Network AI Assistant

Asynchronous MCP (Model Context Protocol) server for unified multi-platform network infrastructure management.

Expose network devices, WiFi controllers, monitoring systems, and data centers through a unified API accessible by Claude Desktop, Warp AI, and any MCP-compatible client.

---

Key Features

100% Asynchronous Architecture

• Async/await engine: All I/O operations leverage asyncio, asyncssh, and httpx for optimal performance
• Parallel execution: Native support for multi-device operations with timeout protection
• Persistent sessions: Reusable HTTP connections with keepalive to minimize latency
• Smart JWT caching: Thread-safe authentication token management with automatic renewal

10 Specialized Connectors

Connector	Type	MCP Tools	Description
Generic SSH	SSH	2	Universal CLI access to any SSH device (Cisco, Juniper, Arista, Linux, etc.)
MikroTik REST	REST API	9	Complete management via REST API (interfaces, BGP, routing, system health)
MikroTik SSH	SSH	2	Specific commands unavailable in REST (route check, custom commands)
Palo Alto SSH	SSH PTY	2	PAN-OS firewalls with PTY interactive sessions (VPN, routing, system)
Palo Alto Panorama	REST API	16	Panorama centralized management (devices, device-groups, security rules, compliance, audit)
Aruba WiFi	REST API	9	WiFi controller (APs, clients, rogues, RF, WLANs, statistics)
Graylog	REST API	3	Centralized log search with time filters and streaming
LibreNMS	REST API	10	Network monitoring (inventory, health, ports, sensors, events)
Cisco APIC (ACI)	REST API	28	ACI data center (fabric, tenants, EPGs, VRFs, contracts, topology, analytics)
Cisco NDFC	REST API	14	Nexus Dashboard Fabric Controller (fabrics, switches, networks, VRFs, events)

Total: 97 MCP tools (95 connectors + 2 skills tools)

---

Installation

Prerequisites

• Python 3.12 or higher
• UV package manager
• dotenvx for encrypted credentials (brew install dotenvx/brew/dotenvx)
• Network access to target devices/APIs
• MCP client (Claude Desktop, Warp AI, etc.)

Install with UV

# Clone the repository
git clone https://github.com/angoran/git-netai.git
cd git-netai

# Sync dependencies (UV automatically creates virtual environment)
uv sync

# Verify installation
uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

---

Configuration

Environment Variables

Create a .env file at project root with the following variables:

# Generic SSH
SSH_USERNAME="admin"
SSH_PASSWORD="your_password"

# MikroTik REST API
MIKROTIK_USERNAME="api_user"
MIKROTIK_PASSWORD="api_password"
MIKROTIK_PORT="443"

# MikroTik SSH (if different from REST)
MIKROTIK_SSH_USERNAME="ssh_user"
MIKROTIK_SSH_PASSWORD="ssh_password"
MIKROTIK_SSH_PORT="22"

# Palo Alto Firewalls
PALOALTO_SSH_USERNAME="admin"
PALOALTO_SSH_PASSWORD="firewall_password"

# Aruba WiFi Controller
ARUBA_IP="10.x.x.x"
ARUBA_USERNAME="admin"
ARUBA_PASSWORD="aruba_password"

# Graylog
GRAYLOG_API_URL="https://graylog.example.com"
GRAYLOG_USERNAME="graylog_user"
GRAYLOG_PASSWORD="graylog_password"

# LibreNMS
LIBRENMS_URL="https://librenms.example.com"
LIBRENMS_API_TOKEN="your_api_token_here"

# Cisco APIC (ACI)
APIC_HOST="https://apic.example.com"
APIC_USERNAME="apic_user"
APIC_PASSWORD="apic_password"
APIC_VERIFY_SSL="false"
APIC_TIMEOUT="30"
APIC_TOKEN_CACHE_DURATION="3540"

# Cisco NDFC
NDFC_HOST="https://ndfc.example.com"
NDFC_USER="ndfc_user"
NDFC_PASSWORD="ndfc_password"
NDFC_DOMAIN="DefaultAuth"
NDFC_VERIFY_SSL="false"
NDFC_TIMEOUT="30"

# Palo Alto Panorama
PANORAMA_URL="https://panorama.example.com/api"
PANORAMA_USERNAME="panorama_user"
PANORAMA_PASSWORD="panorama_password"
PANORAMA_TIMEOUT="30"

Security Note: Credentials are stored encrypted using dotenvx. The .env file contains AES-256-GCM encrypted values. The private key is stored in .env.keys (excluded from version control). Never commit .env.keys to the repository.

