Skip to content

AI Features

Breeze includes a built-in AI assistant powered by the Claude Agent SDK that can query your fleet, diagnose device issues, and take action on your behalf. The assistant runs as a managed agent with a query loop — it receives your question, plans a sequence of tool calls, executes them against live fleet data, and returns a synthesized answer. All tool executions are governed by a tiered approval system with full audit logging and per-tool rate limits.

Six capabilities extend and govern this system:

  • AI Risk Engine — governance dashboard for controlling and auditing AI-assisted operations
  • Fleet Orchestration Brain — command center for fleet-scale AI-driven management
  • AI Device Context Memory — persistent per-device memory that the AI carries across conversations
  • Helper AI Chat — end-user-facing AI assistant in the Breeze Helper tray app
  • AI Cost Tracking — per-session and per-organisation usage and cost monitoring
  • AI Input Sanitization — guardrails that validate and sanitize all AI inputs before execution

The AI Risk Engine categorises every AI tool into one of four tiers that control how it executes. Navigate to it via Monitoring → AI Risk Engine in the sidebar.

Tier Execution Examples
Tier 1 Auto-execute (read-only, no approval) query_devices, analyze_metrics, get_security_posture, get_active_users, file_operations (list/read), disk_cleanup (preview), propose_action_plan, list_configuration_policies, get_effective_configuration, preview_configuration_change, get_configuration_policy, configuration_policy_compliance, manage_processes (list), get_service_monitoring_status, query_monitors, query_backups, get_backup_status, browse_snapshots, get_incident_timeline, generate_incident_report, list_playbooks, get_playbook_history, get_vulnerability_report, get_device_vulnerabilities, search_documentation
Tier 2 Auto-execute + audit logged manage_alerts acknowledge/resolve actions, manage_services list action, set_device_context, resolve_device_context, apply_configuration_policy, remove_configuration_policy_assignment, manage_configuration_policy (activate/deactivate), create_incident, collect_evidence
Tier 3 Requires human approval before execution execute_command, run_script, disk_cleanup (execute), network_discovery, security_scan (quarantine/remove/restore), file_operations (write/delete/mkdir/rename), manage_configuration_policy (create/update/delete), manage_processes (kill), manage_monitors (create/update/delete), trigger_backup, restore_snapshot, execute_containment, execute_playbook, remediate_vulnerability
Tier 4 Blocked — never executed Cross-org operations

When the AI proposes a Tier 3 action, it enters a pending state and waits for human approval.

  1. Open Monitoring → AI Risk Engine.

  2. Click Approval History.

  3. Find the pending request and review the action details.

  4. Click Approve to allow execution, or Reject to cancel it.

Approved actions execute immediately. Rejected actions are logged and the AI is notified.

Each tool has a per-tool sliding window rate limit. Requests that exceed the limit are rejected and logged in the Rejection & Denial Log.

Tool Limit Window
execute_command 10 requests 5 min
run_script 5 requests 5 min
disk_cleanup 3 requests 10 min
network_discovery 2 requests 10 min
security_scan 3 requests 10 min
file_operations 20 requests 5 min
manage_services 10 requests 5 min
analyze_disk_usage 10 requests 5 min
get_user_experience_metrics 20 requests 5 min
manage_configuration_policy 20 requests 5 min
manage_processes 15 requests 5 min
query_monitors 30 requests 5 min
manage_monitors 10 requests 5 min
get_service_monitoring_status 30 requests 5 min
query_backups 20 requests 5 min
get_backup_status 20 requests 5 min
browse_snapshots 20 requests 5 min
trigger_backup 3 requests 10 min
restore_snapshot 3 requests 10 min
create_incident 5 requests 5 min
execute_containment 5 requests 10 min
collect_evidence 10 requests 5 min
get_incident_timeline 20 requests 5 min
generate_incident_report 10 requests 5 min
list_playbooks 20 requests 5 min
execute_playbook 3 requests 10 min

The AI can propose multi-step action plans for complex operations that require human review before execution. When the AI invokes propose_action_plan, it creates a structured plan with pre-flight checks for each step. Plans operate in two modes:

Mode Description
action_plan A sequence of concrete steps to be executed after approval
hybrid_plan A mix of informational analysis and executable steps

Action plans are subject to the same approval workflow as Tier 3 tools — the plan must be approved before any steps execute.

The Risk Engine dashboard provides five views, each filterable by time range (24 h / 7 d / 30 d):

Section What it shows
Tier Overview Matrix Tool counts per tier with colour-coded risk levels
Tool Execution Analytics Execution status breakdown, top tools, average duration
Approval History Pending, approved, and rejected Tier 3 requests
Rate Limit Status Per-tool limit cards with current usage
Rejection & Denial Log Failed, rejected, and security-denied operations
Method Path Description
GET /ai/admin/tool-executions Tool execution analytics (?since=ISO&limit=1–200, default 100)
GET /ai/admin/security-events Guardrail audit trail (?since=ISO&limit=1–100&action=filter)

The Fleet Orchestration Brain is an AI command centre for fleet-scale operations. Open it via Fleet in the main navigation sidebar.

