Ops Agent¶
The Ops Agent is a multi-step orchestrator for deep network operations. It routes your request to the right specialist: Analysis for simulation, Probe for live checks, Diff for drift detection.
Feature Claims
| ID | Claim | Status |
|---|---|---|
| C-NE-20 | olav --agent ops "analyze routing" routes to the Analysis subagent |
πΆ Env-Blocked |
| C-NE-21 | olav --agent ops "check all devices" routes to the Probe subagent |
πΆ Env-Blocked |
Architecture¶
The orchestrator receives your request and delegates to the appropriate subagent:
graph TD
User["olav --agent ops '...'"] --> Orch[Ops Orchestrator]
Orch -->|routing, simulation, topology| Analysis[Analysis Agent]
Orch -->|live device checks| Probe[Probe Agent]
Orch -->|snapshot comparison| Diff[Diff Agent]
Orch -->|digital twin validation| Lab[Lab Agent]| Subagent | Specialization | Network Access |
|---|---|---|
| Analysis | Routing analysis, What-If simulation, topology visualization | None (pure computation) |
| Probe | Active liveness checks, parallel CLI execution | Yes (SSH to devices) |
| Diff | Cross-snapshot comparison, drift detection | None (DB queries) |
| Lab | ContainerLab digital twin, CAB validation | CLAB API only |
Lab documentation
Lab Agent documentation will be published after the current development cycle completes.
Routing Logic¶
The orchestrator uses intent detection to pick the right subagent:
| Your question contains... | Routes to |
|---|---|
| "simulate", "what if", "impact", "failure" | Analysis |
| "path", "route", "BGP best-path", "topology diagram" | Analysis |
| "check", "ping", "alive", "reachable", "run command on" | Probe |
| "compare", "changed", "drift", "diff", "between snapshots" | Diff |
| "deploy lab", "digital twin", "CAB", "validate change" | Lab |
For ambiguous requests, the orchestrator may ask a clarifying question or use multiple subagents in sequence.
Shared Tools¶
All Ops subagents inherit these tools from the orchestrator:
| Tool | Purpose |
|---|---|
execute_cli |
Single-device CLI execution (whitelist enforced) |
search_commands |
Find commands by platform/keyword |
take_snapshot |
On-demand collection |
diff_configs |
Raw config comparison |
record_network_event |
Append to audit trail |
Plus all core platform tools (execute_sql, format_and_export, etc.).
Each subagent also has its own specialized tools β see individual pages.
Network Isolation Policy¶
| Subagent | network_isolation |
Why |
|---|---|---|
| Analysis | True |
Pure local computation β networkx, DuckDB in-memory clone |
| Probe | False |
Must SSH to live devices |
| Diff | N/A | Only queries DuckDB, no sandbox |
| Lab | False |
Must call CLAB REST API via httpx |
Analysis runs in a fully isolated sandbox. It cannot make network calls. If it needs fresh data, it tells the orchestrator, who delegates to Probe or triggers a snapshot.