Architecture That Earned Its Scars

The old paradigm is out. The new paradigm is AI. AI automation is InTouch AI — and AI is the architecture, not a feature bolted on after the fact. The vault, the connectors, the scheduling, the RBAC, the audit all sit behind the intelligence. Modern framework. Defense-in-depth security. Design patterns hardened in Fortune 500 production for 25+ years. The scripts-and-cron stack can't match it — and neither can a config-era platform that tried to staple AI onto its side. You can't bolt on a center.

Modern Application Framework

AI is the center. This is what sits behind it. InTouch AI runs on Micronaut — the framework cloud-native platforms reach for when performance, security, and scale aren't negotiable. A general AI-native engine on a foundation this solid can do what any specialized config-era tool does; the reverse is impossible — a specialized tool can't grow an AI core.

Micronaut 4.x

Modern JVM framework with compile-time dependency injection. No reflection, no runtime proxies, no classpath scanning. Fast startup, low memory footprint, predictable behavior.

Compile-Time DI

Dependency injection resolved at compile time, not runtime. Entire classes of runtime errors are gone before the server ever starts. Smaller attack surface. Ahead-of-time (AOT) compilation.

Runs Anywhere

Single JAR, standard JVM 17+. Sub-second startup, minimal memory. Runs on everything from a developer laptop to enterprise data center servers — Linux, Windows, macOS, ARM.

OpenAPI 3.0

Complete API specification auto-generated from code annotations. Integrated Swagger UI for live API testing. Auto-generated client SDKs for any language.

Reactive & Non-Blocking

Built on Jetty — the battle-tested HTTP engine behind Eclipse, Jenkins, and Google App Engine. Reliable, proven, handles thousands of concurrent API requests and tool executions.

Platform Independence

Pure Java application runs anywhere the JVM runs — Linux, Windows, macOS, ARM, x86. No native dependencies, no OS-specific installation procedures.

Defense-in-Depth Security

Security is a layer in every layer — not a checkbox bolted on after the breach. Built in from the first line of code. The credential vault is the trust floor: AES-256, referenced by name, never written into a script, never exposed to a tool author — and never exposed even to the AI itself. The intelligence sits at the center and still cannot see the secret.

Credential Management

  • AES-256 encryption for all stored credentials
  • Centralized credential vault — no passwords in scripts, config files, or environment variables
  • CyberArk integration — enterprise privileged access management (Department & Enterprise editions)
  • Connection-level security — credentials never exposed to tool authors
  • Encrypted at rest and in transit — credentials never stored in plaintext anywhere

Access Control

  • Role-Based Access Control (RBAC) — granular permissions by role, project, and object
  • LDAP / Active Directory — enterprise identity provider integration
  • Session-based authentication — secure token management with automatic expiration
  • Object-level security — control access to individual jobs, connections, and projects
  • Full audit trail — every action logged with user, timestamp, and detail

REST API Architecture

The InTouch REST API isn't a wrapper around an internal interface — it is the interface. The same API that drives the web UI drives every external integration. Full feature parity, no second-class door.

Endpoints
413 across 26 domains
Specification
OpenAPI 3.0 compliant
Documentation
Integrated Swagger UI
Authentication
Session-based with RBAC
Formats
JSON request/response
MCP Server
367 tools for Claude Code

API-First Design

Every capability is reachable through the REST API. Nothing is locked behind the UI. That opens:

  • Self-service automation portals
  • CI/CD pipeline integration
  • Cloud function triggers (AWS Lambda, Azure Functions)
  • Custom monitoring dashboards
  • Mobile application integration
  • Natural language automation via MCP

View API Technical Reference

Intelligent Orchestration Engine

This is the contract, now intelligent. Tell it what to do, when to do it, what to do when it works, what to do when it doesn't, and who to notify. The "doesn't work" clause stopped being a dumb rule — retry N times, email a log — and became an assessment: it reads the failure, knows why, smart-retries, refreshes an expired token, surfaces the one sentence that matters. And you ride the determinism dial: pure AI when you're exploring, fully deterministic when you're not. Graduate any workflow to zero-AI-cost, identical-every-time, fully-audited as it earns your trust. Nobody else gives you the dial.

Hierarchical Organization

Project > Jobset > Job > Tools — a clean organizational model that scales from single-user automation to enterprise-wide deployment with thousands of jobs.

