keys are encrypted at rest in the database using AES-256-GCM via the server's
SECRET_ENCRYPTION_KEYenvironment variable. - Key Masking: Under no circumstances is the full API key ever returned to the client browser. In all listing and configuration forms, keys are masked as
•••••{last4}showing only the last 4 characters. - No Code Changes: Switching model providers is entirely dynamic. Once an administrator configures a provider in the UI, all AI-assisted features (like finding drafts, RAG search, and evidence summarization) automatically route queries through the new model configuration.
Establishing an AI Provider
Follow this workflow to configure a new AI provider:
- Navigate to Admin → AI Models in the dashboard.
- Click Add AI Model.
- Select your provider (e.g.,
GeminiorOllama) and enter the exact model ID. - Input the connection endpoint URL.
- For cloud providers, this is the official API endpoint.
- For on-premise deployments, this is the local Ollama instance (e.g.,
http://ollama:11434).
- Input the API Key. For Ollama/local deployments, this field can be left blank.
- Click Test Connection. The backend will immediately dispatch a lightweight test prompt to verify connectivity.
- Once the connection validates successfully, click Save Config to enable the model.