Which integrations are available for this server?

Provides tools for managing Cisco ACI data center fabrics (APIC) and Cisco NDFC (Nexus Dashboard Fabric Controller), including fabric health, tenants, EPGs, VRFs, contracts, topology, analytics, and events. Provides tools for centralized log search with time filters and streaming, including searching logs, listing streams, and system overview. Provides tools for managing MikroTik routers and switches via REST API and SSH, including interfaces, BGP, routing, system health, and custom commands.

How do I use Network AI Assistant?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Network AI Assistant Show me the health of all Cisco APIC tenants" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Network AI Assistant

by angoran

Overview Schema Related Servers Score Discussions

Python

Remote

Network AI Assistant

Python 3.12+ FastMCP Async

Asynchronous MCP (Model Context Protocol) server for unified multi-platform network infrastructure management.

Expose network devices, WiFi controllers, monitoring systems, and data centers through a unified API accessible by Claude Desktop, Warp AI, and any MCP-compatible client.

Key Features

100% Asynchronous Architecture

Async/await engine: All I/O operations leverage asyncio, asyncssh, and httpx for optimal performance
Parallel execution: Native support for multi-device operations with timeout protection
Persistent sessions: Reusable HTTP connections with keepalive to minimize latency
Smart JWT caching: Thread-safe authentication token management with automatic renewal

10 Specialized Connectors

Connector	Type	MCP Tools	Description
Generic SSH	SSH	2	Universal CLI access to any SSH device (Cisco, Juniper, Arista, Linux, etc.)
MikroTik REST	REST API	9	Complete management via REST API (interfaces, BGP, routing, system health)
MikroTik SSH	SSH	2	Specific commands unavailable in REST (route check, custom commands)
Palo Alto SSH	SSH PTY	2	PAN-OS firewalls with PTY interactive sessions (VPN, routing, system)
Palo Alto Panorama	REST API	16	Panorama centralized management (devices, device-groups, security rules, compliance, audit)
Aruba WiFi	REST API	9	WiFi controller (APs, clients, rogues, RF, WLANs, statistics)
Graylog	REST API	3	Centralized log search with time filters and streaming
LibreNMS	REST API	10	Network monitoring (inventory, health, ports, sensors, events)
Cisco APIC (ACI)	REST API	28	ACI data center (fabric, tenants, EPGs, VRFs, contracts, topology, analytics)
Cisco NDFC	REST API	14	Nexus Dashboard Fabric Controller (fabrics, switches, networks, VRFs, events)

Total: 97 MCP tools (95 connectors + 2 skills tools)

Installation

Prerequisites

Python 3.12 or higher
UV package manager
dotenvx for encrypted credentials (brew install dotenvx/brew/dotenvx)
Network access to target devices/APIs
MCP client (Claude Desktop, Warp AI, etc.)

Install with UV

# Clone the repository
git clone https://github.com/angoran/git-netai.git
cd git-netai

# Sync dependencies (UV automatically creates virtual environment)
uv sync

# Verify installation
uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

Configuration

Environment Variables

Create a .env file at project root with the following variables:

# Generic SSH
SSH_USERNAME="admin"
SSH_PASSWORD="your_password"

# MikroTik REST API
MIKROTIK_USERNAME="api_user"
MIKROTIK_PASSWORD="api_password"
MIKROTIK_PORT="443"

# MikroTik SSH (if different from REST)
MIKROTIK_SSH_USERNAME="ssh_user"
MIKROTIK_SSH_PASSWORD="ssh_password"
MIKROTIK_SSH_PORT="22"

# Palo Alto Firewalls
PALOALTO_SSH_USERNAME="admin"
PALOALTO_SSH_PASSWORD="firewall_password"

# Aruba WiFi Controller
ARUBA_IP="10.x.x.x"
ARUBA_USERNAME="admin"
ARUBA_PASSWORD="aruba_password"

# Graylog
GRAYLOG_API_URL="https://graylog.example.com"
GRAYLOG_USERNAME="graylog_user"
GRAYLOG_PASSWORD="graylog_password"

