← Jobs

Ai Intelligence Layer

Budget: $400.0 FIXED / ⭐ 3.36 (17) United States

artificial-intelligence, machine-learning, php, api-integration, mysql, python, json, codeigniter

We are enhancing an existing hospitality operations platform built on PHP CodeIgniter 3 monolith architecture with a governed AI Assist Layer named Jack. This is a production system with strict multi-hotel tenant isolation and role-based permissions. This is not a chatbot project. This is not an AI agent project. This is not automation. This is security-first hardening of existing AI plumbing plus a controlled assist layer embedded inside execution and supervisor oversight flows. Authoritative specification is HotelHub AI Enhancement Scope 1.4 Locked Specification. This job post reflects the same requirements. ⸻ Project Objective Implement a governed, deterministic, read-only AI Assist Layer Jack that: • Assists frontline execution inside Active Agenda Task only • Generates structured Supervisor Operational Summaries for Supervisor GM Admin only • Preserves Closed Loop Execution governance • Maintains strict tenant isolation enforced server-side • Adds audit-compatible AI usage logging and cost controls • Preserves optionality through an Admin AI Settings configuration surface • Deploys safely using staging validation and rollback plan Maximum duration 30 days fixed price. Prerequisite: Phase 3 Agenda execution surfaces and data contracts must be stable and frozen before starting. No moving-target schema or UI changes. ⸻ In Scope Only • Secure and harden existing AI controller and model wrappers already present in codebase • Execution Assistant AI Help inside Active Task only • Supervisor Operational Summary generator for Supervisor GM Admin only • Admin-only AI Settings screen configuration only • Immutable AI usage logging with retention policy • Cost controls rate limits plus token ceilings • Security requirements including API key handling output sanitization prompt injection resistance context minimization • Staging to production deployment plan plus rollback plan Change Control: Any work not explicitly listed above requires written change order. No implied scope. ⸻ Explicitly Out of Scope • AI template builder SOP to form acceleration • Natural language query engine analytics query mapping • AI automation agents create assign complete escalate • Predictive analytics cross-hotel intelligence OHI automation • Employee performance scoring • Push-to-talk voice to text translation pivot WebRTC modifications • Vector databases memory systems fine-tuning programs ⸻ Architectural Guardrails Non-Negotiable • AI must never create update delete or modify records • AI must never execute SQL and must never accept raw SQL from clients • AI must never generate SQL for execution • AI must never bypass hotel_id tenant isolation • AI must never auto-complete Agenda tasks • AI must never escalate or create Board items • AI must never modify Library standards SOPs • AI must never modify audit logs or audit behavior • AI endpoints must use a separate read-only database connection user enforced • No OpenAI Realtime dependency required for this scope Chat Completions only Violation equals milestone rejection. ⸻ Governance Hardening Requirements You must implement all of the following: • Permanently remove or disable confirm_and_execute and api_query endpoints • Fix AI controller route mismatch and ensure only intended endpoints are routable • Require authentication on all AI endpoints 401 enforcement • Remove wildcard CORS headers no Access-Control-Allow-Origin star • Enforce server-side hotel_id injection tenant scoping cannot be client-controlled • Implement per-user rate limiting server enforced • Implement per-hotel configurable monthly token ceiling • Implement global monthly token ceiling fail-safe system-wide configurable • Implement server-side timeout cap 8 seconds • Implement structured error handling user-safe message plus detailed server logs without secrets ⸻ Security Requirements Must-Haves • OpenAI API key must never be exposed to frontend client-side code • All AI calls must be server-to-server only • API key storage environment variable preferred never committed never returned never logged • If admin-managed key is enabled, it must be encrypted-at-rest masked in UI never logged and rotatable. Admin-managed key is allowed only if explicitly approved. Default is env variable only. • API key rotation must be possible without code changes and without downtime. Restart acceptable if required but no redeploy. • Output sanitization AI output treated as untrusted text and escaped before rendering. No HTML or script execution. • Prompt injection resistance system prompt must instruct model to ignore rule-changing instructions inside task SOP user content and to never request or reveal secrets and to never attempt cross-tenant access. • Context minimization include only fields required for the specific task or summary. No full-table dumps. No unrelated history. • No internal HotelHub data may be used for model fine-tuning or training unless explicitly approved in a future contract. ⸻ Deterministic AI Configuration Server-Controlled • Model defined server-side only not client-passed • Temperature default 0.2 configurable server-side only not exposed to end users • Max tokens capped server-side • Prompt templates controlled server-side • No user override of model parameters ⸻ AI Usage Logging Audit-Compatible Immutable Create table ai_usage_logs immutable with fields: • id primary key • user_id • hotel_id • context_type agenda_task or supervisor_summary • prompt_hash SHA-256 of