Multi-Type Tool Sequences

One job, many tool types — SQL extraction, DataFrame transformation, Claude analysis, FTP distribution — chained in sequence with error handling baked in. You describe the pipeline; it runs the pipeline.

Flexible Triggering

7 native schedule types (day, week, weekday, weekend, month/specific, month/relative, custom), file-based triggers (detect new files), event-driven triggers, ad-hoc OneShot runs (REST API or UI with parameter overrides), and condition-driven Monitors (YAML schedule + check + when arms; fires actions on match).

Mutual Exclusion

No two jobs maul the same resource at once. A job already running against a database or cube makes the next one wait its turn — automatically. No race conditions. No corrupted data. No 2 a.m. forensics.

Chase-Its-Tail Mode

Finish, restart, repeat — instantly. Burn through incoming work as fast as it arrives, with zero idle time between cycles.

Multi-Channel Notifications & Alerts

Eight outbound delivery channels: Email (SMTP), Slack, Discord, Telegram, SMS (Twilio/Telnyx/Plivo), WhatsApp, Teams, and LINE. Per-job notifications plus standalone alerts linked to triggers. Same credential vault, same audit log, same RBAC across every channel.

The Cost of DIY Automation

You wrote the scripts. You scheduled them. You read the logs and fixed them yourself. That era is over — and here's the bill it left behind. Under the new paradigm you describe intent; you don't hand-wire failure modes. And when you didn't write it line-by-line, you can't debug it line-by-line either — so InTouch AI reads the failure for you: "It broke. Here's why. I fixed it." No script-and-cron stack can say that sentence.

The DIY Scripts Approach

Shell scripts, Python scripts, cron jobs, Jenkins pipelines. It feels simple on day one. By year three it's a liability nobody understands and everybody's afraid to touch — more dangerous and more expensive every quarter.

ConcernDIY ScriptsInTouch AI
Credentials Plaintext passwords in scripts, config files, environment variables, or .env files. Committed to git repos. Visible to anyone with server access. One breach exposes everything. AES-256 encrypted vault. CyberArk integration. Credentials never exposed to tool authors. Never in plaintext anywhere on disk.
Access Control Linux file permissions at best. Anyone with server SSH access can read, modify, or delete any script. No per-job or per-resource permissions. Full RBAC with roles, object-level permissions, LDAP/Active Directory integration. Granular control over who can see, edit, or execute each job.
Error Handling Silent failures. Scripts exit with errors that nobody sees. Failures discovered hours or days later — or not at all. Immediate notification via email, SMS, or Slack. Automatic retry. Complete execution logs with timestamps. Live monitoring dashboard (Enterprise).
Audit Trail None. No record of who ran what, when, or what changed. Compliance auditors have nothing to review. Complete audit trail of every execution, every configuration change, every user action. Timestamped and attributable.
Knowledge Transfer Tribal knowledge. Undocumented scripts written by employees who have left. No one knows what they do, but everyone is afraid to touch them. Self-documenting job definitions with descriptions. Visual job hierarchy. Any administrator can understand and manage any workflow.
Dependency Management Python version conflicts. pip vs conda. Node version mismatches. "Works on my machine." Production breaks after OS updates. Self-contained Java application. Automatic Maven dependency resolution for DataFrame tool runs. No external runtime dependencies.
Scheduling Schedule files scattered across servers. No dependency chains. No visual schedule overview. No way to pause and resume. Visual scheduler with dependency chains, file triggers, event triggers, condition-driven Monitors, and OneShot ad-hoc runs with parameter overrides.
Scalability Each new automation is another script, another scheduled script, another thing to maintain. Linear growth in operational burden. Add new jobs through the UI or API. Same management overhead whether you have 10 jobs or 10,000.
AI Integration Write custom code for every AI API call. Manage API keys in environment variables. No error handling, no retry, no logging. 7 native AI tools. Scheduled, triggered, monitored, and error-handled. API keys in encrypted vault. Condition-driven Monitors and autonomous agents.

Security Risks of DIY Automation

The Plaintext Password Problem

A 2023 GitGuardian report found 10 million secrets leaked in public GitHub repositories in a single year. Enterprise private repos are no better — database passwords in shell scripts, API keys in Python files, connection strings in .env files.

One compromised server, one careless git push, one backup tape — and every credential in every script is exposed. With InTouch AI, credentials exist only in the AES-256 encrypted vault and are never accessible in plaintext, even to server administrators.