# LibreNMS
LIBRENMS_URL="https://librenms.example.com"
LIBRENMS_API_TOKEN="your_api_token_here"

# Cisco APIC (ACI)
APIC_HOST="https://apic.example.com"
APIC_USERNAME="apic_user"
APIC_PASSWORD="apic_password"
APIC_VERIFY_SSL="false"
APIC_TIMEOUT="30"
APIC_TOKEN_CACHE_DURATION="3540"

# Cisco NDFC
NDFC_HOST="https://ndfc.example.com"
NDFC_USER="ndfc_user"
NDFC_PASSWORD="ndfc_password"
NDFC_DOMAIN="DefaultAuth"
NDFC_VERIFY_SSL="false"
NDFC_TIMEOUT="30"

# Palo Alto Panorama
PANORAMA_URL="https://panorama.example.com/api"
PANORAMA_USERNAME="panorama_user"
PANORAMA_PASSWORD="panorama_password"
PANORAMA_TIMEOUT="30"

Security Note: Credentials are stored encrypted using dotenvx. The .env file contains AES-256-GCM encrypted values. The private key is stored in .env.keys (excluded from version control). Never commit .env.keys to the repository.

Encrypting Credentials

After filling in your .env file, encrypt it with dotenvx:

# Encrypt all values in .env (generates .env.keys with the private key)
dotenvx encrypt

# Verify decryption works correctly
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

Keep .env.keys secure and distribute it to other users via a secure channel (password manager, secrets vault). The encrypted .env can be safely shared or committed to version control.

MCP Client Configuration

Claude Desktop

Configuration file locations:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": [
        "run",
        "--env-file", "/absolute/path/to/netai/.env",
        "--",
        "uv",
        "--directory", "/absolute/path/to/netai",
        "run",
        "python",
        "server.py"
      ],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      }
    }
  }
}

Warp AI

Configuration file: ~/.warp/mcp_config.json

{
  "mcpServers": {
    "netai-o": {
      "command": "dotenvx",
      "args": ["run", "--", "uv", "run", "python", "server.py"],
      "env": {
        "DOTENV_PRIVATE_KEY": "<your-private-key-from-.env.keys>"
      },
      "working_directory": "/absolute/path/to/netai"
    }
  }
}

Usage

Starting the Server

# Launch MCP server in stdio mode (with encrypted .env decryption)
dotenvx run -- uv run python server.py

The server exposes all MCP tools via stdio protocol. MCP clients (Claude Desktop, Warp) launch the server automatically based on their configuration files.

Example Commands

The following examples demonstrate natural language commands that can be used with Claude Desktop or Warp AI:

Generic SSH Operations

Execute "show version" on device 192.168.1.1
Run "show ip route" on devices 192.168.1.1 and 192.168.1.2 in parallel

MikroTik Management

Show BGP sessions on MikroTik router 10.0.0.1
Check route to 8.8.8.8 on MikroTik 10.0.0.1 via SSH
Display interface statistics for 10.0.0.1

Palo Alto Firewall Operations

Show VPN status on Palo Alto firewall 10.240.203.241
Execute "show system info" on firewalls 10.240.203.241 and 10.240.203.242 in parallel
Display routing table on firewall 10.240.203.241

Aruba WiFi Controller

List all access points on Aruba controller
Show connected WiFi clients
Detect rogue access points
Display RF channel utilization
Show WLAN configuration

Graylog Log Management

Search for "authentication failure" in logs from the last 2 hours
List available Graylog streams
Show system overview and statistics

LibreNMS Network Monitoring

Show all monitored MikroTik devices
Display health metrics for device router-core-01
List all ports on switch-distro-01
Show temperature sensors for all devices
Retrieve event logs for the last 24 hours

