Intelligent iT
Intelligent IT/AiTBMS
Building Intelligence
OverviewDemoLL97EnergyEquipmentFaultsTenantsInsightsAssistantDocsPricingSettings
Intelligent Group
Intelligent Group
AiTBMS
  • Getting Started
  • Overview
  • ✨ Demo
  • LL97
  • Energy
  • Equipment
  • Faults
  • Tenants
  • Insights
  • Assistant
  • Docs
  • Pricing
  • Settings
Building Intelligence
Sign in
← Back to overview
How AiTBMS works

Cloud-to-controller, without firewall changes.

AiTBMS is a vendor-agnostic building intelligence platform. The cloud handles AI sequencing, multi-tenant dashboards, and audit. A small Windows edge agent runs inside your LAN, talks outbound HTTPS to the cloud, and speaks BACnet/IP, WebCTRL SOAP, and Niagara to your existing equipment. Every AI-issued setpoint write is gated by a 4-tier authority model.

System diagram

AiTBMS CloudVercel (Next.js 16) · Supabase Postgres + RLSAI sequence engine · multi-tenant dashboards · audit log · billingChannel → Org → Site isolation enforced at every queryHTTPS:443 outbound onlyno inbound firewall holes · no VPNCUSTOMER LANEdge agentWindows service · auto-startBACnet/IP discoveryWebCTRL SOAP · Niagara oBIXsequence cache · SQLite buffersigned command verifierLocal web UIhttp://<agent-ip>:8080live BACnet valueshand-staged commandsworks during cloud outageread-only by defaultBACnet/IP UDP 47808LAN-only · never crosses the firewallBUILDING EQUIPMENTChillerCarrierBACnet/IPAHUTraneBACnet/IPVAVJCIBACnet/IPBoilerCleaver-BrooksBACnet/IPJACETridiumBACnet/IP

Brand-green arrows = active control flow. Gray, dashed boundaries = LAN segment.

4-tier control authority

Every deployment starts at Tier 1. Operators graduate the system tier-by-tier as confidence grows. Tiers 3+ require UL 916 listing in production.

1
Available
Tier 1 — Advisory

AiTBMS observes and recommends. Every action is a suggestion an operator must read, evaluate, and execute by hand inside the building's existing BMS.

2
Available
Tier 2 — Human-approve

AI generates the exact setpoint write. The command sits in a queue at /control until a named operator clicks Approve. The edge agent then executes it.

3
Demo onlyProduction rollout requires UL 916 listing — targeted 2026 H2.
Tier 3 — Supervised auto

AiTBMS executes within a pre-defined envelope (setpoint band, time window, equipment whitelist). Every write is logged; operators can revoke at any time.

4
Demo onlyProduction rollout requires UL 916 listing — targeted 2026 H2.
Tier 4 — Full auto

AI optimizes continuously across the whole site — chiller staging, AHU resets, demand response — without per-action human review. Reserved for vetted sequences.

See Tier-gated Control Authority for the full spec.

Why this design

Why this is safe

  • Outbound HTTPS only — no inbound firewall holes, no VPN, no port-forwarding.
  • Per-tenant Postgres RLS — every query is scoped by Channel → Org → Site.
  • Every AI-issued setpoint write is signed, audit-logged, and replayable for 7 years.
  • Edge agent buffers locally and operates the building if the cloud goes dark.

Why this scales

  • Multi-tenant by design — Channel partner, end-customer Org, and per-Site isolation in one schema.
  • Per-vendor adapter contract — WebCTRL SOAP, BACnet/IP, Niagara Fox, Modbus TCP, REST/OpenAPI.
  • 4-tier authority lets the AI take over more autonomy as confidence grows, without re-architecting.
  • Cloud Run + Vercel scale horizontally; one edge agent serves an entire building.

What's next on the roadmap

  • BACnet/IP writeback (Phase G2.5) — in progress; PR #46 closes the supervised-auto loop.
  • UL 916 listing (Tier 3+ production gate) — targeted 2026 H2 with an accredited NRTL.
  • Niagara FOX writeback adapter — pending Tridium developer-program enrollment.
  • Edge agent on Linux + ARM (rooftop gateway form-factor) — Q4 2026.
Watch one round trip →

Animated walkthrough of a Tier-2 command: AI emits → operator approves → edge writes to chiller → ack returns → audit logged. 6-second loop.

/architecture/data-flow

Frequently asked

Does this work behind my firewall?

Yes. The edge agent makes outbound HTTPS:443 calls only — it long-polls the cloud for commands and pushes telemetry back. No inbound rules, no VPN, no port-forwarding required. Most IT teams ship it in under a day.

What if the cloud is down?

The edge agent keeps running. It caches the active sequence locally, continues to read BACnet/IP devices, and exposes a local web UI (http://<agent-ip>:8080) so operators can read live values and execute hand-staged commands during an outage. When the cloud comes back, buffered telemetry replays.

Can AI change my setpoints autonomously?

Only if you explicitly graduate the system to Tier 3 (supervised auto) or Tier 4 (full auto). All deployments start at Tier 1 (advisory) and Tier 2 (human-approve). Tiers 3+ require UL 916 listing in production, which we're pursuing for 2026 H2 — they are demo-only today.

Which vendors are supported?

Today: Automated Logic WebCTRL (SOAP), Tridium Niagara N4/AX (Fox + oBIX read), native BACnet/IP, Modbus TCP/RTU, and any REST/OpenAPI gateway. Roadmap: JCI Metasys, Siemens Desigo CC, Honeywell EBI/WEBs-AX, Niagara FOX writeback. The adapter contract is small enough that any vendor with a public spec can be added in a sprint.

Can I run this without WebCTRL?

Yes. WebCTRL is one of five adapters; if your building runs Niagara, native BACnet/IP, Modbus, or a REST gateway, AiTBMS reads it directly. WebCTRL is Automated Logic's trademark and AiTBMS is a complement, not a replacement.

See it run on a real building.

Intelligent Group HQ Tower — 45,000 sqft, NYC LL97, live trend data flowing through the edge agent right now.

See it live →

Request a demo

Tell us about your portfolio. We will set up a live walkthrough against a real building.

We will only use this to follow up. No newsletter, no third-party sharing.

Or email us directly: sales@intelligentit.io

Intelligent iT© 2026 Intelligent Group (DBA Intelligent IT) · AiTBMS · All rights reserved.
PricingBook a walkthroughsales@intelligentit.io