The Silent Failure Problem

The DIY error-handling model is the same one shell scripts have always had — fail silently, write to a log nobody reads, and hope. In practice, this means:

  • Root's mailbox overflows and emails are silently discarded
  • Scripts that exit with errors produce no notification
  • Partial failures (3 of 5 steps succeed) go completely undetected
  • Nobody knows a job failed until a downstream consumer complains
  • By then, data integrity may be irreparably compromised

InTouch AI provides immediate notification on any failure, with complete execution logs showing exactly what happened, when, and why.

InTouch AI vs. General-Purpose Tools

Jenkins, Airflow, and other pipeline tools are designed for software developers building CI/CD pipelines — not for business users automating enterprise processes. They're config-era engines. They can wire a plugin to call an AI API; they cannot make AI the architecture, because AI can't be bolted on — there's no center to staple it to. A general AI-native engine eats what these specialized tools do; they can never grow an AI core to return the favor.

RequirementJenkins / AirflowInTouch AI
Setup Complexity Requires DevOps expertise. Python DAGs (Airflow) or Groovy pipelines (Jenkins). Plugin ecosystem with version conflicts. Single Java application. Configure through web UI or REST API. No coding required for standard automation.
Enterprise Systems No native Essbase, TM1, or JDE tools. Must write custom integrations from scratch. Purpose-built tools for Essbase (9 operations), TM1 (fanatical session management), and JDE with extensive production hardening.
Database Operations Generic database hooks. No proprietary batching. No SQL Stream. No visual query building. 5 SQL operation types with 1000X faster imports. Direct database-to-database streaming. 14+ database support.
AI Integration Third-party plugins or custom Python code. No native AI tools. No condition-driven monitors. No autonomous agents. 17 native AI task types across 9 providers. Condition-driven Monitors. Autonomous Claude Agent. 367-tool MCP server. Built-in AI assistant.
Target Users Software engineers and DevOps teams Business users, DBAs, analysts, IT operations — plus developers via API
Operational Model Requires dedicated team to maintain infrastructure, update plugins, manage dependencies. Self-contained application. Updates are a single file replacement. Minimal operational overhead.

Technical Specifications

Application Framework
Micronaut 4.7.6 with compile-time DI (KSP)
Runtime
Java 17+ (any JVM); Kotlin 1.9.25
HTTP Server
Jetty (battle-tested, reliable)
API Specification
OpenAPI 3.0 with Swagger UI
Encryption
AES-256 for credentials at rest
Authentication
Session-based, LDAP, Active Directory
Authorization
RBAC with object-level permissions
Credential Vault
Built-in + CyberArk integration
Database Support
MySQL, MariaDB, Oracle, PostgreSQL, SQL Server, DB2, Firebird, Cloud Spanner, Informix, Derby, H2, SQLite, Sybase, Cassandra
Supported Platforms
Linux, Windows, macOS, ARM, x86 — anywhere Java runs
Minimum Hardware
2 vCPU, 2 GB RAM — any JVM 17+ host
Availability
Single active instance with an external production database; fast restart, with warm standby for HA. No active-active clustering.
Tools
60+ built-in tools — compiled JAR plugins, core tools, and YAML tools, all hot-reloadable without a server restart.
AI Providers
Anthropic Claude, OpenAI, Mistral, Groq, DeepSeek, xAI, Google Gemini, Ollama (8 native — all editions). Hugging Face as a 9th, job-only.
Skills
Native InTouch AI skills (SKILL.md) + 5,000+ OpenClaw skills from upstream ClawHub (auto-install on first use, converted to deterministic YAML)
Outbound Notifications
8 outbound delivery channels: Email (SMTP), Slack, Discord, Telegram, SMS (Twilio/Telnyx/Plivo), WhatsApp, Teams, LINE.
REST API
413 endpoints, 26 functional domains
MCP Server
367 tools for Claude Code integration
Editions
Personal (free), Team, Department, Enterprise

Enterprise Architecture Without the Enterprise Price Tag

The new paradigm is AI — and it was production-hardened before "AI automation" was a phrase. Self-hosted from laptop to enterprise. RBAC, encrypted credentials, LDAP/CyberArk, full audit. Start free with the Personal edition. Scale to Enterprise when you need RBAC, LDAP, and live monitoring.

Contact Blue Isle Software Compare Editions