Context
The challenge
Public housing authorities and government agencies struggle to provide residents and staff with consistent, accurate, and easily accessible information about housing policies, eligibility, inspections, applications, and operational procedures. Critical documents are scattered across PDFs, portals, and legacy systems, forcing staff to repeatedly search for answers and manually handle repetitive resident inquiries. Generic AI chatbots fail to provide authority-specific knowledge, lack proper compliance and tenant isolation, and are difficult to scale securely across multiple agencies. Housing organizations need a dedicated AI platform that can ingest their own documents, enforce operational limits, support workflow automation, and deliver grounded AI-assisted responses without requiring custom engineering for every authority.
How we worked
Our approach
We built a secure, multi-tenant, API-first AI platform purpose-built for housing authorities and public-sector organizations. Each authority operates as an isolated tenant with dedicated API keys, configurable plan-based quotas (Standard / Pro / Enterprise), and a separate LightRAG namespace for accurate, tenant-scoped knowledge retrieval. The platform orchestrates document uploads to object storage, automated ingestion into LightRAG, AI query workflows through n8n pipelines, and structured usage logging for auditing and billing visibility.
Delivery
The solution
Built on Python 3.11 + FastAPI with SQLAlchemy 2.0 async ORM, PostgreSQL, and Alembic migrations. Multi-layer authentication uses SHA-256 hashed X-API-Key, admin secrets, and internal secrets with constant-time validation, plus tenant suspension enforcement on every request. Documents are uploaded to S3-compatible storage (AWS S3 / Cloudflare R2) and asynchronously ingested into tenant-isolated LightRAG namespaces with end-to-end status tracking (pending → processing → completed / failed). A per-tenant limits engine enforces document, daily query, and monthly token quotas with structured usage events for billing and capacity planning. n8n orchestrates ingestion callbacks, AI query workflows, and internal tenant validation. Health and readiness endpoints monitor PostgreSQL and LightRAG dependencies, exposing degraded states for reliable deployments. Modular routers, dependency-injected services and repositories, global exception handling, OpenAPI docs, structured logging middleware with request correlation, and Docker Compose deployment round out the stack.
Results
Key metrics
- Per-authority LightRAG namespaces
- Tenant Isolation
- Standard, Pro, Enterprise
- Plans
- Hashed API key + admin + internal secret
- Auth Layers
- Docs, daily queries, monthly tokens
- Quotas
Impact
Results & outcomes
- Strict multi-tenant isolation with dedicated API keys and per-authority LightRAG namespaces — no cross-tenant leakage
- Plan-based quotas (documents, daily queries, monthly tokens) for Standard, Pro, and Enterprise tiers prevent runaway AI costs
- Grounded, policy-aware answers via LightRAG dramatically reduce hallucinations versus generic chatbots
- End-to-end document lifecycle visibility (pending / processing / completed / failed) simplifies operational monitoring
- Structured usage events enable transparent auditing, billing attribution, and capacity planning
- Scalable async API-first architecture supports concurrent uploads and queries with PostgreSQL + LightRAG health monitoring
Tech used
Technology stack
Tools and patterns from this engagement—your stack may differ.