Cisco APIC (ACI Data Center)

Show overall ACI fabric health
List all APIC tenants
Search for endpoint with IP address 10.1.1.50
Analyze connectivity between EPG web and EPG database
Show top talkers in Production tenant
Display fabric topology
List all contracts in tenant Production

Cisco NDFC

List all NDFC fabrics
Show switches in fabric DC1
Get critical events from the last 24 hours
Show interface details for switch with serial FDO23460MQC
Display VRFs in fabric DC1
Show network deployment status

Palo Alto Panorama

Show Panorama system information
List all managed firewalls
Show device groups and their members
Analyze security rules quality for device-group Production
Find rules without security profile in device-group DMZ
Check version compliance across all firewalls
Show configuration audit logs
Find duplicate address objects
Show pending configuration changes

Skills (Guided Workflows)

The recommended way to invoke a skill is to explicitly instruct the agent to load and follow it:

Load and execute the skill "infrastructure-health-check".
Follow every step of the procedure in order and produce a structured report.

Use skills_list to find the most appropriate skill, then load it with skills_load
and execute it step by step.
Task: BGP sessions on router 10.0.0.1 are flapping since this morning.

# Discovery and filtering
List all available skills
List skills for platform ACI
List skills tagged with "change-management"

# Monitoring and NOC
Run an infrastructure health check across all platforms
Perform a WiFi health monitoring report on the Aruba controller
Do a deep dive on device router-wan-01

# Troubleshooting
Diagnose BGP on MikroTik router 10.0.0.1
Track endpoint with IP 10.1.2.50 in the ACI fabric
Run a full ACI fabric health diagnostic
Check connectivity between device A and device B

# Compliance and Audit
Run a Panorama security audit on device-group Production
Check software version compliance and certificate expiry across all firewalls
Audit the ACI configuration for tenant Prod

# Change Management
Perform a pre-check before the maintenance window for change CHG0012345
Validate the post-change state and compare with the pre-check baseline
Detect any unauthorized configuration changes in the last 48 hours

# Inventory and Capacity
Generate a consolidated multi-vendor inventory
Map the physical network topology using LLDP discovery
Produce a capacity planning report for the infrastructure

# Incident Response
Correlate events and logs to identify the root cause of the incident
reported at 14:30 UTC — application servers cannot reach the database

Skills are step-by-step operational procedures in Markdown. The LLM calls skills_list() to discover available procedures filtered by platform or tag, then skills_load() to retrieve the full procedure and follow it by calling the referenced MCP tools in sequence. Each skill includes a Decision Matrix, Output Standards for enterprise-grade reporting, and a Notes section with operational best practices.

