Network AI Assistant

Network AI Assistant

Asynchronous MCP server for unified multi-platform network infrastructure management, providing 97 tools across 10 connectors including SSH, MikroTik, Palo Alto, Aruba, Graylog, LibreNMS, Cisco APIC/NDFC, and Panorama.

Category
Visit Server

README

Network AI Assistant

Python 3.12+ FastMCP UV Async

Asynchronous MCP (Model Context Protocol) server for unified multi-platform network infrastructure management.

Expose network devices, WiFi controllers, monitoring systems, and data centers through a unified API accessible by Claude Desktop, Warp AI, and any MCP-compatible client.


Key Features

100% Asynchronous Architecture

  • Async/await engine: All I/O operations leverage asyncio, asyncssh, and httpx for optimal performance
  • Parallel execution: Native support for multi-device operations with timeout protection
  • Persistent sessions: Reusable HTTP connections with keepalive to minimize latency
  • Smart JWT caching: Thread-safe authentication token management with automatic renewal

10 Specialized Connectors

Connector Type MCP Tools Description
Generic SSH SSH 2 Universal CLI access to any SSH device (Cisco, Juniper, Arista, Linux, etc.)
MikroTik REST REST API 9 Complete management via REST API (interfaces, BGP, routing, system health)
MikroTik SSH SSH 2 Specific commands unavailable in REST (route check, custom commands)
Palo Alto SSH SSH PTY 2 PAN-OS firewalls with PTY interactive sessions (VPN, routing, system)
Palo Alto Panorama REST API 16 Panorama centralized management (devices, device-groups, security rules, compliance, audit)
Aruba WiFi REST API 9 WiFi controller (APs, clients, rogues, RF, WLANs, statistics)
Graylog REST API 3 Centralized log search with time filters and streaming
LibreNMS REST API 10 Network monitoring (inventory, health, ports, sensors, events)
Cisco APIC (ACI) REST API 28 ACI data center (fabric, tenants, EPGs, VRFs, contracts, topology, analytics)
Cisco NDFC REST API 14 Nexus Dashboard Fabric Controller (fabrics, switches, networks, VRFs, events)

Total: 97 MCP tools (95 connectors + 2 skills tools)


Installation

Prerequisites

  • Python 3.12 or higher
  • UV package manager
  • dotenvx for encrypted credentials (brew install dotenvx/brew/dotenvx)
  • Network access to target devices/APIs
  • MCP client (Claude Desktop, Warp AI, etc.)

Install with UV

# Clone the repository
git clone https://github.com/angoran/git-netai.git
cd git-netai

# Sync dependencies (UV automatically creates virtual environment)
uv sync

# Verify installation
uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

Configuration

Environment Variables

Create a .env file at project root with the following variables:

# Generic SSH
SSH_USERNAME="admin"
SSH_PASSWORD="your_password"

# MikroTik REST API
MIKROTIK_USERNAME="api_user"
MIKROTIK_PASSWORD="api_password"
MIKROTIK_PORT="443"

# MikroTik SSH (if different from REST)
MIKROTIK_SSH_USERNAME="ssh_user"
MIKROTIK_SSH_PASSWORD="ssh_password"
MIKROTIK_SSH_PORT="22"

# Palo Alto Firewalls
PALOALTO_SSH_USERNAME="admin"
PALOALTO_SSH_PASSWORD="firewall_password"

# Aruba WiFi Controller
ARUBA_IP="10.x.x.x"
ARUBA_USERNAME="admin"
ARUBA_PASSWORD="aruba_password"

# Graylog
GRAYLOG_API_URL="https://graylog.example.com"
GRAYLOG_USERNAME="graylog_user"
GRAYLOG_PASSWORD="graylog_password"

# LibreNMS
LIBRENMS_URL="https://librenms.example.com"
LIBRENMS_API_TOKEN="your_api_token_here"

# Cisco APIC (ACI)
APIC_HOST="https://apic.example.com"
APIC_USERNAME="apic_user"
APIC_PASSWORD="apic_password"
APIC_VERIFY_SSL="false"
APIC_TIMEOUT="30"
APIC_TOKEN_CACHE_DURATION="3540"

# Cisco NDFC
NDFC_HOST="https://ndfc.example.com"
NDFC_USER="ndfc_user"
NDFC_PASSWORD="ndfc_password"
NDFC_DOMAIN="DefaultAuth"
NDFC_VERIFY_SSL="false"
NDFC_TIMEOUT="30"

# Palo Alto Panorama
PANORAMA_URL="https://panorama.example.com/api"
PANORAMA_USERNAME="panorama_user"
PANORAMA_PASSWORD="panorama_password"
PANORAMA_TIMEOUT="30"

Security Note: Credentials are stored encrypted using dotenvx. The .env file contains AES-256-GCM encrypted values. The private key is stored in .env.keys (excluded from version control). Never commit .env.keys to the repository.

