AI Features
Breeze includes a built-in AI assistant powered by the Claude Agent SDK that can query your fleet, diagnose device issues, and take action on your behalf. The assistant runs as a managed agent with a query loop — it receives your question, plans a sequence of tool calls, executes them against live fleet data, and returns a synthesized answer. All tool executions are governed by a tiered approval system with full audit logging and per-tool rate limits.
Six capabilities extend and govern this system:
- AI Risk Engine — governance dashboard for controlling and auditing AI-assisted operations
- Fleet Orchestration Brain — command center for fleet-scale AI-driven management
- AI Device Context Memory — persistent per-device memory that the AI carries across conversations
- Helper AI Chat — end-user-facing AI assistant in the Breeze Helper tray app
- AI Cost Tracking — per-session and per-organisation usage and cost monitoring
- AI Input Sanitization — guardrails that validate and sanitize all AI inputs before execution
AI Risk Engine
Section titled “AI Risk Engine”The AI Risk Engine categorises every AI tool into one of four tiers that control how it executes. Navigate to it via Monitoring → AI Risk Engine in the sidebar.
Tool tiers
Section titled “Tool tiers”| Tier | Execution | Examples |
|---|---|---|
| Tier 1 | Auto-execute (read-only, no approval) | query_devices, analyze_metrics, get_security_posture, get_active_users, file_operations (list/read), disk_cleanup (preview), propose_action_plan, list_configuration_policies, get_effective_configuration, preview_configuration_change, get_configuration_policy, configuration_policy_compliance, manage_processes (list), get_service_monitoring_status, query_monitors, query_backups, get_backup_status, browse_snapshots, get_incident_timeline, generate_incident_report, list_playbooks, get_playbook_history, search_documentation |
| Tier 2 | Auto-execute + audit logged | manage_alerts acknowledge/resolve actions, manage_services list action, set_device_context, resolve_device_context, apply_configuration_policy, remove_configuration_policy_assignment, manage_configuration_policy (activate/deactivate), create_incident, collect_evidence |
| Tier 3 | Requires human approval before execution | execute_command, run_script, disk_cleanup (execute), network_discovery, security_scan (quarantine/remove/restore), file_operations (write/delete/mkdir/rename), manage_configuration_policy (create/update/delete), manage_processes (kill), manage_monitors (create/update/delete), trigger_backup, restore_snapshot, execute_containment, execute_playbook |
| Tier 4 | Blocked — never executed | Cross-org operations |
Approval workflow
Section titled “Approval workflow”When the AI proposes a Tier 3 action, it enters a pending state and waits for human approval.
-
Open Monitoring → AI Risk Engine.
-
Click Approval History.
-
Find the pending request and review the action details.
-
Click Approve to allow execution, or Reject to cancel it.
Approved actions execute immediately. Rejected actions are logged and the AI is notified.
Rate limits
Section titled “Rate limits”Each tool has a per-tool sliding window rate limit. Requests that exceed the limit are rejected and logged in the Rejection & Denial Log.
| Tool | Limit | Window |
|---|---|---|
execute_command | 10 requests | 5 min |
run_script | 5 requests | 5 min |
disk_cleanup | 3 requests | 10 min |
network_discovery | 2 requests | 10 min |
security_scan | 3 requests | 10 min |
file_operations | 20 requests | 5 min |
manage_services | 10 requests | 5 min |
analyze_disk_usage | 10 requests | 5 min |
get_user_experience_metrics | 20 requests | 5 min |
manage_configuration_policy | 20 requests | 5 min |
manage_processes | 15 requests | 5 min |
query_monitors | 30 requests | 5 min |
manage_monitors | 10 requests | 5 min |
get_service_monitoring_status | 30 requests | 5 min |
query_backups | 20 requests | 5 min |
get_backup_status | 20 requests | 5 min |
browse_snapshots | 20 requests | 5 min |
trigger_backup | 3 requests | 10 min |
restore_snapshot | 3 requests | 10 min |
create_incident | 5 requests | 5 min |
execute_containment | 5 requests | 10 min |
collect_evidence | 10 requests | 5 min |
get_incident_timeline | 20 requests | 5 min |
generate_incident_report | 10 requests | 5 min |
list_playbooks | 20 requests | 5 min |
execute_playbook | 3 requests | 10 min |
Action Plans
Section titled “Action Plans”The AI can propose multi-step action plans for complex operations that require human review before execution. When the AI invokes propose_action_plan, it creates a structured plan with pre-flight checks for each step. Plans operate in two modes:
| Mode | Description |
|---|---|
action_plan | A sequence of concrete steps to be executed after approval |
hybrid_plan | A mix of informational analysis and executable steps |
Action plans are subject to the same approval workflow as Tier 3 tools — the plan must be approved before any steps execute.