Technical Architecture

Project Structure

git-netai/
├── server.py                    # MCP entry point (FastMCP stdio transport)
├── skills_engine.py             # Skills index + loader (in-memory, YAML frontmatter)
├── connectors/                  # Asynchronous connector modules
│   ├── ssh_c.py                # Generic SSH connector (asyncssh)
│   ├── mikrotik_c.py           # MikroTik REST API connector (httpx)
│   ├── mikrotik_ssh_c.py       # MikroTik SSH connector (asyncssh)
│   ├── paloalto_c.py           # Palo Alto SSH PTY connector (asyncssh)
│   ├── panorama_c.py           # Palo Alto Panorama REST API connector (httpx + XML→JSON)
│   ├── aruba_c.py              # Aruba WiFi REST API connector (httpx)
│   ├── graylog_c.py            # Graylog REST API connector (httpx)
│   ├── librenms_c.py           # LibreNMS REST API connector (httpx)
│   ├── apic_c.py               # Cisco APIC REST API connector (httpx + JWT cache)
│   └── ndfc_c.py               # Cisco NDFC REST API connector (httpx + JWT cache)
├── skills/                      # Diagnostic skills (Markdown procedures with YAML frontmatter)
│   ├── TEMPLATE.md                          # Template and frontmatter reference for new skills
│   ├── bgp-diagnostic-mikrotik.md           # BGP session diagnostic on MikroTik
│   ├── connectivity-check.md                # End-to-end connectivity check
│   ├── multicast-diagnostic-aci.md          # ACI multicast diagnostic
│   ├── infrastructure-health-check.md       # Multi-platform health overview (NOC/shift handover)
│   ├── wifi-health-monitoring.md            # Aruba WiFi fleet health and RF audit
│   ├── device-deep-dive.md                  # Deep investigation of a single device (LibreNMS)
│   ├── aci-endpoint-tracking.md             # Locate and diagnose an endpoint in ACI
│   ├── aci-fabric-health-diagnostic.md      # ACI fabric degradation investigation
│   ├── aci-configuration-audit.md           # ACI logical config consistency audit
│   ├── aci-traffic-analysis.md              # ACI top talkers and interface utilization
│   ├── panorama-security-audit.md           # Firewall security rules quality audit
│   ├── compliance-versions-certificates.md  # Software versions and certificate expiry check
│   ├── change-pre-check.md                  # Baseline capture before a planned change
│   ├── change-post-check.md                 # Regression validation after a change
│   ├── configuration-drift-detection.md     # Unauthorized change detection (multi-source)
│   ├── multi-vendor-inventory.md            # Consolidated inventory across all platforms
│   ├── network-topology-mapping.md          # LLDP-based physical topology discovery
│   ├── ndfc-deployment-validation.md        # NDFC network/VRF deployment validation
│   ├── incident-root-cause-correlation.md   # Multi-source incident correlation and timeline
│   └── capacity-planning-report.md          # Infrastructure capacity assessment
├── pyproject.toml              # UV project configuration and dependencies
├── uv.lock                     # UV dependency lockfile
├── .env                        # Environment variables (not version controlled)
├── .gitignore                  # Git ignore rules
└── README.md                   # Project documentation

Skills System

Skills are step-by-step diagnostic and operational procedures stored as Markdown files in skills/*.md. Each file carries a YAML frontmatter header (title, platform, tags, required tools) parsed into an in-memory index at server startup. Two dedicated MCP tools expose the system.

How it works:

The LLM calls skills_list() to discover available skills — returns metadata only (name, title, platform, tags, description, required tools), never content
Optional filters: skills_list(platform="mikrotik") or skills_list(tag="bgp")
The LLM calls skills_load("bgp-diagnostic-mikrotik") to retrieve the full procedure — partial and case-insensitive name matching supported; both skill_name and name parameters are accepted
The Markdown content describes each step: which MCP tool to call, expected results, and decision logic
The LLM follows the procedure autonomously, calling the referenced tools in sequence
Each skill enforces Output Standards: structured sections, professional tone, enterprise-ready reports suitable for incident tickets, audit documents, or management briefings

Creating a new skill:

Copy skills/TEMPLATE.md to skills/{subject}-{platform}.md
Fill in the YAML frontmatter (title, platform, tags, tools, description)
Write the procedure steps referencing existing MCP tools
Call skills_list(reload=True) to refresh the index — no server restart needed

Frontmatter schema (required in every skill file):

---
title: BGP Diagnostic on MikroTik
platform: mikrotik  # mikrotik | aruba | aci | graylog | librenms | paloalto | panorama | generic
tags: [bgp, routing, peering, sessions]
tools: [get_mikrotik_bgp_sessions, get_mikrotik_bgp_connections]
description: One-sentence description of what this skill diagnoses.
---

Available skills (20):