Encrypting Credentials

After filling in your .env file, encrypt it with dotenvx:

# Encrypt all values in .env (generates .env.keys with the private key)
dotenvx encrypt

# Verify decryption works correctly
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

Keep .env.keys secure and distribute it to other users via a secure channel (password manager, secrets vault). The encrypted .env can be safely shared or committed to version control.


MCP Client Configuration

Claude Desktop

Configuration file locations:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json
  • Linux: ~/.config/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": [
        "run",
        "--env-file", "/absolute/path/to/netai/.env",
        "--",
        "uv",
        "--directory", "/absolute/path/to/netai",
        "run",
        "python",
        "server.py"
      ],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      }
    }
  }
}

Warp AI

Configuration file: ~/.warp/mcp_config.json

{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": ["run", "--", "uv", "run", "python", "server.py"],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      },
      "working_directory": "/absolute/path/to/netai"
    }
  }
}

Usage

Starting the Server

# Launch MCP server in stdio mode (with encrypted .env decryption)
dotenvx run -- uv run python server.py

The server exposes all MCP tools via stdio protocol. MCP clients (Claude Desktop, Warp) launch the server automatically based on their configuration files.

Example Commands

The following examples demonstrate natural language commands that can be used with Claude Desktop or Warp AI:

Generic SSH Operations

Execute "show version" on device 192.168.1.1
Run "show ip route" on devices 192.168.1.1 and 192.168.1.2 in parallel

MikroTik Management

Show BGP sessions on MikroTik router 10.0.0.1
Check route to 8.8.8.8 on MikroTik 10.0.0.1 via SSH
Display interface statistics for 10.0.0.1

Palo Alto Firewall Operations

Show VPN status on Palo Alto firewall 10.240.203.241
Execute "show system info" on firewalls 10.240.203.241 and 10.240.203.242 in parallel
Display routing table on firewall 10.240.203.241

Aruba WiFi Controller

List all access points on Aruba controller
Show connected WiFi clients
Detect rogue access points
Display RF channel utilization
Show WLAN configuration

Graylog Log Management

Search for "authentication failure" in logs from the last 2 hours
List available Graylog streams
Show system overview and statistics

LibreNMS Network Monitoring

Show all monitored MikroTik devices
Display health metrics for device router-core-01
List all ports on switch-distro-01
Show temperature sensors for all devices
Retrieve event logs for the last 24 hours

Cisco APIC (ACI Data Center)

Show overall ACI fabric health
List all APIC tenants
Search for endpoint with IP address 10.1.1.50
Analyze connectivity between EPG web and EPG database
Show top talkers in Production tenant
Display fabric topology
List all contracts in tenant Production

Cisco NDFC

List all NDFC fabrics
Show switches in fabric DC1
Get critical events from the last 24 hours
Show interface details for switch with serial FDO23460MQC
Display VRFs in fabric DC1
Show network deployment status

Palo Alto Panorama

Show Panorama system information
List all managed firewalls
Show device groups and their members
Analyze security rules quality for device-group Production
Find rules without security profile in device-group DMZ
Check version compliance across all firewalls
Show configuration audit logs
Find duplicate address objects
Show pending configuration changes

Skills (Guided Workflows)

The recommended way to invoke a skill is to explicitly instruct the agent to load and follow it:

Load and execute the skill "infrastructure-health-check".
Follow every step of the procedure in order and produce a structured report.
Use skills_list to find the most appropriate skill, then load it with skills_load
and execute it step by step.
Task: BGP sessions on router 10.0.0.1 are flapping since this morning.
# Discovery and filtering
List all available skills
List skills for platform ACI
List skills tagged with "change-management"

# Monitoring and NOC
Run an infrastructure health check across all platforms
Perform a WiFi health monitoring report on the Aruba controller
Do a deep dive on device router-wan-01

