Aelix CX · Meter-to-cash and revenue protection
Turn meter data into protected, collected revenue.
Aelix CX unifies AMI ingest, multi-rate billing and tariff simulation, a theft-detection workflow, and dunning and collections, with hard medical and weather disconnect gates and 100% of state-changing actions audited. One single-tenant platform, one API, deployed in your environment.
Agentic AI · Domain agents for meter-to-cash · Governed by design
Domain agents that protect revenue. With people in control of every consequential move.
Aelix CX ships purpose-built AI agents for meter-to-cash work. They watch the live meter stream and the exception queues, reason over the data, draft the next action, and execute it on approval. Running on Aelix Core's built-in agent and workflow engine, the platform the whole Aelix suite is built on.
Agents do the work. People keep the authority.
Revenue Protection Agent.
Runs theft sweeps, assembles investigation cases, and recommends dispatch for human confirmation.
Dunning Agent.
Orchestrates collections sequences while enforcing the hard medical and weather disconnect gates. It never auto-disconnects.
Billing Exception Agent.
Resolves or escalates billing exceptions from the exception queue.
CSR Copilot.
Gives agents live customer-360 context and suggested replies on the call.
Tariff Simulation Agent.
Runs Monte Carlo rate scenarios on request.
Human approval on every consequential action
On every consequential action (investigation dispatch, disconnect, money movement) the agent monitors, reasons, drafts, and recommends. A human approves the commitment. The Revenue Protection Agent recommends. A human confirms investigations and dispatch. The Dunning Agent enforces the zero-tolerance medical and weather gates and never disconnects on its own. A human approves every disconnect. Every agent action is logged to the append-only audit trail, governed by role-based permissions, and reversible.
The problem
Detection is not protection. The chain breaks at the handoff.
Most utilities can already detect anomalies. What they cannot do is reliably turn a detection into recovered revenue without a chain of disconnected systems and manual handoffs in between: a customer information system (CIS) for billing, a separate AMI (Advanced Metering Infrastructure) head-end for meter data, spreadsheets and SQL scripts for revenue protection, and a call-center CRM that knows nothing about the meter.
Revenue leaks in those seams. Tampering, meter bypass, and unbilled consumption go undetected for months when the analytics live in an offline tool disconnected from the meter stream and the case-management workflow. Tariff errors drive disputes, customer service representative (CSR) call volume, and write-offs. Move-in / move-out / transfer (MIMO) gets stitched together by hand, creating truck rolls and billing gaps. And collections decisions get made without a unified view of usage, holds, or payment history.
There is a second, quieter cost in those same seams: the risk of acting against an honest customer. The fragmentation that loses revenue is the same fragmentation that wrongly investigates a paying household. Or, worse, moves toward disconnecting one with an active medical or weather hold. Precision is not a vanity metric here. It is a trust and liability metric.
Aelix CX closes the handoff. Detection lives on the live meter stream and inside the case workflow (sweep, case, human review, dispatch, confirm) so a signal becomes an auditable action instead of a line in a spreadsheet nobody owns.
What CX does
Seven capabilities, one auditable platform.
AMI ingest, on a contract your meters already speak
A webhook-based ingest endpoint accepts meter reads through pluggable adapters (`generic-json`, `generic-csv`, and native MultiSpeak v5, the dominant North American distribution-utility integration standard). Each request is authenticated by HMAC-SHA256 signature or a scoped API key, resolved to meters by serial, and written to a time-series hypertable. Live reads publish to the operator's real-time view.
Meter-to-cash billing with Monte Carlo tariff simulation
Author tariffs across time-of-use, tiered, demand, and fixed rule types, with versioning, customer class, jurisdiction, and filing docket. Before you commit a rate, run a Monte Carlo revenue simulation that returns mean, p10, and p90 revenue across thousands of runs. So a rate change is a modeled decision, not a guess. Statements carry line items and full audit history. A billing-exception queue catches anomalies before they reach a customer.
Theft-detection / revenue-protection workflow
This is a workflow, not a black box. A nightly sweep generates revenue-protection cases (each with a confidence score, estimated loss, pattern, forensics, and topology). From there a human is always in the loop: an operator reviews the case, dispatch requires the `launch_investigations` permission, and confirmation closes the case against its estimated loss. Every dispatch and every confirmation writes to the audit trail. A theft case never auto-investigates and never auto-disconnects.
We sell the workflow (sweep, case, human review, dispatch, confirm) not a detection accuracy number. Confirm rate is a launch gate we track openly (see Honest Proof) because precision protects honest customers as much as it protects revenue.
Dunning and collections with hard disconnect gates
A daily evaluation buckets accounts by aging and stage, surfacing amount due, disconnect eligibility, payment-plan status, and active holds. Operators can set payment plans and, where eligible, issue a gated remote disconnect, which requires the `execute_disconnect` permission and is hard-blocked in code if any medical or weather hold is active. This gate is zero-tolerance and cannot be overridden from the workflow. Every disconnect action is audited.
