The “Intern with a Dynamo Script” Nightmare
In the world of Design Technology, there is a recurring nightmare that keeps BIM Directors awake at night. It isn’t the server crashing, nor is it the deadline slipping. Rather, it is the “intern with a Dynamo script” scenario.
You likely know the one. An eager, bright-eyed computational designer writes a script to “clean up” the model. After hitting run, it works perfectly on their test file. However, once they deploy it to a live project, chaos ensues. Three weeks later, the structural engineer calls screaming because every column on Level 3 has been rotated 90 degrees, or worse, deleted entirely because the script decided they were “redundant geometry.”
While this is a bit of a trope, the fear is grounded in reality. We have all seen scripts that delete line patterns in bulk or purge “unused” parameters that were actually holding critical data. Dynamo is a powerful cannon, but unfortunately, it often lacks a targeting system.
Now, take that fear and multiply it by the speed and opacity of Artificial Intelligence.
We are currently being sold a vision of autonomous BIM Agents—digital workers that will tirelessly optimize our layouts, balance our schedules, and clean our data. But for those of us who actually have to insure the work, the idea of an autonomous agent roaming through a production Revit model with write-access is terrifying.
We don’t need more tools that can break things faster. Instead, we need a framework for what is actually safe to touch.
The Janitor Loop: Detection vs. Remediation
The industry is currently stuck in what I call the “Janitor Loop.” We have incredible tools for detection. Solibri, Navisworks, and various Model Checkers will happily generate a report listing 5,000 issues. They are excellent at screaming “ERROR!”
However, we have very few governed tools for remediation. Consequently, we hand that 500-page PDF to a human, who spends the next week clicking “Properties” > “Edit” > “Apply” five thousand times.
Admittedly, it is not accurate to say there are zero remediation tools. We have plugins that can batch-update fire ratings, and we have scripts that create openings where ducts hit walls. But these are usually point solutions—ungoverned, often undocumented, and reliant on the user knowing exactly when to press the button. They are power-user tools, not safety systems.
To break the Janitor Loop, we need BIM Agents that can act. But to survive those agents, we need to draw a hard, bright line between what is Safe to Auto-Fix and what requires Human Judgment.
Here is the taxonomy of safety for the age of governed automation.
The Anatomy of a “Safe” Fix
Before we let an AEC agent or a script touch a single GUID, we have to establish the rules of engagement. In software engineering, we talk about “idempotency” and “atomic transactions.” In AEC, we usually just talk about “not getting sued.”
For a task to be a candidate for automated remediation—meaning the machine finds it and fixes it without a human holding its hand—it must meet four strict criteria.
1. It Must Be Deterministic
There must be exactly one right answer. If you ask three different senior architects how to fix the issue, and they give you three different answers, it is not safe to automate.
- Safe: “All room names must be uppercase.” There is only one way to capitalize “Electrical Closet.”
- Unsafe: “Resolve clash between duct and beam.” Do we move the duct? Penetrate the beam? Lower the ceiling? That’s a design decision.
2. It Must Be Local
The change must not cascade. A safe fix affects the element in question and nothing else.
- Safe: Populating the
FireRatingparameter on a door based on the wall it hosts into. - Unsafe: Changing a wall type from “Generic” to a specific assembly. This changes the wall thickness, which changes the clear width of the corridor, which might violate code, which might require moving the grid… you get the idea.
3. It Must Be Reversible (The Rollback Rule)
If the automation gets it wrong, can you hit “Undo” and get back to exactly the state you were in before?
In Revit, “Undo” is strictly session-based. Consequently, once you synchronize with Central, your undo history is gone. You are left with the nuclear option: restoring a backup file and losing everyone else’s work from the last hour. That is not a rollback; that is a disaster recovery plan.
Therefore, a safe agent must operate on a Transaction Layer that allows for targeted rollback of specific actions, even days later.
4. It Must Be Bounded
The scope of the change must be explicitly defined. The agent cannot have “general” write access; it must have “scoped” write access.
- Safe: “You have permission to write to parameters starting with
P_in theDoorcategory.” - Unsafe: “You have permission to
UpdateElement.”
The Taxonomy: A Field Guide to Automation
If we apply these filters to the daily chaos of AEC data, a clear hierarchy emerges.
Tier 1: The “No-Brainers” (Mechanical Compliance)
Status: Safe to Auto-Fix immediately.
These are the tasks that make your BIM Managers feel like glorified data entry clerks. Purely syntactic in nature, they function essentially as the “spellcheck” of BIM.
- Naming Conventions: Renaming families, views, or sheets to match the ISO 19650 or firm standard. If the rule is
[Project Code]-[Zone]-[Level]-[Type], an agent can parse the metadata and enforce the string. - Case Correction: Forcing uppercase/lowercase/title case on specific parameters.
- Parameter Type Alignment: Ensuring that a parameter meant to be a number isn’t stored as a string (a classic headache for downstream analytics).
- PII Scrubbing: Automatically removing email addresses or phone numbers from a model before it’s exported for a public tender.
Why it’s safe: The logic is binary. It complies, or it doesn’t. Furthermore, the fix is a string manipulation. It doesn’t change the building; it changes the label.
Tier 2: The “Context-Aware” (Logical Consistency)
Status: Safe to Auto-Fix, but requires a “Preview” gate.