# Troubleshooting
Diagnose BGP on MikroTik router 10.0.0.1
Track endpoint with IP 10.1.2.50 in the ACI fabric
Run a full ACI fabric health diagnostic
Check connectivity between device A and device B

# Compliance and Audit
Run a Panorama security audit on device-group Production
Check software version compliance and certificate expiry across all firewalls
Audit the ACI configuration for tenant Prod

# Change Management
Perform a pre-check before the maintenance window for change CHG0012345
Validate the post-change state and compare with the pre-check baseline
Detect any unauthorized configuration changes in the last 48 hours

# Inventory and Capacity
Generate a consolidated multi-vendor inventory
Map the physical network topology using LLDP discovery
Produce a capacity planning report for the infrastructure

# Incident Response
Correlate events and logs to identify the root cause of the incident
reported at 14:30 UTC — application servers cannot reach the database

Skills are step-by-step operational procedures in Markdown. The LLM calls skills_list() to discover available procedures filtered by platform or tag, then skills_load() to retrieve the full procedure and follow it by calling the referenced MCP tools in sequence. Each skill includes a Decision Matrix, Output Standards for enterprise-grade reporting, and a Notes section with operational best practices.


Technical Architecture

Project Structure

git-netai/
├── server.py                    # MCP entry point (FastMCP stdio transport)
├── skills_engine.py             # Skills index + loader (in-memory, YAML frontmatter)
├── connectors/                  # Asynchronous connector modules
│   ├── ssh_c.py                # Generic SSH connector (asyncssh)
│   ├── mikrotik_c.py           # MikroTik REST API connector (httpx)
│   ├── mikrotik_ssh_c.py       # MikroTik SSH connector (asyncssh)
│   ├── paloalto_c.py           # Palo Alto SSH PTY connector (asyncssh)
│   ├── panorama_c.py           # Palo Alto Panorama REST API connector (httpx + XML→JSON)
│   ├── aruba_c.py              # Aruba WiFi REST API connector (httpx)
│   ├── graylog_c.py            # Graylog REST API connector (httpx)
│   ├── librenms_c.py           # LibreNMS REST API connector (httpx)
│   ├── apic_c.py               # Cisco APIC REST API connector (httpx + JWT cache)
│   └── ndfc_c.py               # Cisco NDFC REST API connector (httpx + JWT cache)
├── skills/                      # Diagnostic skills (Markdown procedures with YAML frontmatter)
│   ├── TEMPLATE.md                          # Template and frontmatter reference for new skills
│   ├── bgp-diagnostic-mikrotik.md           # BGP session diagnostic on MikroTik
│   ├── connectivity-check.md                # End-to-end connectivity check
│   ├── multicast-diagnostic-aci.md          # ACI multicast diagnostic
│   ├── infrastructure-health-check.md       # Multi-platform health overview (NOC/shift handover)
│   ├── wifi-health-monitoring.md            # Aruba WiFi fleet health and RF audit
│   ├── device-deep-dive.md                  # Deep investigation of a single device (LibreNMS)
│   ├── aci-endpoint-tracking.md             # Locate and diagnose an endpoint in ACI
│   ├── aci-fabric-health-diagnostic.md      # ACI fabric degradation investigation
│   ├── aci-configuration-audit.md           # ACI logical config consistency audit
│   ├── aci-traffic-analysis.md              # ACI top talkers and interface utilization
│   ├── panorama-security-audit.md           # Firewall security rules quality audit
│   ├── compliance-versions-certificates.md  # Software versions and certificate expiry check
│   ├── change-pre-check.md                  # Baseline capture before a planned change
│   ├── change-post-check.md                 # Regression validation after a change
│   ├── configuration-drift-detection.md     # Unauthorized change detection (multi-source)
│   ├── multi-vendor-inventory.md            # Consolidated inventory across all platforms
│   ├── network-topology-mapping.md          # LLDP-based physical topology discovery
│   ├── ndfc-deployment-validation.md        # NDFC network/VRF deployment validation
│   ├── incident-root-cause-correlation.md   # Multi-source incident correlation and timeline
│   └── capacity-planning-report.md          # Infrastructure capacity assessment
├── pyproject.toml              # UV project configuration and dependencies
├── uv.lock                     # UV dependency lockfile
├── .env                        # Environment variables (not version controlled)
├── .gitignore                  # Git ignore rules
└── README.md                   # Project documentation

Skills System

Skills are step-by-step diagnostic and operational procedures stored as Markdown files in skills/*.md. Each file carries a YAML frontmatter header (title, platform, tags, required tools) parsed into an in-memory index at server startup. Two dedicated MCP tools expose the system.