The page shows eight stat cards that aggregate live fleet data:

Card What it shows
Policies Total policies, enforcing count, compliance %, non-compliant devices
Deployments Active, pending, completed, and failed deployment counts
Patches Pending approval, approved, installed; critical pending count
Alerts Critical, high, medium, and low alert counts
Device Groups Count of static and dynamic groups
Automations Configured automations with recent run history
Maintenance Windows Active windows with suppression flags
Reports Available report templates and schedules

When you are on the Fleet Orchestration page, the AI assistant gains access to eight fleet-level tools:

Tool What it does
manage_policies List, evaluate, create, activate/deactivate, and remediate policies
manage_deployments Create, start, pause, resume, and cancel deployments
manage_patches Scan, approve, decline, defer, bulk approve, and rollback patches
manage_groups Create static/dynamic groups and manage membership
manage_maintenance_windows Schedule maintenance windows with timezone support
manage_automations Create and update automation rules and event triggers
manage_alert_rules Configure alerting templates per device or site
generate_report Generate inventory, compliance, performance, and executive summary reports

The page includes pre-populated AI chat buttons that open the AI sidebar with a domain-specific prompt:

Button Pre-filled prompt
Check compliance Show me a compliance summary for all policies
Active deployments List all active deployments and their progress
Critical patches What critical patches are pending approval?
Alert overview Give me a summary of active alerts by severity
Maintenance windows What maintenance windows are active right now?
Run automations List all enabled automations and their recent run history
Device groups Show me all device groups and their member counts
Generate report Generate an executive summary report for the fleet

The AI can remember device-specific facts across conversations. When you ask the AI about a device, it automatically loads that device’s context entries and incorporates them into its analysis — so it won’t re-alert on known quirks or forget about open follow-ups.

Type Purpose Example
issue Known problems to track “Recurring BSOD on boot since Jan 2026”
quirk Normal but unusual behaviour “Slow startup is expected due to a legacy driver”
followup Pending actions “Check disk health after replacement on 2026-03-01”
preference User or device preferences “Maintenance window: Sundays 2 AM–4 AM only”

Context is managed through the AI assistant — there is no separate UI. Ask naturally:

  • “Remember that this device has a recurring BSOD issue.”
  • “Mark the disk check follow-up as resolved.”
  • “What do you know about HOSTNAME?”

Context entries can have an expiry date, which is useful for time-bound follow-ups. Expired entries are excluded from future queries but are not deleted.

The AI uses three tools internally to manage context:

Tool Tier Description
get_device_context Tier 1 Load context entries for a device
set_device_context Tier 2 Create a new context entry
resolve_device_context Tier 2 Mark an existing entry as resolved

The Breeze Helper tray application includes an AI chat interface designed for end users (not just administrators). When enabled at the organisation level, end users can ask the Helper questions about their device, troubleshoot issues, and request common IT actions — all without opening a support ticket.

The Helper AI agent runs on the API server using a filtered tool set. Not all AI tools are available to the Helper — the helperToolFilter service restricts access to safe, device-scoped operations appropriate for end users.

Capability Description
Device diagnostics “Why is my computer slow?” — analyzes CPU, memory, disk, and boot data
Vision troubleshooting Captures a screenshot and uses AI vision to interpret error dialogs or UI issues
Self-service actions Common IT tasks like clearing temp files, restarting services, checking updates
Computer control AI can interact with the desktop to perform guided actions (Tier 3, requires approval)

Helper chat is controlled per organisation. Administrators can enable or disable it via organisation settings. The toggle is delivered to agents through the heartbeat response — when disabled, the Helper hides its chat interface.


Every AI session tracks token usage and estimated cost. The aiCostTracker service records input tokens, output tokens, and total cost per session, per user, and per organisation.

Navigate to Settings → AI Usage to view:

Metric Description
Total sessions Number of AI conversations
Total tokens Combined input + output tokens consumed
Estimated cost Dollar cost based on Claude API pricing
Per-user breakdown Token usage grouped by user
Per-session detail Individual session cost and token counts

Cost data is stored alongside the conversation history.

When a billing service is configured (BILLING_SERVICE_URL and BILLING_SERVICE_API_KEY), AI sessions check the organization’s credit balance before starting. If credits are exhausted, the user sees a message to purchase more credits. After each session completes, the estimated cost is deducted from the balance.

When billing is not configured, AI usage is unlimited — cost tracking still records usage for visibility, but no spending limits are enforced.