MIMO orchestration
Submit a move-in, move-out, or transfer and the platform auto-plans an ordered step chain: credit check, last read, account close/open, relay command where no truck roll is required, and notification. Steps run with recorded start, finish, and result on each one. The target is a no-truck-roll MIMO completed remotely, not a coordinated scramble across teams.
Customer 360
A live-call context view composes the last 30 days of usage, recent demand peak, open billing exceptions, open dunning cases, and the last call and payment. Alongside suggested CSR replies and quick actions (send payment link, schedule callback, email bill). Fuzzy customer search runs on Meilisearch with a Postgres fallback. Because this is real customer data, every record a CSR views is written to a PII access audit trail, and every quick action is audited.
P2P energy trading, pilot capability
For prosumers with rooftop solar and storage, Aelix CX includes a peer-to-peer trading surface: consumer buy/sell offers matched by price-time priority and settled in-ledger. This is a pilot-only, operator-flag-gated capability. It settles in the platform ledger with a synthetic transaction reference. There is no on-chain integration and no live money movement or grid-physics settlement. Enable it only after per-deployment legal review.
Why Aelix CX
Human-in-the-loop safety is the trust feature. Not a footnote.
Human-in-the-loop safety is the trust feature.
Nothing consequential happens automatically. And that holds even for the AI agents. Agents do the work of sweeping for theft, sequencing collections, and resolving billing exceptions. People keep the authority over money movement and disconnects. Theft cases require a human to dispatch and confirm. Disconnects require an explicit permission and are hard-blocked against medical and weather holds with zero tolerance and no workflow override. 100% of state-changing actions are designed to produce an audit record. For a CFO, a collections manager, or a CISO worried about wrongful-disconnect liability, that accountability is the product.
One platform, one contract.
Aelix CX collapses the CIS, the AMI head-end, the theft spreadsheet, and the CRM patchwork into a single backend exposing one `/api/*` contract. Consumed identically by a web workspace (operator + consumer portal + CSR admin) and three mobile apps. One system to deploy, secure, and audit.
Single-tenant and jurisdiction-agnostic by design.
Every deployment is single-tenant: your stack, your data, your environment, on-prem or in your private cloud. Isolation is the feature: simpler data-residency posture and cleaner compliance scoping. The platform is jurisdiction-agnostic (tariffs carry a free-text jurisdiction and filing docket), with per-deploy branding so it feels native to your utility. Jurisdiction-agnostic means it adapts to your jurisdiction, not that it is certified for any specific one.
Part of the Aelix platform.
Aelix CX runs on the same secure, single-tenant, deploy-anywhere foundation as the rest of the Aelix suite for electric utilities. The same audit backbone, the same isolation posture, one vendor relationship across revenue, grid, assets, security, and ESG.
What we can prove, and what we are targeting
Mechanisms today. Targets honestly framed.
We do not publish customer outcomes we cannot substantiate yet. What we can show you is the mechanism, and the targets we hold ourselves to at launch, framed honestly as targets, to be ratified against your baseline.
Mechanisms you can verify in a demo
- Sweep, case, human review, dispatch, confirm, with an audit record on every state change.
- A medical/weather hold that hard-blocks a disconnect, in code, with no override path.
- A Monte Carlo tariff simulation returning a stable p10 ≤ mean ≤ p90 across thousands of runs.
- A billing-exception queue and a full audit trail on every adjustment.
- A customer-360 live-call view with a PII access trail behind every record viewed.
We measure ourselves on a single number: net revenue protected + collected per active meter, per month. The figure that captures theft recovery, collections health, and billing accuracy together.
Targets (framed as targets, not results)
Security and compliance posture
Single-tenant, audited by design, jurisdiction-agnostic.
Single-tenant, deployed in your environment.
Aelix CX ships as an on-prem-friendly stack behind an nginx TLS edge. No shared data plane, no multi-tenant router. We do not publish a shared-cloud uptime SLA. Availability is designed around your operational requirements in your environment.
Audit by design.
All sensitive operator actions (theft dispatch and confirm, remote disconnect, CSR quick actions) write to an append-only audit log. The target is that 100% of state-changing operator actions produce an audit record, including a PII access trail for every customer record a CSR views.
Authentication and access control.
Session-cookie authentication with CSRF protection, correlation-ID tracing, and rate limiting. Fine-grained role-based access control gates consequential actions: `launch_investigations` for theft dispatch, `execute_disconnect` for remote disconnect. AMI webhook ingest is authenticated by HMAC signature or scoped API key.
Designed to NERC CIP standards.
Append-only audit trail, RBAC, and retention engineered to support your CIP scoping. Compliance scoping is per-deployment. We do not assert NERC CIP as a held vendor certification.
Jurisdiction-agnostic, not jurisdiction-certified.
The platform adapts to your regulatory environment. It does not encode or certify any single regulator's filing logic.
Money and data handled carefully.
Monetary values are handled as exact decimals. Issued statements are immutable. Statement PDFs are stored in object storage behind presigned, expiring URLs.
See it for yourself
See a theft case reviewed, and a wrongful disconnect blocked. Live.
Book a working demo against a seeded environment (labeled demo data), or talk directly to an engineer about single-tenant deployment, MultiSpeak v5 ingest, and your revenue-protection baseline.