Dashboard sections
Section titled “Dashboard sections”The Risk Engine dashboard provides five views, each filterable by time range (24 h / 7 d / 30 d):
| Section | What it shows |
|---|---|
| Tier Overview Matrix | Tool counts per tier with colour-coded risk levels |
| Tool Execution Analytics | Execution status breakdown, top tools, average duration |
| Approval History | Pending, approved, and rejected Tier 3 requests |
| Rate Limit Status | Per-tool limit cards with current usage |
| Rejection & Denial Log | Failed, rejected, and security-denied operations |
API reference
Section titled “API reference”| Method | Path | Description |
|---|---|---|
| GET | /ai/admin/tool-executions | Tool execution analytics (?since=ISO&limit=1–200, default 100) |
| GET | /ai/admin/security-events | Guardrail audit trail (?since=ISO&limit=1–100&action=filter) |
Fleet Orchestration Brain
Section titled “Fleet Orchestration Brain”The Fleet Orchestration Brain is an AI command centre for fleet-scale operations. Open it via Fleet in the main navigation sidebar.
Dashboard metrics
Section titled “Dashboard metrics”The page shows eight stat cards that aggregate live fleet data:
| Card | What it shows |
|---|---|
| Policies | Total policies, enforcing count, compliance %, non-compliant devices |
| Deployments | Active, pending, completed, and failed deployment counts |
| Patches | Pending approval, approved, installed; critical pending count |
| Alerts | Critical, high, medium, and low alert counts |
| Device Groups | Count of static and dynamic groups |
| Automations | Configured automations with recent run history |
| Maintenance Windows | Active windows with suppression flags |
| Reports | Available report templates and schedules |
AI tools
Section titled “AI tools”When you are on the Fleet Orchestration page, the AI assistant gains access to eight fleet-level tools:
| Tool | What it does |
|---|---|
manage_policies | List, evaluate, create, activate/deactivate, and remediate policies |
manage_deployments | Create, start, pause, resume, and cancel deployments |
manage_patches | Scan, approve, decline, defer, bulk approve, and rollback patches |
manage_groups | Create static/dynamic groups and manage membership |
manage_maintenance_windows | Schedule maintenance windows with timezone support |
manage_automations | Create and update automation rules and event triggers |
manage_alert_rules | Configure alerting templates per device or site |
generate_report | Generate inventory, compliance, performance, and executive summary reports |
Quick actions
Section titled “Quick actions”The page includes pre-populated AI chat buttons that open the AI sidebar with a domain-specific prompt:
| Button | Pre-filled prompt |
|---|---|
| Check compliance | Show me a compliance summary for all policies |
| Active deployments | List all active deployments and their progress |
| Critical patches | What critical patches are pending approval? |
| Alert overview | Give me a summary of active alerts by severity |
| Maintenance windows | What maintenance windows are active right now? |
| Run automations | List all enabled automations and their recent run history |
| Device groups | Show me all device groups and their member counts |
| Generate report | Generate an executive summary report for the fleet |
AI Device Context Memory
Section titled “AI Device Context Memory”The AI can remember device-specific facts across conversations. When you ask the AI about a device, it automatically loads that device’s context entries and incorporates them into its analysis — so it won’t re-alert on known quirks or forget about open follow-ups.
Context types
Section titled “Context types”| Type | Purpose | Example |
|---|---|---|
issue | Known problems to track | ”Recurring BSOD on boot since Jan 2026” |
quirk | Normal but unusual behaviour | ”Slow startup is expected due to a legacy driver” |
followup | Pending actions | ”Check disk health after replacement on 2026-03-01” |
preference | User or device preferences | ”Maintenance window: Sundays 2 AM–4 AM only” |
Managing context
Section titled “Managing context”Context is managed through the AI assistant — there is no separate UI. Ask naturally:
- “Remember that this device has a recurring BSOD issue.”
- “Mark the disk check follow-up as resolved.”
- “What do you know about HOSTNAME?”
Context entries can have an expiry date, which is useful for time-bound follow-ups. Expired entries are excluded from future queries but are not deleted.
The AI uses three tools internally to manage context:
| Tool | Tier | Description |
|---|---|---|
get_device_context | Tier 1 | Load context entries for a device |
set_device_context | Tier 2 | Create a new context entry |
resolve_device_context | Tier 2 | Mark an existing entry as resolved |
Helper AI Chat
Section titled “Helper AI Chat”The Breeze Helper tray application includes an AI chat interface designed for end users (not just administrators). When enabled at the organisation level, end users can ask the Helper questions about their device, troubleshoot issues, and request common IT actions — all without opening a support ticket.
How it works
Section titled “How it works”The Helper AI agent runs on the API server using a filtered tool set. Not all AI tools are available to the Helper — the helperToolFilter service restricts access to safe, device-scoped operations appropriate for end users.
| Capability | Description |
|---|---|
| Device diagnostics | ”Why is my computer slow?” — analyzes CPU, memory, disk, and boot data |
| Vision troubleshooting | Captures a screenshot and uses AI vision to interpret error dialogs or UI issues |
| Self-service actions | Common IT tasks like clearing temp files, restarting services, checking updates |
| Computer control | AI can interact with the desktop to perform guided actions (Tier 3, requires approval) |
Organisation toggle
Section titled “Organisation toggle”Helper chat is controlled per organisation. Administrators can enable or disable it via organisation settings. The toggle is delivered to agents through the heartbeat response — when disabled, the Helper hides its chat interface.
