AI Assistant · Platform capability

Talk to your building. Get things done.

The Duall Master AI Assistant lets operators ask the system to do things — onboard a new employee, revoke a lost card, invite a visitor for tomorrow — in plain language, with full preview, confirmation, audit, and role-based authority. Every action forwards the operator's JWT, so the AI service holds zero write credentials and never bypasses RBAC.

Speak English or Tiếng Việt today; Korean rolling out across the assistant's domain vocabulary. The assistant understands your building's terms, maps them to the right action, shows you exactly what will change, and waits for your confirm.

Product proof

AI Assistant in the console

Duall Master AI Assistant chat — operator preview before executing an action

Operator prompt

"Onboard Kim Min-jun in the Marketing department and give them access to Floor 3."

→ Preview shown · operator confirms · 2 records created · audit logged.

What makes it different

Search is table stakes. Action is the line.

Most platforms in this space ship some flavor of natural-language search. Duall Master goes further — the same assistant that answers "how many visitors today?" can also onboard the new hire, revoke the lost card, and invite tomorrow's guest.

Pillar 01

It speaks your building's language.

"Access rules" → access groups. "Block someone" → disable user. "Lost badge" → revoke credential. Domain vocabulary ships for English and Vietnamese today; Korean rolling out.

Pillar 02

It can act, not just answer.

Seven shipped action tools today — onboarding, access changes, visitor invitations, credential revocation. Every action goes through explain → preview → execute.

Pillar 03

It can't go rogue.

The AI service holds zero write credentials. Every action forwards the operator's JWT and obeys downstream RBAC. HIGH-risk actions require PIN re-auth.

The three-mode contract

Every action tool answers the same three questions.

Tap any layer to see how it helps a buyer evaluate the platform.

Step 01

Signal

Doors, visitors, cameras, intercoms, parking, and devices generate live operational signals instead of isolated alerts.

01Signal

Doors, visitors, cameras, intercoms, parking, and devices generate live operational signals instead of isolated alerts.

02Context

Each signal becomes useful because operator, person, role, site, zone, policy, and related module records are shown together.

03Action

Teams approve, deny, review, escalate, annotate, or link evidence without leaving the command surface.

04Audit

Every decision keeps the who, what, when, why, and related evidence needed for handoff, reporting, and investigation.

Operators always know what the assistant is about to do. Nothing is committed without an explicit confirm — and HIGH-risk actions add a PIN re-auth gate.

Multilingual by design

One assistant. Operator language, native vocabulary.

Operators in different regions run the same workflow in their own language. The vocabulary mapping is shared, so "access rules" and "quy tắc truy cập" both resolve to access groups. Korean domain vocabulary is rolling out next, alongside the wider EN+VI+KO product UI.

English

"How do I block someone who left the company?"

→ Maps to disable_user · preview shows scope · operator confirms with PIN.

Tiếng Việt

"Chặn user An Nguyễn vì đã nghỉ việc."

→ Maps to disable_user · preview shows scope · operator confirms with PIN.

The action catalog

Seven actions shipped today.

We grow this list deliberately — every new action goes through a security review, gets a risk tier, and ships with the same preview / confirm / audit contract.

Each tool is a self-contained capability that can be called by the assistant when the operator's request matches it. The assistant never invents an action — it picks from this catalog.

Standard · operator confirms

Create access group

Spin up a new group, attach access points, and assign it — in one confirmed step.

Assign user to access group

Batch-add people to a group with optional effective dates. Names resolve against the live tenant.

Create user

Onboard a person, optionally auto-creating their login account and sending the welcome email.

Create visitor invitation

Schedule a visit with host, purpose, and arrival time. Sends the QR if the guest has email.

Onboard employee (composite)

Chain create_user + assign-to-group(s) in one confirm. Aborts cleanly if any group ref is wrong.

HIGH-risk · confirm with PIN

Revoke credential

PIN required

Hard-delete one card, face, fingerprint, PIN, or QR. Lists the user's other credentials before confirming.

Disable user

PIN required

Block all access for one user across every credential and every device. The "they left the company" button.

Roadmap (planned): door unlock with proposal pattern · lock-down · emergency activation · attendance adjustment · shift assignment · custom-per-tenant composites.

Beyond action

The assistant also answers, summarizes, and investigates.

Action tools sit on top of a read layer that already handles the questions operators ask every day.

Ask

How many visitors today? Which devices are offline right now? Who entered Floor 3 in the last hour?

Summarize

Incident summaries and shift handoff drafts grounded in permissioned system records.

Find

Find user by name across the tenant. Find zone by location. Find door by partial match.

Investigate

Recent access events, attendance summaries today, parking occupancy, active emergencies.

Disambiguate

When a name matches two people, the assistant asks — it never silently picks.

Stay grounded

Answers come from tool results, not from the model's memory. If we don't have the data, the assistant says so.

Safety + governance

Helpful — but never reckless.

We took the constraints seriously. The assistant is designed so that a perfectly-jailbroken model would still be unable to take an unsanctioned action against your tenant.

Assistive, not autonomous

The assistant never executes a write without a human confirm in the UI.

Zero write credentials

The AI service holds no service-account tokens — every write forwards the operator's JWT.

Downstream RBAC is the authority

The same role + scope rules that govern manual operations govern AI-driven ones.

Every action audited

Both the preview and the execute land in the audit log under the operator's identity.

HIGH-risk needs PIN

Destructive actions (revoke credential, disable user) render a PIN re-auth modal on the confirm step — session login alone is not enough.

Data residency enforced

Cloud LLM profiles are refused in production tenants that require on-prem inference.

Bring your own intelligence

Cloud LLM, self-hosted LLM, or no LLM at all.

The assistant is provider-agnostic. Tenants choose their inference posture based on data-residency requirements — and Duall Master refuses to start with a cloud LLM in a production tenant that's policy-bound to on-prem.

Cloud

Anthropic Claude

Default for the operator console. Strongest reasoning for ambiguous requests.

Self-hosted

Ollama

For tenants that must keep all inference inside the data center.

Sandbox

Mock provider

For CI, integration tests, and rehearsal environments.

Platform-wide reach

One assistant. Every module.

The AI Assistant isn't a module — it's a capability layer that already touches access control, visitor management, identity, attendance, parking, video, and intercom. New modules inherit it automatically.

Access Control — create groups, assign users, revoke credentials

Visitor Management — schedule visits, resolve hosts, send QR invitations

Identity — onboard people, set departments, disable accounts

Attendance — query daily records, summarize shift exceptions

Parking — check occupancy, look up vehicles, summarize sessions

Video — find clips by access event, summarize incident context

Next step

See the AI Assistant in action

Walk through the seven action tools and the explain → preview → execute contract on a sandbox tenant with the Duall Master team — your own questions, your own building vocabulary.

Book a demo See the action catalog