Here, however, things get interesting. These fixes require the agent to look at the relationship between two objects. This is the “Glue Code” territory—syncing data that should match but doesn’t.
- Data Inheritance: “This door is in a 2-hour fire wall; therefore, the door’s fire rating parameter should be 90 minutes.” An agent can read the host wall’s rating and update the door.
- Room/Space Coordination: Renaming MEP spaces to match the Architectural room names and numbers they occupy.
- Sheet Index Synchronization: Updating the sheet index schedule to match the actual sheets in the model.
Why it’s risky: Garbage in, garbage out. If the architectural model is wrong (e.g., the architect put a 2-hour wall in the wrong place), the agent will propagate that error to the door.
The Mitigation: This requires a Governance Layer. The agent proposes the batch of fixes (“I found 50 doors with mismatched ratings”), presents them to a human for approval, and then executes.
Tier 3: The “Danger Zone” (Geometric & Design Intent)
Status: Do Not Auto-Fix. Detect and Flag Only.
Conversely, these are the issues that vendors love to show in flashy demos (“AI that solves your clashes!”), but in practice, they are landmines.
- Clash Resolution: Moving geometry to avoid collisions.
- Code Compliance Redesign: “This corridor is too narrow; widen it.”
- Structural Optimization: Resizing beams based on load.
Why it’s unsafe: These are not data problems; they are design problems. A machine does not understand why a column is where it is. It might be there for structural reasons, or it might be there because the client loves the way it frames the view. Moving it is a violation of design intent.
The Technical Layer: Building the Safety Net
The question then becomes: how do we actually implement this? If we agree that we want BIM Agents to handle Tier 1 and Tier 2, how do we do it without creating a “Bomb Scare” model—one that looks fine on the sheets but is corrupted inside?
We need to move away from the idea of “scripts running on files” and toward the idea of a Transaction Layer.
In a traditional workflow (Dynamo/Python), the script is a cannon. You aim it, fire it, and hope. In a governed workflow, however, we need a safety sandwich.
1. The Policy Filter (The “Guardrails”)
Before any code runs, it passes through a policy filter. This is a machine-readable definition of what is allowed.
- Example:
Allow: WritetoParameter: NameonCategory: Rooms. - Example:
Deny: DeleteonCategory: Any.
Crucially, this isn’t a suggestion; it is a hard constraint. If an LLM-generated agent tries to get creative and delete a view, the policy filter kills the request before it reaches the API. This mirrors the “Identity and Access Management” (IAM) controls we see in enterprise software, applied to BIM geometry.
2. The Deterministic Patch
Therefore, we need to stop thinking in terms of “opening the file and making changes” and start thinking in terms of Patches.
A patch is a small, self-contained packet of data that describes a change.
- Bad: “Open the model and fix the names.”
- Good:
[ { "elementId": "12345", "parameter": "Room Name", "oldValue": "office", "newValue": "OFFICE" } ]
By structuring the fix as a data payload, we can inspect it. We can diff it. Ultimately, we can see exactly what the agent is planning to do before it does it.
3. The Speckle Advantage (State Management)
This is precisely where modern data infrastructure like Speckle becomes critical. If you are trying to do this directly on a .rvt file, you are fighting a losing battle against a binary black box.
In contrast, if you are operating on a Speckle stream (or a similar object-based data bus), you have State. You can run your automation on a branch of the data. The agent proposes the fix on a “QC Branch.” You review the diff in a web viewer. If it looks good, you merge it back to the main branch (or sync it back to Revit).
This turns BIM management into software engineering. It gives us git revert for building data.
4. The Rollback Mechanism
Trust is not a feeling; trust is the ability to undo.
For BIM Agents to be deployed in production, they must maintain a transaction log. Every fix applied must be indexed. If, three days later, you realize that the “Case Correction” agent accidentally renamed a bunch of legacy parameters that needed to be lowercase for a specific export script, you need to be able to query the log for that specific batch ID and hit “Revert.”
This is distinct from restoring a backup. This is a surgical undo of the agent’s actions, leaving the rest of the team’s work intact.
The Reality Check
There is a seduction in the industry right now that AI is going to “design the building.” That is a distraction.
The immediate, high-value future of AI in AEC isn’t generative design; it’s Generative Janitorial Work.
We don’t need AI to be creative; we have architects for that. Instead, we need AI to be boring. We require it to be pedantic, caring deeply about naming conventions, parameter schemas, and sheet indices so that we don’t have to.
The goal isn’t to automate everything. It’s to automate the 80% of the work that is mechanical, repetitive, and soul-crushing, so that your high-value humans can focus on the 20% that requires actual judgment, negotiation, and design.
If you try to automate the judgment (Tier 3), you will fail, and you will lose the trust of your project teams. But if you fail to automate the mechanical (Tier 1), you will burn out your team and drown in data debt.
The Takeaway
As you look at your roadmap for the next year, and as vendors pitch you their “Agentic AI” solutions, apply the litmus test.
Rather than asking “Can AI do this?” (The answer is usually yes, eventually), ask: “If this goes wrong, is the failure isolated and reversible?”
If the answer is yes—if it’s a naming convention, a parameter update, a data sync—then build the rails and let the robot run. If the answer is no—if it involves moving geometry, interpreting code, or guessing intent—then keep the human in the loop.
The future of Digital Practice isn’t about surrendering control to a black box. It’s about building a better control panel. We want the scalpel, not the suicide button.