Skip to content

Box AI Integration

Jump to bottom
mrdulasolutions edited this page May 25, 2026 · 1 revision

Box AI Integration

The cloud plugin leverages Box AI across multiple skills. This page maps the Box AI surface to the plugin's integration points.

Box AI endpoints used

Box endpoint Used by Purpose
/2.0/ai/ask (multi-doc mode) box-ai-recall Q&A across up to 25 files
/2.0/ai/ask (Hubs mode) box-ai-recall Q&A across up to 20,000 files (Enterprise Plus)
/2.0/ai/extract_structured box-ai-extract, box-companion OCR + schema-driven extraction
/2.0/ai_agents (create/invoke) box-ai-agent Persistent AI Studio agents (Enterprise Advanced)
/2.0/ai/text_gen (not used in v0.1.0 — possible future addition) Generate/refine text

Opt-in flags

All Box AI features default to off in _box-memory.json.settings:

settings:
  ai_recall_enabled: false       # /box-ai-recall
  ai_extract_enabled: false      # /box-ai-extract + /box-companion Path A
  ai_studio_agent_enabled: false # /box-ai-agent
  ai_model: null                 # null = let Box pick (default GPT-5 mini)

Explicit opt-in keeps AI Unit costs bounded — see Box AI Units.

Models available

Per Box's AI models catalog:

  • OpenAI GPT-5 series (mini is default as of 2026)
  • Anthropic Claude Opus / Sonnet / Haiku 4.6
  • Google Gemini 3 (Flash / Pro)
  • Meta Llama 4
  • Mistral

Set settings.ai_model to override the default. Useful for cost / quality / latency tuning.

Citations

All Box AI calls in this plugin pass include_citations: true (Ask) or include_reference: true (Extract Structured, March 2026+ Box update). Citations are surfaced in skill output and stored in companion frontmatter for traceability.

What Box AI does better than we do

  • OCR on PDFs / TIFF / PNG / JPEG — Extract Structured runs OCR automatically. Without Box AI, our companion generator falls back to "couldn't parse this format" stubs.
  • Long-document chunking with embeddings — Box handles >1 MB files via automatic embeddings + chunking. We don't replicate.
  • Multi-document Q&A — Box's /ai/ask handles up to 25 files in one call. Hub mode scales to 20k.
  • Reference / citation tracking — Box returns where in the source doc each answer came from.

What Box AI doesn't do (and we don't try to)

  • Real-time / streaming responses (Box AI is request/response)
  • Cross-tenant knowledge (each user's calls are scoped to their account)
  • Training on customer data — Box explicitly does not train on your content
  • Raw embeddings as a separate endpoint — Box manages the vector store; you use the AI endpoints as the productized form

Trust boundary

Box AI is server-side. Your prompts (which include memory content) leave the device to Box's LLM infrastructure. This is fine for most use cases but matters for compliance:

Regulation Box AI compliance posture
HIPAA Box AI confirmed in HIPAA BAA scope on Enterprise+
FedRAMP Moderate Box AI is FedRAMP Moderate authorized in GovCloud
FedRAMP High Box AI is FedRAMP High authorized in GovCloud (Jan 2025)

If you need air-gap (no outbound calls to Box from the agent runtime), use the on-prem variant which has zero Box AI access.

AI Unit cost model

Each AI call consumes AI Units. Per-plan allocations (Free 1k / Enterprise 1k / Enterprise+ 2k / Enterprise Advanced 20k) at Box AI Units. Per-call rates are not publicly published.

Skill flow examples

"What did we decide about JWT vs sessions?"

  1. Free-text query → box-recall tries index lookup first
  2. Sparse results → box-recall suggests box-ai-recall
  3. User opts in → box-ai-recall calls /2.0/ai/ask with the workspace's recent decisions
  4. Box AI returns answer with citations
  5. Skill maps citations back to memory IDs via _index.json

"Make a companion for contract.pdf"

  1. box-companion checks tier + ai_extract_enabled
  2. Business+ with AI enabled → invokes box-ai-extract
  3. Box AI Extract Structured returns OCR'd text + structured fields
  4. Companion frontmatter populated from the response
  5. Companion .md written to Box with extracted_via: box-ai-extract-structured

"Set up a memory librarian agent for our compliance team"

  1. box-ai-agent checks tier (Enterprise Advanced)
  2. Builds locked-instruction config ("cite or refuse, never speculate")
  3. Calls /2.0/ai_agents create
  4. Stores agent ID in workspace config
  5. Users invoke via /box-ai-agent invoke --question="..." — consistent behavior across team

See also

box-memory · MIT · Repo · Latest release · Issues · Air-gapped variant

Home

Getting started

Concepts

Features

Skills reference

Integrations

Operations

Project

Clone this wiki locally