Encrypting Credentials

After filling in your .env file, encrypt it with dotenvx:

# Encrypt all values in .env (generates .env.keys with the private key)
dotenvx encrypt

# Verify decryption works correctly
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

Keep .env.keys secure and distribute it to other users via a secure channel (password manager, secrets vault). The encrypted .env can be safely shared or committed to version control.

---

MCP Client Configuration

Claude Desktop

Configuration file locations:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json
• Linux: ~/.config/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": [
        "run",
        "--env-file", "/absolute/path/to/netai/.env",
        "--",
        "uv",
        "--directory", "/absolute/path/to/netai",
        "run",
        "python",
        "server.py"
      ],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      }
    }
  }
}

Warp AI

Configuration file: ~/.warp/mcp_config.json

{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": ["run", "--", "uv", "run", "python", "server.py"],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      },
      "working_directory": "/absolute/path/to/netai"
    }
  }
}

---

Usage

Starting the Server

# Launch MCP server in stdio mode (with encrypted .env decryption)
dotenvx run -- uv run python server.py

The server exposes all MCP tools via stdio protocol. MCP clients (Claude Desktop, Warp) launch the server automatically based on their configuration files.

Example Commands

The following examples demonstrate natural language commands that can be used with Claude Desktop or Warp AI:

Generic SSH Operations

Execute "show version" on device 192.168.1.1
Run "show ip route" on devices 192.168.1.1 and 192.168.1.2 in parallel

MikroTik Management

Show BGP sessions on MikroTik router 10.0.0.1
Check route to 8.8.8.8 on MikroTik 10.0.0.1 via SSH
Display interface statistics for 10.0.0.1

Palo Alto Firewall Operations

Show VPN status on Palo Alto firewall 10.240.203.241
Execute "show system info" on firewalls 10.240.203.241 and 10.240.203.242 in parallel
Display routing table on firewall 10.240.203.241

Aruba WiFi Controller

List all access points on Aruba controller
Show connected WiFi clients
Detect rogue access points
Display RF channel utilization
Show WLAN configuration

Graylog Log Management

Search for "authentication failure" in logs from the last 2 hours
List available Graylog streams
Show system overview and statistics

LibreNMS Network Monitoring

Show all monitored MikroTik devices
Display health metrics for device router-core-01
List all ports on switch-distro-01
Show temperature sensors for all devices
Retrieve event logs for the last 24 hours

Cisco APIC (ACI Data Center)

Show overall ACI fabric health
List all APIC tenants
Search for endpoint with IP address 10.1.1.50
Analyze connectivity between EPG web and EPG database
Show top talkers in Production tenant
Display fabric topology
List all contracts in tenant Production

Cisco NDFC

List all NDFC fabrics
Show switches in fabric DC1
Get critical events from the last 24 hours
Show interface details for switch with serial FDO23460MQC
Display VRFs in fabric DC1
Show network deployment status

Palo Alto Panorama

Show Panorama system information
List all managed firewalls
Show device groups and their members
Analyze security rules quality for device-group Production
Find rules without security profile in device-group DMZ
Check version compliance across all firewalls
Show configuration audit logs
Find duplicate address objects
Show pending configuration changes

Skills (Guided Workflows)

The recommended way to invoke a skill is to explicitly instruct the agent to load and follow it:

Load and execute the skill "infrastructure-health-check".
Follow every step of the procedure in order and produce a structured report.

Use skills_list to find the most appropriate skill, then load it with skills_load
and execute it step by step.
Task: BGP sessions on router 10.0.0.1 are flapping since this morning.