The aiInputSanitizer service validates all user inputs before they reach the AI agent. This layer prevents prompt injection, command injection, and other adversarial inputs from being passed to AI tool calls.

Sanitization includes:

  • Input length limits
  • Pattern detection for known injection techniques
  • Escaping of shell metacharacters in tool arguments
  • Validation against Zod schemas defined in aiToolSchemas.ts

All rejected inputs are logged in the security event trail accessible via the Risk Engine dashboard.


The AI assistant can query, manage, and operate backups across your fleet. These tools are available in any AI chat session.

Tool Tier Description
query_backups 1 List backup configurations, jobs, and policies
get_backup_status 1 Health summary for a device or organization (active configs, job counts, storage totals)
browse_snapshots 1 List available snapshots for a device with timestamps, sizes, and expiration
trigger_backup 3 Initiate an on-demand backup for a device (requires approval)
restore_snapshot 3 Restore data from a snapshot to a device (requires approval)

See Device Backup for configuration details.


The AI can create and manage security incidents, execute containment actions, and collect forensic evidence.

Tool Tier Description
create_incident 2 Create a new security incident with classification and severity
execute_containment 3 Run a containment action on a device (process kill, network isolation, account disable, USB block)
collect_evidence 2 Collect forensic evidence from a device (logs, processes, connections, screenshots)
get_incident_timeline 1 View the full timeline of an incident
generate_incident_report 1 Generate a structured report with action and evidence summaries

See Incident Response for the full workflow.


The dashboard includes a slide-out documentation panel that opens the correct docs page based on your current location in the app. Open it with Cmd+Shift+H (macOS) or Ctrl+Shift+H (Windows/Linux).

Page you’re on Docs page that opens
Scripts Scripting docs
Patches Patch management docs
Devices Device management docs
Configuration Policies Policy docs

The help panel coordinates with the AI chat sidebar — opening one closes the other. When the AI assistant references documentation in a chat response, the links open directly in the help panel instead of a new browser tab.

The AI assistant can search all documentation pages using the search_documentation tool (Tier 1, auto-execute). The search index is built at compile time and covers all pages in the docs site.

Tool Tier Description
search_documentation 1 Search documentation pages by keyword and return relevant sections with direct links

The AI can list and execute remediation playbooks as part of automated incident response.

Tool Tier Description
list_playbooks 1 List available playbooks, optionally filtered by category
execute_playbook 3 Execute a playbook on a device with runtime variables (requires approval)
get_playbook_history 1 View execution history for a playbook or device

See Playbooks for playbook definitions and step types.


Breeze also provides AI tools for the PSA side of the platform — tickets, invoices, the product catalog, contracts, and quotes:

Tool Description
manage_tickets Full ticket lifecycle: create, comment, assign, update status and fields, link/unlink alerts, create a ticket from an alert, edit/delete comments, track time, and move a ticket between organizations
list_invoices / get_invoice / manage_invoices Browse invoices and manage the invoice lifecycle — drafts, lines, assembling a draft from an organization’s billable period or a ticket, issuing, voiding, payments, and Stripe pay links
search_catalog / get_catalog_item / manage_catalog Search and maintain the partner product catalog, including per-organization price overrides and bundles
lookup_distributor_product Look up live TD SYNNEX price and availability for a distributor SKU that isn’t in your catalog yet — handy when pricing a quote line for a product you don’t stock. Reseller cost is hidden for organization-scoped callers
list_contracts / get_contract / manage_contracts Browse recurring contracts and manage drafts, lines, and lifecycle (activate, pause, resume, cancel)
manage_quotes Build and manage quotes/proposals — drafts, content blocks, lines, sending, declining, and pay links

These tools are currently exposed to external AI clients through the MCP Server, not the built-in assistant chat. Financially binding or high-impact actions — issuing or voiding an invoice, recording or voiding a payment, contract lifecycle changes, sending a quote, and moving a ticket to another organization — are classified Tier 3, so they are gated behind the execute scope and production allowlist rather than auto-executing. See the MCP Server documentation for per-tool tiers, scopes, and required role permissions.


Tier 3 action pending but never executing

Tier 3 actions require manual approval. Open Monitoring → AI Risk Engine → Approval History and approve or reject the pending request.

AI Risk Engine dashboard shows no data

The dashboard requires at least one AI tool execution to have occurred. Ask the AI assistant a question about your fleet to generate initial data.

Fleet Orchestration stat cards showing zeros

Some endpoints (deployments, reports) return empty results if no data exists yet. Cards populate independently — a zero on one card does not indicate a general problem. Partial endpoint failures are shown as warnings in the UI.

Context entries not appearing for a device

The AI loads context only for the specific device you ask about. Try: “What do you know about [hostname]?” to trigger explicit context loading.

set_device_context not working

set_device_context is Tier 2 (auto-execute + audit logged) and requires devices:write permission. Confirm your role includes write access to devices.