Configuration¶
Each agent and skill has its own config/ directory. Configuration travels with the skill — if you install or move a skill, its config goes with it.
Feature Claims
| ID | Claim | Status |
|---|---|---|
| C-NE-12 | nornir/hosts.yaml defines the device inventory for collection |
✅ v0.10.0 |
| C-NE-13 | blacklisted_commands.yaml supports regex patterns; invalid patterns are skipped with a warning |
✅ v0.10.0 |
| C-NE-14 | cron_schedules.yaml customizes the trace_learner cron schedule |
✅ v0.10.0 |
Configuration Architecture¶
.olav/config/ ← Platform (4 files only)
├── api.json # LLM keys, model config
├── api.json.example # Template
├── services.yaml # Registered API services
└── approval_rules.yaml # HITL approval rules
.olav/workspace/
├── ops/config/ ← Ops orchestrator (shared)
│ ├── blacklisted_commands.yaml # Command blacklist (all agents)
│ └── netops_settings.yaml # General NetOps settings
│
├── ops/probe/config/ ← Probe agent (SSH)
│ ├── nornir/
│ │ ├── hosts.yaml # Device inventory
│ │ ├── groups.yaml # Group credentials
│ │ ├── defaults.yaml # Global defaults
│ │ └── config.yaml # Nornir runner settings
│ └── default_commands.yaml # Commands per platform
│
├── ops/lab/config/ ← Lab agent (ContainerLab)
│ └── config.json # CLAB API URL + credentials
│
├── ops/diff/config/ ← Diff agent
│ └── diff_strategies.yaml # Comparison strategies
│
├── infra/references/ ← Infra agent (auto-generated)
│ ├── netbox_dcim_api.md # NetBox DCIM endpoints
│ ├── netbox_ipam_api.md # NetBox IPAM endpoints
│ ├── influxdb_netops_Query_api.md # InfluxDB query endpoints
│ └── ... # Generated by olav registry register
│
├── devops/references/ ← DevOps agent
│ ├── BASELINE_SCHEMA.md # Platform health baseline
│ └── OLAV_PLATFORM_HEALTH.md # Health check reference
│
└── audit/profiles/ ← Audit agent
├── bgp_health.md # BGP health check profile
└── health_full_drift.md # Full drift audit profile
Principle: Platform config in .olav/config/. Skill config in each skill's directory. No cross-skill config dependencies.
Probe Agent — SSH & Device Collection¶
nornir/hosts.yaml¶
Device inventory. One entry per device.
R1:
hostname: 192.168.100.101
platform: juniper_junos
groups:
- core_routers
R2:
hostname: 192.168.100.102
platform: cisco_ios
groups:
- core_routers
SW1:
hostname: 192.168.100.105
platform: cisco_ios
groups:
- access_switches
Supported platform values: cisco_ios, cisco_nxos, arista_eos, juniper_junos, etc. (NTC-Templates naming)
nornir/groups.yaml¶
Shared credentials per group.
core_routers:
username: admin
password: "${NORNIR_PASSWORD}"
connection_options:
netmiko:
extras:
timeout: 30
secret: "${ENABLE_SECRET}"
access_switches:
username: admin
password: "${NORNIR_PASSWORD}"
Environment variables
Use ${VAR_NAME} for sensitive values. Expanded at runtime. Never commit credentials.
default_commands.yaml¶
Commands run on every device during collection.
Lab Agent — ContainerLab¶
config.json¶
CLAB REST API connection.
{
"base_url": "http://192.168.100.12:8080",
"username": "olav",
"password": "olav123",
"mgmt_subnet": "172.20.50.0/24"
}
| Field | Description |
|---|---|
base_url |
ContainerLab REST API endpoint |
username / password |
CLAB auth (also reads CLAB_USERNAME / CLAB_PASSWORD env vars) |
mgmt_subnet |
Management network for lab containers (avoid conflicts with other labs) |
Ops Orchestrator — Shared Config¶
blacklisted_commands.yaml¶
Regex patterns that block command execution across all agents. Even whitelisted commands are rejected if they match.
Invalid patterns are skipped with a warning log.
netops_settings.yaml¶
General NetOps runtime settings.
Infra Agent — API References¶
References are auto-generated by olav registry register. Do not edit manually — re-run register to update after API schema changes.
olav registry register http://netbox:8000 # generates netbox_*_api.md
olav registry register influxdb_netops # generates influxdb_*_api.md
Each reference contains endpoint paths, parameters, and return fields in a condensed format the agent reads as static context.
DevOps Agent — Script References¶
References provide context for script generation:
| File | Purpose |
|---|---|
BASELINE_SCHEMA.md |
Database schema reference for environment discovery |
OLAV_PLATFORM_HEALTH.md |
Platform health check patterns |
Add custom references to teach the DevOps agent about your environment:
# Example: add Ansible patterns
cp my-ansible-guide.md .olav/workspace/devops/references/ansible_patterns.md
The agent loads all files in references/ as static context.
Audit Agent — Profiles¶
Profiles define reusable health checks. Created by the Designer, executed by the Auditor.
olav --agent audit-designer "Create a BGP health check profile"
# → saves to audit/profiles/bgp_health.md
olav --agent audit-auditor "Run the bgp_health audit"
# → reads profile, executes SQL, renders Markdown report
Profile format: YAML frontmatter (jobs + queries) + Markdown body (correlation prompt).
Scheduling¶
OLAV manages scheduled tasks via system crontab.
Natural Language Control¶
olav "schedule a daily snapshot at 2am"
olav "show all scheduled jobs"
olav "cancel the weekly audit"
cron_schedules.yaml¶
Declarative schedule definitions:
schedules:
snapshot:
cron: "0 2 * * *"
agent: config
instruction: "take snapshot"
trace_learner:
cron: "0 3 * * *"
agent: config
instruction: "run trace learner"
audit_weekly:
cron: "0 6 * * 1"
agent: audit
instruction: "generate weekly compliance report"
Apply all:
Platform Config (.olav/config/)¶
Platform-level config (not skill-specific):
| File | Purpose |
|---|---|
api.json |
LLM provider keys, model selection, timeouts |
services.yaml |
Registered API services (endpoints, auth, readonly flags) |
approval_rules.yaml |
HITL approval rules for dangerous operations |
api.json.example |
Template for new installations |
Never commit api.json
Contains LLM API keys and service credentials. Already in .gitignore.
Skill Structure — How Agents Are Registered¶
Workspace Directory¶
Each agent lives in .olav/workspace/<name>/ with a standard structure:
.olav/workspace/ops/ ← Agent name
├── AGENT.md # Agent declaration (name, description)
├── SKILL.md # Tools, intents, static_context, metadata
├── MANIFEST.yaml # Route keywords, version, requirements
├── prompts/
│ └── system.md # System prompt (agent behavior)
├── tools/ # Python @tool files
├── config/ # Agent-specific configuration
├── references/ # Static context files (loaded by agent)
├── analysis/ # Subagent (nested workspace)
├── probe/ # Subagent
├── diff/ # Subagent
└── lab/ # Subagent
AGENT.md¶
Declares the agent for the platform. Minimal format:
---
name: ops
description: "Network operations — troubleshooting, simulation, drift detection"
subagents:
- path: ./analysis/SKILL.md
- path: ./probe/SKILL.md
- path: ./diff/SKILL.md
- path: ./lab/SKILL.md
system_prompt_file: prompts/system.md
---
SKILL.md¶
Declares tools, metadata, and static context:
---
name: ops-analysis
description: "Pure-compute analysis engine"
metadata:
version: 1.1.0
type: agent
network_isolation: "true"
tools:
- run_python_simulation
static_context:
- path: ./references/ROUTING_EXPERT_GUIDE.md
---
tools:— List of tool names. Must match.pyfiles intools/.static_context:— Files loaded into the agent's context at startup.metadata.network_isolation— "true" for compute-only agents.
MANIFEST.yaml¶
Used by olav skill install for routing and dependency checks:
kind: Agent
name: ops
version: "0.13.0"
description: "Operations Agent"
route_keywords:
- troubleshoot
- bgp
- ospf
requires:
- olav-platform>=0.11
PLATFORM.md¶
The platform agent registry. Located at .olav/workspace/PLATFORM.md:
active:— Default agent when no--agentflag is used.agents:— List of registered agents.olav skill installadds to this list automatically.olav listreads this file.
Installing a Skill (olav-netops)¶
# From local directory
olav skill install /path/to/olav-netops/
# From Git URL
olav skill install https://github.com/james-olavai/olav-netops
The skill's workspace.yaml declares where workspace files live:
name: ops
version: "0.13.0"
source: .olav/workspace/ops # copy from this subdirectory
requires:
packages:
- nornir>=3.3.0
- nornir-netmiko>=1.0.0
After install:
1. Workspace files copied to .olav/workspace/ops/
2. Agent registered in PLATFORM.md
3. Missing packages reported as warnings
Post-Install Setup¶
# 1. Copy config templates
cp .olav/workspace/ops/lab/config/config.json.example \
.olav/workspace/ops/lab/config/config.json
# Edit with your CLAB credentials
cp .olav/workspace/ops/probe/config/nornir/hosts.yaml.example \
.olav/workspace/ops/probe/config/nornir/hosts.yaml
# Edit with your device inventory
# 2. Initialize netops
olav --agent ops "/netops_init --dry-run" # verify environment
olav --agent ops "/netops_init" # collect device data
Registering an API Service¶
This:
1. Adds service to .olav/config/services.yaml
2. Parses OpenAPI schema
3. Generates reference markdowns in infra/references/
4. Service is immediately queryable via api_request
services.yaml format¶
services:
netbox:
endpoint: http://netbox:8000
auth:
type: bearer
token_env: NETBOX_TOKEN # reads from environment variable
readonly_only: true # default: no writes allowed
reference_generation:
groups:
- tag: dcim
- tag: ipam
output_dir: .olav/workspace/infra/references
readonly_only: true— Service is read-only. Write attempts are blocked.token_env— Environment variable name (not the actual token).reference_generation— Controls which API groups get reference docs.