# Discovery and filtering
List all available skills
List skills for platform ACI
List skills tagged with "change-management"

# Monitoring and NOC
Run an infrastructure health check across all platforms
Perform a WiFi health monitoring report on the Aruba controller
Do a deep dive on device router-wan-01

# Troubleshooting
Diagnose BGP on MikroTik router 10.0.0.1
Track endpoint with IP 10.1.2.50 in the ACI fabric
Run a full ACI fabric health diagnostic
Check connectivity between device A and device B

# Compliance and Audit
Run a Panorama security audit on device-group Production
Check software version compliance and certificate expiry across all firewalls
Audit the ACI configuration for tenant Prod

# Change Management
Perform a pre-check before the maintenance window for change CHG0012345
Validate the post-change state and compare with the pre-check baseline
Detect any unauthorized configuration changes in the last 48 hours

# Inventory and Capacity
Generate a consolidated multi-vendor inventory
Map the physical network topology using LLDP discovery
Produce a capacity planning report for the infrastructure

# Incident Response
Correlate events and logs to identify the root cause of the incident
reported at 14:30 UTC — application servers cannot reach the database

Skills are step-by-step operational procedures in Markdown. The LLM calls skills_list() to discover available procedures filtered by platform or tag, then skills_load() to retrieve the full procedure and follow it by calling the referenced MCP tools in sequence. Each skill includes a Decision Matrix, Output Standards for enterprise-grade reporting, and a Notes section with operational best practices.

---

Technical Architecture

Project Structure

git-netai/
├── server.py                    # MCP entry point (FastMCP stdio transport)
├── skills_engine.py             # Skills index + loader (in-memory, YAML frontmatter)
├── connectors/                  # Asynchronous connector modules
│   ├── ssh_c.py                # Generic SSH connector (asyncssh)
│   ├── mikrotik_c.py           # MikroTik REST API connector (httpx)
│   ├── mikrotik_ssh_c.py       # MikroTik SSH connector (asyncssh)
│   ├── paloalto_c.py           # Palo Alto SSH PTY connector (asyncssh)
│   ├── panorama_c.py           # Palo Alto Panorama REST API connector (httpx + XML→JSON)
│   ├── aruba_c.py              # Aruba WiFi REST API connector (httpx)
│   ├── graylog_c.py            # Graylog REST API connector (httpx)
│   ├── librenms_c.py           # LibreNMS REST API connector (httpx)
│   ├── apic_c.py               # Cisco APIC REST API connector (httpx + JWT cache)
│   └── ndfc_c.py               # Cisco NDFC REST API connector (httpx + JWT cache)
├── skills/                      # Diagnostic skills (Markdown procedures with YAML frontmatter)
│   ├── TEMPLATE.md                          # Template and frontmatter reference for new skills
│   ├── bgp-diagnostic-mikrotik.md           # BGP session diagnostic on MikroTik
│   ├── connectivity-check.md                # End-to-end connectivity check
│   ├── multicast-diagnostic-aci.md          # ACI multicast diagnostic
│   ├── infrastructure-health-check.md       # Multi-platform health overview (NOC/shift handover)
│   ├── wifi-health-monitoring.md            # Aruba WiFi fleet health and RF audit
│   ├── device-deep-dive.md                  # Deep investigation of a single device (LibreNMS)
│   ├── aci-endpoint-tracking.md             # Locate and diagnose an endpoint in ACI
│   ├── aci-fabric-health-diagnostic.md      # ACI fabric degradation investigation
│   ├── aci-configuration-audit.md           # ACI logical config consistency audit
│   ├── aci-traffic-analysis.md              # ACI top talkers and interface utilization
│   ├── panorama-security-audit.md           # Firewall security rules quality audit
│   ├── compliance-versions-certificates.md  # Software versions and certificate expiry check
│   ├── change-pre-check.md                  # Baseline capture before a planned change
│   ├── change-post-check.md                 # Regression validation after a change
│   ├── configuration-drift-detection.md     # Unauthorized change detection (multi-source)
│   ├── multi-vendor-inventory.md            # Consolidated inventory across all platforms
│   ├── network-topology-mapping.md          # LLDP-based physical topology discovery
│   ├── ndfc-deployment-validation.md        # NDFC network/VRF deployment validation
│   ├── incident-root-cause-correlation.md   # Multi-source incident correlation and timeline
│   └── capacity-planning-report.md          # Infrastructure capacity assessment
├── pyproject.toml              # UV project configuration and dependencies
├── uv.lock                     # UV dependency lockfile
├── .env                        # Environment variables (not version controlled)
├── .gitignore                  # Git ignore rules
└── README.md                   # Project documentation

Skills System

Skills are step-by-step diagnostic and operational procedures stored as Markdown files in skills/*.md. Each file carries a YAML frontmatter header (title, platform, tags, required tools) parsed into an in-memory index at server startup. Two dedicated MCP tools expose the system.

