DEV Community

Cover image for LegalMindAI – Your AI-Powered Legal Document Hub
vaatiesther
vaatiesther

Posted on

LegalMindAI – Your AI-Powered Legal Document Hub

#devchallenge #auth0challenge #ai #authentication

Auth0 for AI Agents Challenge Submission

LegalMind AI – Auth0 AI Agents Challenge Submission

This is a submission for the Auth0 for AI Agents Challenge.

What I Built

LegalMind AI showcases how secure AI systems can empower professionals in regulated industries to leverage generative AI without compromising data privacy or compliance. It bridges the gap between document security and AI accessibility, offering a foundation for building trusted, enterprise-grade AI tools.

It offers a secure, AI-powered document management system that enables users and AI agents to interact with legal documents safely and intelligently.

Problems It Solves

  • Secure Access: Ensures only authorized users or agents can view or query documents through Auth0 FGA.
  • Efficient Retrieval: Uses AI to quickly find and summarize relevant legal information from large document sets.
  • Data Privacy: Prevents unauthorized data exposure while still allowing AI-driven insights.
  • Workflow Automation: Reduces manual document searching and analysis for legal professionals.
  • Compliance: Maintains full audit trails for all document actions to meet legal and regulatory standards.

Demo

Repo : https://github.com/essykings/LegalMindAI

Live Link : https://legal-mind-sh89.onrender.com/

1. Homepage

The homepage welcomes users to LegalMind AI, showing login options

Homepage

2. User Login

User 1 (Sarah) logs in securely using Auth0.

Login

3. Uploading a Document

Sarah uploads a private legal case document. This document is only visible to her unless shared or set as public.

Upload

4. Viewing My Documents

Sarah can view all her uploaded documents under My Documents.

View documents

5. Making a Document Public

Sarah uploads another document and marks it as public. Any user can now see and query this document.

Public document

6. AI-Powered Chat

Users can ask questions about their accessible documents. The AI respects user permissions and only answers based on documents they can access.

Example Questions:

  • “Who are the legal counsels listed for Apex Solutions and GreenTech Partners?”

Chat

Since Sarah doesnt have viewer priviledges to the "Apex case", she cant get any information, however she has access to information regarding US law since its a public document

7. Audit Logs

AI queries, and access events are logged for compliance.

Logs

8. Share Documents

User 1 (Sarah) uploads a confidential document. She can choose to share this document with User 2 (James), giving him explicit access while keeping it private from everyone else.

  • Private documents that are not shared remain visible only to the owner.

Example Flow:

  1. Sarah uploads Case_Confidential_A.pdf (private by default).
  2. Sarah shares the document with Jame via the app.
  3. Michael logs in and sees Contract_Review_Apex.pdf in his "My documents" section.

Share

9. Audit Logs

The application keeps a complete audit trail of AI queries, including which documents were used as context and who performed the query.

Example Audit Entry:

{
    "timestamp": "2025-10-26T23:52:21.366970+00:00",
    "question": "How does US law define breach of contract?",
    "documents": [
        {
            "id": "TLnWpz0_6NEWqfCBNjTH7",
            "title": "Public_Legal_Guide"
        }
    ],
    "agent_id": "query agent"
}
Enter fullscreen mode Exit fullscreen mode

10. Summary of Features Demonstrated

  • Secure login via Auth0
  • Document upload, sharing, and privacy control
  • Public and private document distinction
  • AI-powered document query (RAG pipeline)
  • Audit logging of all document and AI actions
  • Role-based access enforced through FGA

How I Used Auth0 for AI Agents

  • Authentication: Auth0 manages secure user login and session handling. 
def authenticate(self, request, token=None):
        if not token:
            return None


        user_info = token.get('userinfo', {})
        auth0_id = user_info.get('sub')
        if not auth0_id:
            raise ValueError("Auth0 user ID ('sub') is missing!")
Enter fullscreen mode Exit fullscreen mode
  • Authorization: Fine-grained control using FGA ensures users only access documents they own or are shared with them. 
 retriever = FGARetriever(
        retriever=vector_store.as_retriever(),
        build_query=lambda doc: ClientBatchCheckItem(
            user=f"user:{user_email}",
            object=f"doc:{doc.metadata.get('document_id')}",
            relation="can_view",
        ),
    )
Enter fullscreen mode Exit fullscreen mode

Key Lessons and Challenges

  • File Handling: Faced difficulties serving and displaying PDF files securely within Django while preserving access restrictions.
  • Database Selection: Spent significant time finding the right database setup for semantic search and vector storage
  • Integration Complexity: Managing communication between Django, Auth0 FGA, and AI services required careful configuration and debugging.
  • Error Management: Handling unexpected API or embedding errors without exposing sensitive details was a constant learning process.

Takeaways

  • I learned how powerful and flexible Auth0 tools are for building secure, fine-grained authorization systems.

Test Users

Email: sarah.mitchell@lexfirm.com
Password :TestPass123!

Email: james.thompson@example.com
Email :TestPass123!

Top comments (0)