How it works:

  1. The LLM calls skills_list() to discover available skills — returns metadata only (name, title, platform, tags, description, required tools), never content
  2. Optional filters: skills_list(platform="mikrotik") or skills_list(tag="bgp")
  3. The LLM calls skills_load("bgp-diagnostic-mikrotik") to retrieve the full procedure — partial and case-insensitive name matching supported; both skill_name and name parameters are accepted
  4. The Markdown content describes each step: which MCP tool to call, expected results, and decision logic
  5. The LLM follows the procedure autonomously, calling the referenced tools in sequence
  6. Each skill enforces Output Standards: structured sections, professional tone, enterprise-ready reports suitable for incident tickets, audit documents, or management briefings

Creating a new skill:

  1. Copy skills/TEMPLATE.md to skills/{subject}-{platform}.md
  2. Fill in the YAML frontmatter (title, platform, tags, tools, description)
  3. Write the procedure steps referencing existing MCP tools
  4. Call skills_list(reload=True) to refresh the index — no server restart needed

Frontmatter schema (required in every skill file):

---
title: BGP Diagnostic on MikroTik
platform: mikrotik  # mikrotik | aruba | aci | graylog | librenms | paloalto | panorama | generic
tags: [bgp, routing, peering, sessions]
tools: [get_mikrotik_bgp_sessions, get_mikrotik_bgp_connections]
description: One-sentence description of what this skill diagnoses.
---

Available skills (20):

Skill Platform Category Description
bgp-diagnostic-mikrotik mikrotik Troubleshooting BGP session diagnostic (sessions, config, routes, logs)
connectivity-check generic Troubleshooting End-to-end connectivity verification across devices
multicast-diagnostic-aci aci Troubleshooting ACI fabric multicast diagnostic (GIPo, bridge domains, IGMP)
infrastructure-health-check generic Monitoring Multi-platform health overview for NOC/shift handover
wifi-health-monitoring aruba Monitoring WiFi fleet health: APs, clients, RF channels, rogue APs
device-deep-dive librenms Monitoring Full investigation of a single device (sensors, interfaces, logs)
aci-endpoint-tracking aci Troubleshooting Locate an endpoint in ACI fabric and diagnose connectivity
aci-fabric-health-diagnostic aci Troubleshooting ACI fabric degradation: faults, nodes, topology, resources
panorama-security-audit panorama Compliance Firewall security rules quality: profiles, unused rules, overrides
compliance-versions-certificates panorama Compliance Software version matrix and certificate expiry across fleet
aci-configuration-audit aci Compliance ACI logical config consistency: tenants, VRFs, EPGs, contracts
change-pre-check generic Change Management Baseline capture before a planned maintenance change
change-post-check generic Change Management Regression validation by comparison with pre-check baseline
configuration-drift-detection generic Change Management Unauthorized change detection across Panorama, ACI, and logs
multi-vendor-inventory generic Inventory Consolidated inventory across all platforms (CMDB-ready)
network-topology-mapping generic Inventory LLDP-based physical topology discovery and documentation
aci-traffic-analysis aci Capacity ACI top talkers, interface utilization, and TCAM capacity
ndfc-deployment-validation generic Automation NDFC network/VRF deployment status and configuration preview
incident-root-cause-correlation generic Incident Response Multi-source timeline correlation to identify root cause
capacity-planning-report generic Capacity Infrastructure capacity assessment across all domains

Asynchronous Design Patterns

1. Persistent HTTP Sessions

REST API connectors (Aruba, Graylog, LibreNMS) use persistent HTTP connections to minimize connection overhead:

async with httpx.AsyncClient(timeout=30) as client:
    response = await client.get(url, headers=headers)
    # HTTP session is automatically reused for subsequent requests

2. Thread-Safe JWT Token Caching

APIC and NDFC connectors implement thread-safe JWT token caching with automatic renewal:

_token_cache = {"token": None, "expires_at": 0, "lock": asyncio.Lock()}

async def _get_token():
    async with _token_cache["lock"]:
        if time.time() < _token_cache["expires_at"]:
            return _token_cache["token"]
        # Automatic token renewal when expired
        return await _authenticate()

Key features:

  • Async lock prevents concurrent authentication requests
  • Configurable token expiration with safety margin
  • Automatic renewal on 401 responses
  • Zero-downtime token refresh

3. Parallel Execution with Timeout Protection

SSH connectors support parallel command execution across multiple devices:

async def send_custom_command_parallel(targets: List[Dict], timeout: int = 120):
    tasks = [execute_single(target) for target in targets]
    results = await asyncio.wait_for(
        asyncio.gather(*tasks, return_exceptions=True),
        timeout=timeout
    )
    return results

Benefits:

  • Concurrent execution across multiple devices
  • Global timeout prevents indefinite hangs
  • Exception handling per device
  • Results aggregated in single response

4. PTY Interactive Sessions

Palo Alto PAN-OS requires PTY (pseudo-terminal) interactive sessions due to non-standard SSH implementation:

async with asyncssh.connect(ip, ...) as conn:
    async with conn.create_process(term_type='vt100') as process:
        await process.stdin.write(command + '\n')
        output = await process.stdout.read()

Why PTY is required:

  • PAN-OS CLI expects interactive terminal
  • Standard SSH exec channels are rejected
  • Terminal emulation (vt100) required for proper output formatting

5. Encrypted Credential Injection (dotenvx)

Credentials are never stored in plain text. dotenvx intercepts the process launch, decrypts the .env file (AES-256-GCM), and injects the variables into the process environment before Python starts. The application code reads os.getenv() as usual — no change required in the connectors.

dotenvx run -- uv run python server.py
    │
    ├─ reads .env (AES-256-GCM ciphertext)
    ├─ reads DOTENV_PRIVATE_KEY (from .env.keys or env field in MCP config)
    ├─ decrypts → injects into os.environ
    └─ spawns Python process
         └─ connectors read os.getenv("APIC_PASSWORD") → plaintext value

Key properties:

  • The encrypted .env can be committed to version control — ciphertext only
  • The private key (.env.keys) is the only secret to protect and distribute
  • dotenvx is external to UV — installed once per machine via Homebrew or install script
  • If DOTENV_PRIVATE_KEY is missing or invalid, dotenvx logs a warning but does not block startup — connectors will fail at first network call with a None credential error

Key Dependencies

Library Version Purpose
fastmcp 2.13+ MCP server framework with stdio transport
asyncssh 2.21+ Asynchronous SSH client (RFC-compliant + PTY support)
httpx 0.28+ Async HTTP client with connection pooling
mcp[cli] 1.23+ MCP protocol implementation and CLI tools
dotenvx (external) 1.54+ Encrypted .env management — installed via Homebrew, not UV

Testing

Quick Verification

# Verify MCP server loads correctly (with encrypted .env)
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

# Test SSH connector
uv run python -c "
import asyncio
from connectors.ssh_c import send_custom_command
result = asyncio.run(send_custom_command('192.168.1.1', 'show version'))
print(result)
"

# Test REST API connector (LibreNMS)
uv run python -c "
import asyncio
from connectors.librenms_c import list_devices
result = asyncio.run(list_devices())
print(result)
"

Response Format

All connector functions return a standardized dictionary structure:

{
    "success": bool,           # True if operation completed successfully
    "output": dict|str|list,   # Response data (structure varies by connector)
    "error": str               # Error message if success is False
}

Success response example:

{
    "success": True,
    "output": {"hostname": "router-01", "version": "7.14.1"},
    "error": None
}

Error response example:

{
    "success": False,
    "output": None,
    "error": "Connection timeout after 30 seconds"
}

Security Considerations

Development vs Production

Aspect Development Environment Production Environment
Credentials Local .env file Secrets manager (HashiCorp Vault, AWS Secrets Manager, 1Password CLI)
SSL Verification VERIFY_SSL=false (lab devices with self-signed certificates) VERIFY_SSL=true with valid certificate chain
SSH Known Hosts Disabled (known_hosts=None) for rapid prototyping Strict validation with maintained known_hosts file
Account Permissions Admin accounts for full access Service accounts with minimal required privileges (least privilege principle)
Logging Debug logging enabled for troubleshooting Session logs disabled to prevent credential exposure
Network Access Direct device access Restricted access via bastion host/jump server with firewall rules

Production Credential Management

Example using 1Password CLI for secure credential injection:

# Launch server — dotenvx decrypts .env at startup using the private key
dotenvx run -- uv run python server.py

# Alternative: inject private key from a secrets manager (1Password, Vault, etc.)
export DOTENV_PRIVATE_KEY=$(op read "op://Production/netai/dotenv-private-key")
dotenvx run -- uv run python server.py

Audit and Compliance

For production deployments:

  • Enable audit logging for all MCP tool invocations
  • Implement role-based access control (RBAC) at MCP client level
  • Rotate service account credentials regularly (90-day maximum)
  • Monitor for suspicious command patterns or unauthorized access attempts
  • Maintain audit trail of all configuration changes

Troubleshooting

Common Issues and Solutions

Issue Diagnosis Solution
SSH authentication failure Incorrect credentials or account locked Verify SSH_USERNAME and SSH_PASSWORD in .env. Test manually: ssh user@host. Check account status on target device.
Connection timeout Network unreachable or firewall blocking Verify connectivity: ping <host>, telnet <host> <port>. Check firewall rules and routing. Increase timeout values in .env.
SSL/TLS certificate error Self-signed certificate or untrusted CA Development: Set VERIFY_SSL=false. Production: Install proper CA certificates or use certifi bundle.
JWT token expired (APIC/NDFC) Token lifetime exceeded Token renewal is automatic. If persistent, verify credentials and check APIC/NDFC authentication logs.
MCP server fails to start Missing dependencies or Python version mismatch Check uv --version and python --version (must be 3.12+). Re-run uv sync to reinstall dependencies.
Palo Alto session timeout PAN-OS aggressive session timeout Increase timeout parameter in tool calls. Consider implementing keepalive packets.
LibreNMS API 401 error Invalid or expired API token Regenerate API token in LibreNMS web interface under user settings. Update LIBRENMS_API_TOKEN in .env.
APIC/NDFC 403 forbidden Insufficient account permissions Verify account has required role assignments (admin or fabric-admin for full access).

Enabling Debug Logging

Add the following to server.py for detailed logging output:

import logging
logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)

For production environments, configure logging to external syslog or SIEM:

import logging
from logging.handlers import SysLogHandler

handler = SysLogHandler(address=('syslog.example.com', 514))
logging.basicConfig(handlers=[handler], level=logging.INFO)

Roadmap

Current Implementation

  • [x] 100% asynchronous architecture (asyncio/asyncssh/httpx)
  • [x] 10 connectors (SSH, MikroTik REST+SSH, Aruba, Palo Alto SSH, Panorama, Graylog, LibreNMS, APIC, NDFC)
  • [x] 97 exposed MCP tools (95 connectors + 2 skills tools)
  • [x] Smart JWT cache with automatic renewal
  • [x] Persistent HTTP sessions with keepalive
  • [x] Parallel execution with timeout protection
  • [x] PTY support for Palo Alto PAN-OS
  • [x] Modern UV management (pyproject.toml + uv.lock)
  • [x] Encrypted credential management with dotenvx (AES-256-GCM)
  • [x] Panorama API integration with XML→JSON conversion
  • [x] Skills system with in-memory index, YAML frontmatter, platform/tag filtering, and fuzzy name matching
  • [x] 20 professional skills across 7 operational categories (monitoring, troubleshooting, compliance, change management, inventory, capacity, incident response)
  • [x] Enterprise Output Standards enforced in every skill (structured reports, professional tone, enterprise-ready)

Planned Enhancements

Additional Platform Support & more endpoints:

  • [ ] Add more LibreNMS endpoints (alerts, device groups, inventory)
  • [ ] Add more APIC endpoints (troubleshooting, change management)
  • [ ] Expand Aruba capabilities (RF analytics, heat maps)
  • [ ] Expand Panorama capabilities (policy push, commit operations)

Skills:

  • [ ] OSPF diagnostic skill (MikroTik / generic)
  • [ ] VPN tunnel diagnostic skill (Palo Alto)
  • [ ] WiFi client troubleshooting skill (Aruba)
  • [ ] Post-incident post-mortem report skill

License

This project is licensed under the MIT License. See the LICENSE file for complete terms and conditions.


Acknowledgments

  • FastMCP - High-performance MCP server framework
  • asyncssh - Production-grade asynchronous SSH implementation
  • httpx - Modern async HTTP client with HTTP/2 support
  • UV - Next-generation Python package manager built in Rust
  • Anthropic - Model Context Protocol specification and reference implementations

Support

For issues, questions, or contributions:


Professional network automation for enterprise environments

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured