Probe Agent¶
The Probe Agent performs active liveness checks and parallel CLI execution across multiple devices. It is the only Ops subagent that directly accesses live network devices.
Feature Claims
| ID | Claim | Status |
|---|---|---|
| C-NE-24 | execute_cli_parallel validates commands against the whitelist before execution |
πΆ Env-Blocked |
| C-NE-25 | Device names are restricted to [a-zA-Z0-9_\-.]; invalid characters are rejected |
β¬ Pending |
When to Use¶
- "Are all core routers reachable?"
- "Run
show ip routeon every device" - "Check OSPF neighbor state across the network"
The orchestrator routes these requests to Probe because they require live SSH connections.
Tool: execute_cli_parallel¶
Runs a CLI command on multiple devices simultaneously using Nornir.
execute_cli_parallel(
command: str, # CLI command to execute
devices: list[str], # Target device names (from netops.devices)
timeout: int = 30 # Per-device timeout in seconds
)
Safety Model¶
Before any SSH connection is made, three checks are enforced:
-
Device name validation β Names must match
[a-zA-Z0-9_\-.]. This prevents injection attacks through crafted hostnames. -
Whitelist check β The command must exist in the
commandstable for the target device's platform. Commands not in the whitelist are rejected. -
Blacklist check β Even whitelisted commands are rejected if they match any pattern in
blacklisted_commands.yaml.
User request: "Run 'reload' on R1"
β Whitelist: not in commands table β REJECTED
β (even if whitelisted, blacklist regex "reload" would also reject)
Pipe Commands¶
Commands containing | (pipe) require pipe_allowed = true in the commands table entry. This prevents accidental shell injection through piped output.
Example Usage¶
Via the Ops orchestrator:
The orchestrator delegates to Probe, which:
- Queries
netops.devicesfor all device names - Runs
show ip bgp summaryon each device in parallel - Returns aggregated results with per-device status