AIrOrchestra

Reference Architecture for HVAC AI

Runs on the company's own server. Four constraints wired in: fixed role, fixed source, fixed scope, citation or refusal. Built and run inside one HVAC company.

Read the approach
Context

The structural case for keeping AI inside company constraints

Public AI grew faster than governance. Without architectural constraints around the assistant, leaks recur as operational byproducts.

Three sourced data points and three case studies. They were collected while deciding what to build — they explain why training discipline is not the right layer to enforce information boundaries, and why the architecture has to do that work instead.

By February 2025, TELUS Digital reported that 57% of enterprise employees using generative AI at work had entered sensitive or high-risk information into public assistants. Pew Research (February 2025) and Gallup (December 2025) tracked a fast rise in AI use at work — primarily among white-collar roles. Adoption arrived before policy.

The same period that saw AI adoption outpace governance also saw construction labor productivity stuck at roughly 0.4% annual growth between 2000 and 2022 — against 3.0% in manufacturing over the same window (McKinsey, Reinventing Construction, 2017, US-and-global aggregate).

On the labor-supply side, the AGC 2025 Workforce Survey reports 92% of US construction firms struggle to hire qualified workers (n=1,400; covers general construction, mechanical and HVAC included but not isolated), and ABC's 2026 outlook places roughly 20% of the construction workforce over age 55. The Bureau of Labor Statistics projects about 40,100 HVAC mechanic openings per year through 2034, many of them replacement openings driven by retirement.

The trade-off, named: every number in this paragraph is sector- or industry-aggregate, not isolated to mechanical contractors at a single-firm scale.

In summer 2025, Madhu Gottumukkala, acting director of CISA, uploaded documents marked For Official Use Only into public ChatGPT. The incident was reported in January 2026 by TechCrunch, Ars Technica, and MeriTalk. CISA runs mandatory security training, operates its own DLP, and conducts regular tabletop exercises. If discipline at that level fails under operational pressure, the assumption that an ordinary employee at a company without that infrastructure will hold up does not survive examination. The lesson is not "secure your secrets harder." The lesson is that training and discipline are not the right layer to enforce information boundaries.

That is why the server in this architecture sits in the company's own office, not the vendor's.

Samsung Semiconductor, April 2023

Per Bloomberg coverage, engineers at Samsung Semiconductor uploaded sensitive material into ChatGPT three times in twenty days: source code, a chip-yield optimization test sequence, and an internal meeting transcript. Samsung Semiconductor banned generative AI on company devices.

Cyberhaven Labs, 2023 study, 2024 update

Telemetry from approximately three million workplace endpoints in the 2024 update: about 27.4% of content employees pasted into generative AI tools was classified as confidential by their own DLP rules — up from 11% in the 2023 baseline. Sensitive content sent to AI grew roughly 485% year over year. Client data, source code, regulated personal information, internal documents, healthcare data.

Mercor, September 2025

A widely-reported breach at the AI infrastructure startup Mercor exposed roughly four terabytes of customer data, including source code and contractor-to-AI conversation logs. The case rhymes with the SMACNews August 2025 warning to sheet-metal contractors about “the risk of exposing proprietary fabrication methods, client details, and competitive advantages” through cloud AI use. When the model and corpus run inside the company's own office, the breach surface that took Mercor four terabytes does not exist for that company's data.

SMACNews, August 2025

The Sheet Metal and Air Conditioning Contractors' National Association published “AI in Construction: Navigating Opportunities and Risks for SMACNA Contractors” in its July–August 2025 issue. The piece names cloud AI's risk to contractor businesses in their own register: “exposing proprietary fabrication methods, client details, and competitive advantages.” The architecture's on-premise deployment answers that warning at the topology layer, not the policy layer.

The seven downsides of training are detailed on the Approach page. They share a single conclusion: discipline does not scale uniformly across a workforce. The architecture that scales is the one that does not depend on individual discipline.

Retrieval-grounded generation has matured to the point where citation can be enforced as an architectural gate, not a soft policy. Combined with role-scoped retrieval and explicit refusal paths, this gives a deployable assistant for jobsite work: one whose answer either comes from an approved document with a verifiable citation, or does not come at all.

Corpus depth — the volume of indexed operational record a retrieval layer can search — accumulates at the rate of operational activity. An operation that begins structured capture in 2026 has, in 2030, four years of submittal versions, RFI patterns, scope-change history, foreman-to-PM question traffic, and warranty events. An operation that begins in 2028 has, in 2030, two years.

The asymmetry is permanent. Corpus depth cannot be purchased from a vendor — vendors sell software, not history. It cannot be back-filled by retroactive data ingestion — the questions asked verbally in 2024 were not recorded, and reconstructing them from memory contaminates the record with the same drift the corpus is meant to remove. It cannot be acquired by hiring — the new hire brings their own head; the corpus stays with the previous employer.

The trade-off, named: this is not an argument that the architecture must be adopted on any particular date. It is an observation about what becomes possible later, and when. An operation that begins capture in 2030 has, in 2030, zero years of corpus — and the operation that began in 2026 has four. The earlier-starting operation does not have to be larger or better-funded to hold that asymmetry. It only has to have started.

Small operations moving up-market

A small mechanical contractor today does not bid on hospital MEP packages or large institutional work — bonding multiple, team experience, and documentation depth do not support the move. The architecture changes the documentation-depth axis. By year four of disciplined corpus capture, a small operation has indexed operational record over four years of jobs — frequently deeper than what a mid-market shop carries, because the mid-market shop is still on tribal knowledge. Combined with the selective hire of one experienced commercial PM, that depth supports bonding on mid-size commercial work that crew-count alone would not have unlocked.

Established operations protecting their position

A long-established mechanical contractor with thirty years of history holds the deepest possible tribal-knowledge moat — and, by definition, no corpus, because tribal knowledge does not live in a corpus. If a competitor begins capture in 2026, by 2031 that competitor can answer “every VAV-box callback on commercial jobs since 2018” from indexed retrieval; the established shop cannot answer it without convening forty foremen, half of whom have retired. The architecture is most valuable to the operation with the most institutional memory to lose.

The trade-off, named: years zero through three of corpus discipline produce no retrieval payoff visible from outside the operation. This is the period during which most attempts at this architecture are abandoned, because the value is forward-loaded onto a corpus that does not yet exist. The architecture rewards operations that can absorb three years of capture cost before retrieval starts compounding.

See the full approach →

Sources