Skill	Platform	Category	Description
`bgp-diagnostic-mikrotik`	mikrotik	Troubleshooting	BGP session diagnostic (sessions, config, routes, logs)
`connectivity-check`	generic	Troubleshooting	End-to-end connectivity verification across devices
`multicast-diagnostic-aci`	aci	Troubleshooting	ACI fabric multicast diagnostic (GIPo, bridge domains, IGMP)
`infrastructure-health-check`	generic	Monitoring	Multi-platform health overview for NOC/shift handover
`wifi-health-monitoring`	aruba	Monitoring	WiFi fleet health: APs, clients, RF channels, rogue APs
`device-deep-dive`	librenms	Monitoring	Full investigation of a single device (sensors, interfaces, logs)
`aci-endpoint-tracking`	aci	Troubleshooting	Locate an endpoint in ACI fabric and diagnose connectivity
`aci-fabric-health-diagnostic`	aci	Troubleshooting	ACI fabric degradation: faults, nodes, topology, resources
`panorama-security-audit`	panorama	Compliance	Firewall security rules quality: profiles, unused rules, overrides
`compliance-versions-certificates`	panorama	Compliance	Software version matrix and certificate expiry across fleet
`aci-configuration-audit`	aci	Compliance	ACI logical config consistency: tenants, VRFs, EPGs, contracts
`change-pre-check`	generic	Change Management	Baseline capture before a planned maintenance change
`change-post-check`	generic	Change Management	Regression validation by comparison with pre-check baseline
`configuration-drift-detection`	generic	Change Management	Unauthorized change detection across Panorama, ACI, and logs
`multi-vendor-inventory`	generic	Inventory	Consolidated inventory across all platforms (CMDB-ready)
`network-topology-mapping`	generic	Inventory	LLDP-based physical topology discovery and documentation
`aci-traffic-analysis`	aci	Capacity	ACI top talkers, interface utilization, and TCAM capacity
`ndfc-deployment-validation`	generic	Automation	NDFC network/VRF deployment status and configuration preview
`incident-root-cause-correlation`	generic	Incident Response	Multi-source timeline correlation to identify root cause
`capacity-planning-report`	generic	Capacity	Infrastructure capacity assessment across all domains

Asynchronous Design Patterns

1. Persistent HTTP Sessions

REST API connectors (Aruba, Graylog, LibreNMS) use persistent HTTP connections to minimize connection overhead:

async with httpx.AsyncClient(timeout=30) as client:
    response = await client.get(url, headers=headers)
    # HTTP session is automatically reused for subsequent requests

2. Thread-Safe JWT Token Caching

APIC and NDFC connectors implement thread-safe JWT token caching with automatic renewal:

_token_cache = {"token": None, "expires_at": 0, "lock": asyncio.Lock()}

async def _get_token():
    async with _token_cache["lock"]:
        if time.time() < _token_cache["expires_at"]:
            return _token_cache["token"]
        # Automatic token renewal when expired
        return await _authenticate()

Key features:

Async lock prevents concurrent authentication requests
Configurable token expiration with safety margin
Automatic renewal on 401 responses
Zero-downtime token refresh

3. Parallel Execution with Timeout Protection

SSH connectors support parallel command execution across multiple devices:

async def send_custom_command_parallel(targets: List[Dict], timeout: int = 120):
    tasks = [execute_single(target) for target in targets]
    results = await asyncio.wait_for(
        asyncio.gather(*tasks, return_exceptions=True),
        timeout=timeout
    )
    return results

Benefits:

Concurrent execution across multiple devices
Global timeout prevents indefinite hangs
Exception handling per device
Results aggregated in single response

4. PTY Interactive Sessions

Palo Alto PAN-OS requires PTY (pseudo-terminal) interactive sessions due to non-standard SSH implementation:

async with asyncssh.connect(ip, ...) as conn:
    async with conn.create_process(term_type='vt100') as process:
        await process.stdin.write(command + '\n')
        output = await process.stdout.read()

Why PTY is required:

PAN-OS CLI expects interactive terminal
Standard SSH exec channels are rejected
Terminal emulation (vt100) required for proper output formatting