How it works:

1. The LLM calls skills_list() to discover available skills — returns metadata only (name, title, platform, tags, description, required tools), never content
2. Optional filters: skills_list(platform="mikrotik") or skills_list(tag="bgp")
3. The LLM calls skills_load("bgp-diagnostic-mikrotik") to retrieve the full procedure — partial and case-insensitive name matching supported; both skill_name and name parameters are accepted
4. The Markdown content describes each step: which MCP tool to call, expected results, and decision logic
5. The LLM follows the procedure autonomously, calling the referenced tools in sequence
6. Each skill enforces Output Standards: structured sections, professional tone, enterprise-ready reports suitable for incident tickets, audit documents, or management briefings

Creating a new skill:

1. Copy skills/TEMPLATE.md to skills/{subject}-{platform}.md
2. Fill in the YAML frontmatter (title, platform, tags, tools, description)
3. Write the procedure steps referencing existing MCP tools
4. Call skills_list(reload=True) to refresh the index — no server restart needed

Frontmatter schema (required in every skill file):

---
title: BGP Diagnostic on MikroTik
platform: mikrotik  # mikrotik | aruba | aci | graylog | librenms | paloalto | panorama | generic
tags: [bgp, routing, peering, sessions]
tools: [get_mikrotik_bgp_sessions, get_mikrotik_bgp_connections]
description: One-sentence description of what this skill diagnoses.
---

Available skills (20):

Skill	Platform	Category	Description
bgp-diagnostic-mikrotik	mikrotik	Troubleshooting	BGP session diagnostic (sessions, config, routes, logs)
connectivity-check	generic	Troubleshooting	End-to-end connectivity verification across devices
multicast-diagnostic-aci	aci	Troubleshooting	ACI fabric multicast diagnostic (GIPo, bridge domains, IGMP)
infrastructure-health-check	generic	Monitoring	Multi-platform health overview for NOC/shift handover
wifi-health-monitoring	aruba	Monitoring	WiFi fleet health: APs, clients, RF channels, rogue APs
device-deep-dive	librenms	Monitoring	Full investigation of a single device (sensors, interfaces, logs)
aci-endpoint-tracking	aci	Troubleshooting	Locate an endpoint in ACI fabric and diagnose connectivity
aci-fabric-health-diagnostic	aci	Troubleshooting	ACI fabric degradation: faults, nodes, topology, resources
panorama-security-audit	panorama	Compliance	Firewall security rules quality: profiles, unused rules, overrides
compliance-versions-certificates	panorama	Compliance	Software version matrix and certificate expiry across fleet
aci-configuration-audit	aci	Compliance	ACI logical config consistency: tenants, VRFs, EPGs, contracts
change-pre-check	generic	Change Management	Baseline capture before a planned maintenance change
change-post-check	generic	Change Management	Regression validation by comparison with pre-check baseline
configuration-drift-detection	generic	Change Management	Unauthorized change detection across Panorama, ACI, and logs
multi-vendor-inventory	generic	Inventory	Consolidated inventory across all platforms (CMDB-ready)
network-topology-mapping	generic	Inventory	LLDP-based physical topology discovery and documentation
aci-traffic-analysis	aci	Capacity	ACI top talkers, interface utilization, and TCAM capacity
ndfc-deployment-validation	generic	Automation	NDFC network/VRF deployment status and configuration preview
incident-root-cause-correlation	generic	Incident Response	Multi-source timeline correlation to identify root cause
capacity-planning-report	generic	Capacity	Infrastructure capacity assessment across all domains

Asynchronous Design Patterns

1. Persistent HTTP Sessions

REST API connectors (Aruba, Graylog, LibreNMS) use persistent HTTP connections to minimize connection overhead:

async with httpx.AsyncClient(timeout=30) as client:
    response = await client.get(url, headers=headers)
    # HTTP session is automatically reused for subsequent requests

2. Thread-Safe JWT Token Caching

APIC and NDFC connectors implement thread-safe JWT token caching with automatic renewal:

_token_cache = {"token": None, "expires_at": 0, "lock": asyncio.Lock()}

async def _get_token():
    async with _token_cache["lock"]:
        if time.time() < _token_cache["expires_at"]:
            return _token_cache["token"]
        # Automatic token renewal when expired
        return await _authenticate()

Key features:

• Async lock prevents concurrent authentication requests
• Configurable token expiration with safety margin
• Automatic renewal on 401 responses
• Zero-downtime token refresh

3. Parallel Execution with Timeout Protection

SSH connectors support parallel command execution across multiple devices:

async def send_custom_command_parallel(targets: List[Dict], timeout: int = 120):
    tasks = [execute_single(target) for target in targets]
    results = await asyncio.wait_for(
        asyncio.gather(*tasks, return_exceptions=True),
        timeout=timeout
    )
    return results

Benefits:

• Concurrent execution across multiple devices
• Global timeout prevents indefinite hangs
• Exception handling per device
• Results aggregated in single response

4. PTY Interactive Sessions

Palo Alto PAN-OS requires PTY (pseudo-terminal) interactive sessions due to non-standard SSH implementation:

async with asyncssh.connect(ip, ...) as conn:
    async with conn.create_process(term_type='vt100') as process:
        await process.stdin.write(command + '\n')
        output = await process.stdout.read()

Why PTY is required:

• PAN-OS CLI expects interactive terminal
• Standard SSH exec channels are rejected
• Terminal emulation (vt100) required for proper output formatting

5. Encrypted Credential Injection (dotenvx)

Credentials are never stored in plain text. dotenvx intercepts the process launch, decrypts the .env file (AES-256-GCM), and injects the variables into the process environment before Python starts. The application code reads os.getenv() as usual — no change required in the connectors.

dotenvx run -- uv run python server.py
    │
    ├─ reads .env (AES-256-GCM ciphertext)
    ├─ reads DOTENV_PRIVATE_KEY (from .env.keys or env field in MCP config)
    ├─ decrypts → injects into os.environ
    └─ spawns Python process
         └─ connectors read os.getenv("APIC_PASSWORD") → plaintext value

Key properties:

• The encrypted .env can be committed to version control — ciphertext only
• The private key (.env.keys) is the only secret to protect and distribute
• dotenvx is external to UV — installed once per machine via Homebrew or install script
• If DOTENV_PRIVATE_KEY is missing or invalid, dotenvx logs a warning but does not block startup — connectors will fail at first network call with a None credential error

Key Dependencies

Library	Version	Purpose
fastmcp	2.13+	MCP server framework with stdio transport
asyncssh	2.21+	Asynchronous SSH client (RFC-compliant + PTY support)
httpx	0.28+	Async HTTP client with connection pooling
mcp[cli]	1.23+	MCP protocol implementation and CLI tools
dotenvx (external)	1.54+	Encrypted .env management — installed via Homebrew, not UV

---

Testing

Quick Verification

# Verify MCP server loads correctly (with encrypted .env)
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

# Test SSH connector
uv run python -c "
import asyncio
from connectors.ssh_c import send_custom_command
result = asyncio.run(send_custom_command('192.168.1.1', 'show version'))
print(result)
"

# Test REST API connector (LibreNMS)
uv run python -c "
import asyncio
from connectors.librenms_c import list_devices
result = asyncio.run(list_devices())
print(result)
"

Response Format

All connector functions return a standardized dictionary structure:

{
    "success": bool,           # True if operation completed successfully
    "output": dict|str|list,   # Response data (structure varies by connector)
    "error": str               # Error message if success is False
}

Success response example:

{
    "success": True,
    "output": {"hostname": "router-01", "version": "7.14.1"},
    "error": None
}

Error response example:

{
    "success": False,
    "output": None,
    "error": "Connection timeout after 30 seconds"
}

---

Security Considerations

Development vs Production

Aspect	Development Environment	Production Environment
Credentials	Local .env file	Secrets manager (HashiCorp Vault, AWS Secrets Manager, 1Password CLI)
SSL Verification	VERIFY_SSL=false (lab devices with self-signed certificates)	VERIFY_SSL=true with valid certificate chain
SSH Known Hosts	Disabled (known_hosts=None) for rapid prototyping	Strict validation with maintained known_hosts file
Account Permissions	Admin accounts for full access	Service accounts with minimal required privileges (least privilege principle)
Logging	Debug logging enabled for troubleshooting	Session logs disabled to prevent credential exposure
Network Access	Direct device access	Restricted access via bastion host/jump server with firewall rules

Production Credential Management

Example using 1Password CLI for secure credential injection:

# Launch server — dotenvx decrypts .env at startup using the private key
dotenvx run -- uv run python server.py

# Alternative: inject private key from a secrets manager (1Password, Vault, etc.)
export DOTENV_PRIVATE_KEY=$(op read "op://Production/netai/dotenv-private-key")
dotenvx run -- uv run python server.py

Audit and Compliance

For production deployments:

• Enable audit logging for all MCP tool invocations
• Implement role-based access control (RBAC) at MCP client level
• Rotate service account credentials regularly (90-day maximum)
• Monitor for suspicious command patterns or unauthorized access attempts
• Maintain audit trail of all configuration changes

---

Troubleshooting

Common Issues and Solutions

Issue	Diagnosis	Solution
SSH authentication failure	Incorrect credentials or account locked	Verify SSH_USERNAME and SSH_PASSWORD in .env. Test manually: ssh user@host. Check account status on target device.
Connection timeout	Network unreachable or firewall blocking	Verify connectivity: ping <host>, telnet <host> <port>. Check firewall rules and routing. Increase timeout values in .env.
SSL/TLS certificate error	Self-signed certificate or untrusted CA	Development: Set VERIFY_SSL=false. Production: Install proper CA certificates or use certifi bundle.
JWT token expired (APIC/NDFC)	Token lifetime exceeded	Token renewal is automatic. If persistent, verify credentials and check APIC/NDFC authentication logs.
MCP server fails to start	Missing dependencies or Python version mismatch	Check uv --version and python --version (must be 3.12+). Re-run uv sync to reinstall dependencies.
Palo Alto session timeout	PAN-OS aggressive session timeout	Increase timeout parameter in tool calls. Consider implementing keepalive packets.
LibreNMS API 401 error	Invalid or expired API token	Regenerate API token in LibreNMS web interface under user settings. Update LIBRENMS_API_TOKEN in .env.
APIC/NDFC 403 forbidden	Insufficient account permissions	Verify account has required role assignments (admin or fabric-admin for full access).

Enabling Debug Logging

Add the following to server.py for detailed logging output:

import logging
logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)

For production environments, configure logging to external syslog or SIEM:

import logging
from logging.handlers import SysLogHandler

handler = SysLogHandler(address=('syslog.example.com', 514))
logging.basicConfig(handlers=[handler], level=logging.INFO)

---

Roadmap

Current Implementation

• 100% asynchronous architecture (asyncio/asyncssh/httpx)
• 10 connectors (SSH, MikroTik REST+SSH, Aruba, Palo Alto SSH, Panorama, Graylog, LibreNMS, APIC, NDFC)
• 97 exposed MCP tools (95 connectors + 2 skills tools)
• Smart JWT cache with automatic renewal
• Persistent HTTP sessions with keepalive
• Parallel execution with timeout protection
• PTY support for Palo Alto PAN-OS
• Modern UV management (pyproject.toml + uv.lock)
• Encrypted credential management with dotenvx (AES-256-GCM)
• Panorama API integration with XML→JSON conversion
• Skills system with in-memory index, YAML frontmatter, platform/tag filtering, and fuzzy name matching
• 20 professional skills across 7 operational categories (monitoring, troubleshooting, compliance, change management, inventory, capacity, incident response)
• Enterprise Output Standards enforced in every skill (structured reports, professional tone, enterprise-ready)

Planned Enhancements

Additional Platform Support & more endpoints:

• Add more LibreNMS endpoints (alerts, device groups, inventory)
• Add more APIC endpoints (troubleshooting, change management)
• Expand Aruba capabilities (RF analytics, heat maps)
• Expand Panorama capabilities (policy push, commit operations)

Skills:

• OSPF diagnostic skill (MikroTik / generic)
• VPN tunnel diagnostic skill (Palo Alto)
• WiFi client troubleshooting skill (Aruba)
• Post-incident post-mortem report skill

---

License

This project is licensed under the MIT License. See the LICENSE file for complete terms and conditions.

---

Acknowledgments

• FastMCP - High-performance MCP server framework
• asyncssh - Production-grade asynchronous SSH implementation
• httpx - Modern async HTTP client with HTTP/2 support
• UV - Next-generation Python package manager built in Rust
• Anthropic - Model Context Protocol specification and reference implementations

---

Support

For issues, questions, or contributions:

• Issue Tracker: GitHub Issues
• Discussions: GitHub Discussions

---

Professional network automation for enterprise environments