AI Assistant & Wizards
The Mirox platform includes a built-in AI assistant you can chat with about your plants, plus a set of guided wizards that carry out concrete work for you — onboarding a new plant from its paperwork, verifying plant information, sorting and tagging files, and proposing a safe fix for a misbehaving plant VPN. Your organization stays in control of which AI provider is used and can see exactly how the assistant is being used and what it costs.
Concept
The AI features come in two complementary shapes:
- The chat assistant is conversational. You ask questions, it answers, and — when you allow it — it uses the same tools and data you already have access to. It is a companion for everyday work: understanding a plant's state, finding the right setting, or drafting a follow-up.
- The wizards are agentic. Instead of just answering, a wizard runs a short, supervised workflow toward a specific outcome and proposes the resulting changes for you to review and accept. Each wizard run keeps its full reasoning transcript so you can see exactly how it reached its proposals.
Everything the assistant does respects your existing permission system: the AI only ever sees and changes what you yourself are allowed to see and change. Cross-plant access through cooperations is honored just as it is everywhere else in the platform.
Info
The AI assistant and the wizards are the user-facing surface for working with AI inside the platform. For programmatic access to your data from your own scripts, use a scoped API token with the metrics export API and MiroxQL.
The Chat Assistant
Conversations
Each user has their own private conversations. You can create a new chat, rename it, browse your history, and delete conversations you no longer need. Conversations are personal to you — other members of your organization do not see your chats.
After your first exchange, the assistant automatically gives the conversation a meaningful title so your history stays easy to scan, without you having to name every chat by hand.
Transparency
You can control how much of the assistant's "thinking" you see. Three preferences are yours to set:
- Reasoning — show or hide the model's chain-of-thought as it works through an answer.
- Tool calls — show or hide the individual actions the assistant takes on your behalf (looking something up, fetching a value), so you can verify what it actually did.
- Per-turn statistics — show or hide timing and token figures for each response.
These are personal display preferences; turning them off keeps the conversation uncluttered, while turning them on gives you full insight into how an answer was produced.
Attachments
You can attach files to a conversation — a datasheet, a screenshot, a document — and ask the assistant about them. Attachments are stored securely and tied to your conversation.
Your Usage at a Glance
You can see your own AI usage for any time window: how many requests you made, how many tokens went in and out, and the resulting spend. This keeps the cost of the assistant transparent at the individual level.
Tips
A bulk cleanup is available: you can clear all of your own chat conversations and their attachments in one step. This only removes the chats you started yourself — it leaves any wizard-driven runs in your history untouched.
Wizards
A wizard is a guided, AI-driven workflow aimed at a single concrete outcome. You start a run, optionally provide source documents, and let it work. The wizard then either proposes a set of changes for you to review — accept or reject each one, or accept them all at once — or produces one structured result it applies for you. Throughout, a live transcript shows you what the AI is doing, and you can cancel a run at any time.
Every wizard run is preserved after it finishes, not just shown live. Each run keeps its complete reasoning transcript together with every action it proposed and the decision you made on each one, so you can return later and review exactly what the AI did and what you approved. Automated, agent-driven flows run as wizards too — so there is no AI activity without a reviewable record.
The platform currently offers five wizards you can start yourself:
| Wizard | What it does | Documents needed |
|---|---|---|
| Onboard a New Park | Reads one or more source documents, extracts the plant's metadata, and proposes the actions to create and fill in the new plant — which you review before applying. | Yes |
| Verify Park Information | Reads a plant's already-uploaded documents and proposes metadata corrections (basics, dates, business details, components, contacts) wherever the documents support a value. | No |
| Upload File | Analyzes the files you upload, then tags and sorts them into document storage so they are easy to find again later. | Yes |
| VPN Auto-Heal | Analyzes a direct plant VPN's recent connection logs and proposes a safe configuration fix — it never regenerates keys or certificates. | No |
| Auto-Tag a File | Takes a file already in your document storage and derives its category, a short summary, and keywords from its content. | No |
Review Before It Counts
The wizards that change your data work in propose-then-apply style: nothing is written until you approve it. You stay the decision-maker — the AI only does the preparation and suggests the result.
Reviewing AI Work in the Audit Trail
Some automated AI work runs on your behalf in the background rather than as a wizard you start — most notably the short activity summaries you see on browser-proxy sessions. You do not launch these directly; they appear as part of the access audit trail. The wizard list above covers everything you start yourself.
Organization AI Configuration
Your organization decides which AI provider powers the assistant for everyone in it. An organization administrator can:
- Choose the provider and model. Select between supported providers and pin a specific model, or leave the model blank to use the provider's default. Changing the provider resets any pinned model.
- Provide the organization's own API key. Store your organization's provider key securely so the assistant runs on your own AI account. The key is stored encrypted; if your organization uses Mirox's built-in model service, no key is required.
- Reset the configuration. Clear the AI settings to return to the platform default.
These settings apply to every member of the organization, so the choice of provider, model, and account is made once, centrally.
Administrator-Only
Setting the AI provider, model, and key is reserved for organization administrators. Regular members use the assistant under the configuration the administrator has chosen — they do not see or change the key.
Organization Usage Overview
Administrators also get an organization-wide view of how the AI is being used over any time window:
- Total successful and failed requests, input/output tokens, and spend.
- The top members by usage and spend.
- The top plants by usage and spend.
- The total number of conversations across all members.
This makes it easy to understand adoption and keep AI cost predictable across the whole organization. An administrator can also clear every member's chat conversations from the organization's AI settings view when needed.
Where Your Data Goes
By default the assistant runs on the Mirox AI infrastructure: models hosted on Mirox-operated infrastructure in Germany (EU). This is a fixed, off-the-shelf model that is never trained or fine-tuned on your data. When the assistant gets more capable over time, that comes from better platform integration — new tools and tighter data access — not from learning on anything you do. Using the Mirox AI infrastructure is included in your plan.
An organization may instead configure an external provider (OpenAI or Anthropic) with its own API key. When you do, the content of your requests goes to that provider and is handled under that provider's own terms, and your organization pays that provider's token usage separately, in addition to your Mirox plan. Mirox does not make any guarantees about how an external provider retains or uses request data — that is governed by your agreement with them.
| Mirox AI infrastructure (default) | External provider (OpenAI / Anthropic) | |
|---|---|---|
| Where requests are processed | Mirox-operated infrastructure in Germany (EU) | The provider's own infrastructure, under its terms |
| Training on your data | Never — fixed, off-the-shelf model | Governed by your agreement with the provider |
| Cost | Included in your plan | Paid to the provider per token, on top of your plan |
| Who configures it | — | Organization Administrator (provider, model, key) |
Switching between providers does not change what the assistant can do. Every AI feature — chat, wizards, and external agents — runs through the same platform capability layer, so the choice of provider only changes where requests are processed, never which features are available.
What the AI Can Never Do
For a plant operator weighing whether remote AI is safe, the limits matter as much as the features. By design, the assistant cannot:
- Send commands to plant equipment. It has no capability to operate or control inverters, PLC/SPS controllers, network switches, routers, or dataloggers. Its capability catalog contains read tools and propose-only draft tools — there is no field-device command tool anywhere in it.
- Connect to your plant network. The AI never opens a connection into a plant's local network. It only reads data the platform has already collected and stored.
- See keys, credentials, or secrets. VPN keys, certificates, pre-shared keys, API tokens, and passwords are never exposed to the model. The VPN Auto-Heal wizard, for example, proposes a configuration correction without ever seeing the underlying keys.
- Write anything without your approval. Every data change is staged as a proposal and applied only after you explicitly accept it (see Wizards).
- Exceed your own permissions. The AI inherits your exact access. It can never reach a plant, portfolio, document, or organization you yourself are not authorized for — and never another customer's data.
Where AI Is Used in Mirox
Mirox uses AI in a few distinct places. The table below is the complete inventory, marking which are something you start and which run automatically. The automatic ones only enrich metadata — they never change your records' substance — and what they did is visible afterwards in the relevant history or audit trail.
| Surface | How it runs | What it does |
|---|---|---|
| Chat assistant | You start it | Conversational help across your data, within your permissions. |
| Guided wizards | You start it | Multi-step workflows that propose changes for your review (onboarding, verification, file sorting, VPN auto-heal). |
| External AI tools (MCP) | You start it | Your own AI client, connected with your token, working under your permissions — see Agentic Access (MCP). |
| File auto-tagging | Automatic | Derives a category, summary, and keywords for a newly uploaded document; visible in the file's history. |
| Access-session summaries | Automatic | Writes a short, plain-language summary of a browser-proxy access session; visible in the audit trail. |
| Device identification | Automatic | Helps label devices found during network discovery from packaged fingerprint evidence; it receives evidence, not live network access. |
The automatic helpers are non-destructive: they add descriptive metadata so things are easier to find and review later. None of them issues commands, opens connections, or changes a record's core data.
Security and Control
- Same permissions as you. The assistant and the wizards operate strictly within your own access rights. They can read and change only the plants, portfolios, and documents you are authorized for, and cooperations are honored exactly as elsewhere.
- You approve changes. Wizards that modify data propose their work for your review; nothing is written without your acceptance.
- Personal by default. Your conversations are private to you. The organization-wide views show usage figures and let an administrator wipe chats — they are not a window into the content of other people's conversations from the everyday chat surface.
- Encrypted keys. The organization's AI provider key is stored encrypted and is never exposed back to members.
Restricting the AI
There is no separate "AI off" switch, and there does not need to be: the AI has no access of its own. It only ever borrows the permissions of the person using it. That means you restrict the AI by restricting the person — narrow a user's organization role or per-plant job roles, pause their membership, or set an account to External with no default access, and the AI follows the same limits the moment they take effect. The mechanics are exactly those of the permission system and member permissions. At the organization level, an administrator can also decline to configure an external provider, in which case requests only ever reach the Mirox AI infrastructure.
What It Costs
Using the Mirox AI infrastructure is included in your plan — there is no separate AI charge for it. If your organization configures its own external provider (OpenAI or Anthropic), that provider's token usage is billed to your organization separately, on top of your Mirox plan. The usage views above make spend visible either way, per member and per plant.
Related Features
- Agentic Access (MCP) — connect your own external AI agent under your exact permissions, using the same tools the assistant uses
- API Tokens — scoped, revocable credentials for programmatic access to reporting and time-series data
- Permission System — the roles and cooperations that bound everything the assistant can see and do
- Audit Logging — where automated AI activity summaries surface alongside VPN and proxy access records
- Onboarding — the onboarding checklist where the park-onboarding wizard fits in
- Resources — document storage, which the file wizards tag and organize for you
- AI FAQ — common questions about AI safety, data handling, and control