5. Encrypted Credential Injection (dotenvx)

Credentials are never stored in plain text. dotenvx intercepts the process launch, decrypts the .env file (AES-256-GCM), and injects the variables into the process environment before Python starts. The application code reads os.getenv() as usual — no change required in the connectors.

dotenvx run -- uv run python server.py
    │
    ├─ reads .env (AES-256-GCM ciphertext)
    ├─ reads DOTENV_PRIVATE_KEY (from .env.keys or env field in MCP config)
    ├─ decrypts → injects into os.environ
    └─ spawns Python process
         └─ connectors read os.getenv("APIC_PASSWORD") → plaintext value

Key properties:

The encrypted .env can be committed to version control — ciphertext only
The private key (.env.keys) is the only secret to protect and distribute
dotenvx is external to UV — installed once per machine via Homebrew or install script
If DOTENV_PRIVATE_KEY is missing or invalid, dotenvx logs a warning but does not block startup — connectors will fail at first network call with a None credential error

Key Dependencies

Library	Version	Purpose
fastmcp	2.13+	MCP server framework with stdio transport
asyncssh	2.21+	Asynchronous SSH client (RFC-compliant + PTY support)
httpx	0.28+	Async HTTP client with connection pooling
mcp[cli]	1.23+	MCP protocol implementation and CLI tools
dotenvx (external)	1.54+	Encrypted `.env` management — installed via Homebrew, not UV

Testing

Quick Verification

# Verify MCP server loads correctly (with encrypted .env)
dotenvx run -- uv run python -c "from server import mcp; print(f'{mcp.name} operational')"

# Test SSH connector
uv run python -c "
import asyncio
from connectors.ssh_c import send_custom_command
result = asyncio.run(send_custom_command('192.168.1.1', 'show version'))
print(result)
"

# Test REST API connector (LibreNMS)
uv run python -c "
import asyncio
from connectors.librenms_c import list_devices
result = asyncio.run(list_devices())
print(result)
"

Response Format

All connector functions return a standardized dictionary structure:

{
    "success": bool,           # True if operation completed successfully
    "output": dict|str|list,   # Response data (structure varies by connector)
    "error": str               # Error message if success is False
}

Success response example:

{
    "success": True,
    "output": {"hostname": "router-01", "version": "7.14.1"},
    "error": None
}

Error response example:

{
    "success": False,
    "output": None,
    "error": "Connection timeout after 30 seconds"
}

Security Considerations

Development vs Production

Aspect	Development Environment	Production Environment
Credentials	Local `.env` file	Secrets manager (HashiCorp Vault, AWS Secrets Manager, 1Password CLI)
SSL Verification	`VERIFY_SSL=false` (lab devices with self-signed certificates)	`VERIFY_SSL=true` with valid certificate chain
SSH Known Hosts	Disabled (`known_hosts=None`) for rapid prototyping	Strict validation with maintained `known_hosts` file
Account Permissions	Admin accounts for full access	Service accounts with minimal required privileges (least privilege principle)
Logging	Debug logging enabled for troubleshooting	Session logs disabled to prevent credential exposure
Network Access	Direct device access	Restricted access via bastion host/jump server with firewall rules

Production Credential Management

Example using 1Password CLI for secure credential injection:

# Launch server — dotenvx decrypts .env at startup using the private key
dotenvx run -- uv run python server.py

# Alternative: inject private key from a secrets manager (1Password, Vault, etc.)
export DOTENV_PRIVATE_KEY=$(op read "op://Production/netai/dotenv-private-key")
dotenvx run -- uv run python server.py

Audit and Compliance

For production deployments:

Enable audit logging for all MCP tool invocations
Implement role-based access control (RBAC) at MCP client level
Rotate service account credentials regularly (90-day maximum)
Monitor for suspicious command patterns or unauthorized access attempts
Maintain audit trail of all configuration changes