AI Cost Tracking
Section titled “AI Cost Tracking”Every AI session tracks token usage and estimated cost. The aiCostTracker service records input tokens, output tokens, and total cost per session, per user, and per organisation.
Viewing costs
Section titled “Viewing costs”Navigate to Settings → AI Usage to view:
| Metric | Description |
|---|---|
| Total sessions | Number of AI conversations |
| Total tokens | Combined input + output tokens consumed |
| Estimated cost | Dollar cost based on Claude API pricing |
| Per-user breakdown | Token usage grouped by user |
| Per-session detail | Individual session cost and token counts |
Cost data is stored in the aiSessions and aiMessages tables alongside the conversation history.
AI Input Sanitization
Section titled “AI Input Sanitization”The aiInputSanitizer service validates all user inputs before they reach the AI agent. This layer prevents prompt injection, command injection, and other adversarial inputs from being passed to AI tool calls.
Sanitization includes:
- Input length limits
- Pattern detection for known injection techniques
- Escaping of shell metacharacters in tool arguments
- Validation against Zod schemas defined in
aiToolSchemas.ts
All rejected inputs are logged in the security event trail accessible via the Risk Engine dashboard.
Backup AI Tools
Section titled “Backup AI Tools”The AI assistant can query, manage, and operate backups across your fleet. These tools are available in any AI chat session.
| Tool | Tier | Description |
|---|---|---|
query_backups | 1 | List backup configurations, jobs, and policies |
get_backup_status | 1 | Health summary for a device or organization (active configs, job counts, storage totals) |
browse_snapshots | 1 | List available snapshots for a device with timestamps, sizes, and expiration |
trigger_backup | 3 | Initiate an on-demand backup for a device (requires approval) |
restore_snapshot | 3 | Restore data from a snapshot to a device (requires approval) |
See Device Backup for configuration details.
Incident Response AI Tools
Section titled “Incident Response AI Tools”The AI can create and manage security incidents, execute containment actions, and collect forensic evidence.
| Tool | Tier | Description |
|---|---|---|
create_incident | 2 | Create a new security incident with classification and severity |
execute_containment | 3 | Run a containment action on a device (process kill, network isolation, account disable, USB block) |
collect_evidence | 2 | Collect forensic evidence from a device (logs, processes, connections, screenshots) |
get_incident_timeline | 1 | View the full timeline of an incident |
generate_incident_report | 1 | Generate a structured report with action and evidence summaries |
See Incident Response for the full workflow.
Context-Aware Help Panel
Section titled “Context-Aware Help Panel”The dashboard includes a slide-out documentation panel that opens the correct docs page based on your current location in the app. Open it with Cmd+Shift+H (macOS) or Ctrl+Shift+H (Windows/Linux).
| Page you’re on | Docs page that opens |
|---|---|
| Scripts | Scripting docs |
| Patches | Patch management docs |
| Devices | Device management docs |
| Configuration Policies | Policy docs |
The help panel coordinates with the AI chat sidebar — opening one closes the other. When the AI assistant references documentation in a chat response, the links open directly in the help panel instead of a new browser tab.
AI Documentation Search
Section titled “AI Documentation Search”The AI assistant can search all documentation pages using the search_documentation tool (Tier 1, auto-execute). The search index is built at compile time and covers all pages in the docs site.
| Tool | Tier | Description |
|---|---|---|
search_documentation | 1 | Search documentation pages by keyword and return relevant sections with direct links |
Playbook AI Tools
Section titled “Playbook AI Tools”The AI can list and execute remediation playbooks as part of automated incident response.
| Tool | Tier | Description |
|---|---|---|
list_playbooks | 1 | List available playbooks, optionally filtered by category |
execute_playbook | 3 | Execute a playbook on a device with runtime variables (requires approval) |
get_playbook_history | 1 | View execution history for a playbook or device |
See Playbooks for playbook definitions and step types.
Troubleshooting
Section titled “Troubleshooting”Tier 3 action pending but never executing
Tier 3 actions require manual approval. Open Monitoring → AI Risk Engine → Approval History and approve or reject the pending request.
AI Risk Engine dashboard shows no data
The dashboard requires at least one AI tool execution to have occurred. Ask the AI assistant a question about your fleet to generate initial data.
Fleet Orchestration stat cards showing zeros
Some endpoints (deployments, reports) return empty results if no data exists yet. Cards populate independently — a zero on one card does not indicate a general problem. Partial endpoint failures are shown as warnings in the UI.
Context entries not appearing for a device
The AI loads context only for the specific device you ask about. Try: “What do you know about [hostname]?” to trigger explicit context loading.
set_device_context not working
set_device_context is Tier 2 (auto-execute + audit logged) and requires devices:write permission. Confirm your role includes write access to devices.