full context payload • model_used • tokens_used • request_size • response_size • response_time_ms • success_flag 1 or 0 • created_at Requirements: • Every AI attempt must create a log entry success or failure • Logs must be immutable no updates • AI call may not execute unless log record is created AI Log Retention Policy • Retention configurable default 12 months • Logs may only be purged via Admin-level retention policy • Retention changes must be logged who and when ⸻ Abuse and Automation Protection • Implement abuse protection to prevent automated rapid-fire AI calls beyond configured limits • Optional IP-based throttling for abnormal spikes recommended • Session-based throttling enforcement ⸻ Feature 1 Execution Assistant Inside Agenda Location: Inside Active Agenda Task only. No global chatbot UI. Button label AI Help. Context sent to AI must include: • Task title • Task description • Attached SOP if exists • User role • User language • hotel_id server injected Required output format strict: • Section 1 Clarification • Section 2 Step-by-Step Guidance • Section 3 Safety Notes if applicable Technical constraints: • No persistent conversation memory required • No full page reload AJAX async update only • Timeout cap 8 seconds • Performance target 95th percentile under 5 seconds under normal load fewer than 50 concurrent users • Must not alter task state advisory only • All usage logged in ai_usage_logs ⸻ Device Doctrine Mandatory Acceptance • Desktop inline expandable AI panel must not displace completion controls below viewport • Tablet 10 inch side drawer non-blocking • Handheld 768px or less full-height modal minimum 16px font vertical scrolling only clear close action no horizontal scroll Mobile compliance is hard acceptance criterion. ⸻ Feature 2 Supervisor Operational Summary Access control: • Visible to Supervisor GM Admin • Hidden from hourly roles and other roles unless explicitly permission-enabled Context inputs: • Execution Exceptions • Incomplete tasks • Early shift ends • PM misses if applicable • Open overdue service requests Required output structure: • Section 1 Operational Overview • Section 2 Risk Signals • Section 3 Execution Gaps • No auto-actions and no system-triggering recommendations Constraints: • Read-only derived from immutable records only • Strict tenant scoping via server-side hotel_id injection • All usage logged in ai_usage_logs ⸻ Admin AI Settings Admin-Only Configuration Surface Purpose preserve optionality by centralizing configuration. Configuration only, no new AI features. Must include: • Admin-only screen to view update AI configuration values no end-user access • Configurable values model_used temperature max_tokens per-user rate limit per-hotel token ceiling global token ceiling enable disable AI Help enable disable Supervisor Summary • API key handling default env var only admin screen shows Configured yes no and optional last-rotated date field manual • Admin-managed key only if explicitly approved and must be encrypted-at-rest masked never logged never exposed client-side ⸻ Monitoring and Alerts Operational Safety • Admin-level visibility into token consumption at minimum through log aggregation • Alert mechanism at minimum admin banner or log when global cap is near hotel cap is near or error rate spikes configurable thresholds • Alerts must not expose secrets ⸻ Failure Handling • Graceful UI error on failure no silent failures • Log success_flag equals 0 for failures • System state must remain unaffected ⸻ Environments Deployment Rollback Must-Have • Work must be validated in staging before production • Provide deployment plan steps and dependencies • Provide rollback plan how to disable AI features quickly • AI features must be feature-flagged via Admin AI Settings ⸻ Non-Regression Protection • No modification to Agenda completion logic • No modification to Board governance • No changes to permission spine • No impact to existing audit logs • Provide written non-regression confirmation at final delivery ⸻ Deliverables Artifacts Required • Hardened AI controller and model changes • SQL execution endpoints removed or disabled • Read-only DB enforcement implemented separate DB connection user • Rate limiting plus token ceilings user hotel global • ai_usage_logs migration plus retention controls • Execution Assistant UI inside Active Task only • Supervisor Summary UI • Admin AI Settings screen with env var key default • README architecture configuration operational runbook key rotation caps feature flags • Release notes change summary • Short screen-recorded walkthrough demonstrating AI Help Supervisor Summary Admin Settings ⸻ Testing and UAT • Provide UAT checklist aligned to acceptance criteria • Demonstrate 401 tenant isolation read-only DB token cap enforcement handheld UX behavior • Performance validation demonstrate response target under simulated concurrent usage basic test acceptable ⸻ Legal Ownership Confidentiality All code configurations prompts and documentation produced under this scope are the exclusive property of HotelHub OperationsHub. Developer must keep credentials and internal data confidential and must not reuse proprietary prompts or business logic outside this project. ⸻ To Apply Answer These 1. Have you worked in a production CodeIgniter 3 monolith 2. How will you enforce read-only DB access for AI endpoints 3. How will you prevent prompt injection from user-supplied task and SOP content 4. How will you enforce token ceilings safely per user per hotel and global 5. Describe your deployment and rollback approach for a production CI3 system less View original proposals
Open job