Troubleshooting

Common Issues and Solutions

Issue	Diagnosis	Solution
SSH authentication failure	Incorrect credentials or account locked	Verify `SSH_USERNAME` and `SSH_PASSWORD` in `.env`. Test manually: `ssh user@host`. Check account status on target device.
Connection timeout	Network unreachable or firewall blocking	Verify connectivity: `ping <host>`, `telnet <host> <port>`. Check firewall rules and routing. Increase timeout values in `.env`.
SSL/TLS certificate error	Self-signed certificate or untrusted CA	Development: Set `VERIFY_SSL=false`. Production: Install proper CA certificates or use `certifi` bundle.
JWT token expired (APIC/NDFC)	Token lifetime exceeded	Token renewal is automatic. If persistent, verify credentials and check APIC/NDFC authentication logs.
MCP server fails to start	Missing dependencies or Python version mismatch	Check `uv --version` and `python --version` (must be 3.12+). Re-run `uv sync` to reinstall dependencies.
Palo Alto session timeout	PAN-OS aggressive session timeout	Increase `timeout` parameter in tool calls. Consider implementing keepalive packets.
LibreNMS API 401 error	Invalid or expired API token	Regenerate API token in LibreNMS web interface under user settings. Update `LIBRENMS_API_TOKEN` in `.env`.
APIC/NDFC 403 forbidden	Insufficient account permissions	Verify account has required role assignments (admin or fabric-admin for full access).

Enabling Debug Logging

Add the following to server.py for detailed logging output:

import logging
logging.basicConfig(
    level=logging.DEBUG,
    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)

For production environments, configure logging to external syslog or SIEM:

import logging
from logging.handlers import SysLogHandler

handler = SysLogHandler(address=('syslog.example.com', 514))
logging.basicConfig(handlers=[handler], level=logging.INFO)

Roadmap

Current Implementation

100% asynchronous architecture (asyncio/asyncssh/httpx)
10 connectors (SSH, MikroTik REST+SSH, Aruba, Palo Alto SSH, Panorama, Graylog, LibreNMS, APIC, NDFC)
97 exposed MCP tools (95 connectors + 2 skills tools)
Smart JWT cache with automatic renewal
Persistent HTTP sessions with keepalive
Parallel execution with timeout protection
PTY support for Palo Alto PAN-OS
Modern UV management (pyproject.toml + uv.lock)
Encrypted credential management with dotenvx (AES-256-GCM)
Panorama API integration with XML→JSON conversion
Skills system with in-memory index, YAML frontmatter, platform/tag filtering, and fuzzy name matching
20 professional skills across 7 operational categories (monitoring, troubleshooting, compliance, change management, inventory, capacity, incident response)
Enterprise Output Standards enforced in every skill (structured reports, professional tone, enterprise-ready)

Planned Enhancements

Additional Platform Support & more endpoints:

Add more LibreNMS endpoints (alerts, device groups, inventory)
Add more APIC endpoints (troubleshooting, change management)
Expand Aruba capabilities (RF analytics, heat maps)
Expand Panorama capabilities (policy push, commit operations)

Skills:

OSPF diagnostic skill (MikroTik / generic)
VPN tunnel diagnostic skill (Palo Alto)
WiFi client troubleshooting skill (Aruba)
Post-incident post-mortem report skill

License

This project is licensed under the MIT License. See the LICENSE file for complete terms and conditions.

Acknowledgments

FastMCP - High-performance MCP server framework
asyncssh - Production-grade asynchronous SSH implementation
httpx - Modern async HTTP client with HTTP/2 support
UV - Next-generation Python package manager built in Rust
Anthropic - Model Context Protocol specification and reference implementations

Support

For issues, questions, or contributions:

Issue Tracker: GitHub Issues
Discussions: GitHub Discussions

Professional network automation for enterprise environments

This server cannot be installed

license - not found

quality - not tested

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/angoran/git-netai'

If you have feedback or need assistance with the MCP directory API, please join our Discord server