GESH AI Network Tool — AI-native network operations platform

What it is

An intelligence layer over the network you already run

GESH AI Network Tool wraps existing SSH, NAPALM, Batfish and NetBox capabilities in an AI translation layer instead of replacing them. It runs as a Flask API behind a self-contained 18-tab HTML/JS console: a plain-English request becomes vendor-correct CLI, runs live over SSH, and comes back explained in plain language.

It targets network engineers operating large Juniper / Arista estates — while shipping a 10-node FRR Docker lab so the whole platform can be demoed end-to-end with no production access. The guiding principle is the Invention Pattern: every tab is an existing capability + an AI layer + a UI surface, never a rip-and-replace.

Capabilities

Key features

Eight pillars that turn a production network and a Docker lab into one AI-driven operations surface.

How it's built

Architecture

The operator drives an 18-tab console; the Flask API on port 5757 fans requests to the on-prem-first LLM brain, the Batfish rule catalogue, the Nornir engine and the device fleet — backed by NetBox / LibreNMS / Grafana / Kibana, and reachable by Claude Code agents through the MCP servers.

◆ System Context

How operators, the dashboard, the Flask API, the on-prem LLM brain, and the FRR lab / production network relate.

flowchart TD
    op([Network Engineer]):::actor
    ui[18-tab Ops Console<br/>index.html / app.js]:::ui
    api[Flask API app.py<br/>port 5757]:::core
    llm[LLM Chain<br/>Qwen3 then Haiku]:::ai
    lab[(FRR Lab<br/>10 containers)]:::infra
    prod[(Production Net<br/>411 devices / 53 sites)]:::infra
    nb[(NetBox / LibreNMS<br/>Grafana / Kibana)]:::infra
    mcp[MCP Servers<br/>dcn + jmcp]:::ai
    op --> ui --> api
    api --> llm
    api -->|SSH / NETCONF| lab
    api -->|SSH / PKCS11| prod
    api --> nb
    mcp --> api
    classDef actor fill:#0e7490,color:#e0f2fe,stroke:#22d3ee;
    classDef ui fill:#1e3a8a,color:#dbeafe,stroke:#60a5fa;
    classDef core fill:#4c1d95,color:#ede9fe,stroke:#a78bfa;
    classDef ai fill:#312e81,color:#e0e7ff,stroke:#818cf8;
    classDef infra fill:#1f2937,color:#e5e7eb,stroke:#22d3ee;

◆ Component / Container Map

Internal modules: the Flask API tabs, the Pydantic-AI orchestrator, PyEZ collector, GAIT audit, eval harness, and the devices they reach.

flowchart TD
    ui[Ops Console UI]:::ui
    subgraph FLASK[Flask API app.py]
        ai[AI Command<br/>_llm_query]:::core
        bf[Pre-Deploy<br/>_BATFISH_RULES]:::core
        nor[Nornir Engine<br/>ThreadPoolExecutor]:::core
        mv[mv_bp blueprint<br/>26-device inv]:::core
    end
    orch[Pydantic-AI<br/>Orchestrator]:::ai
    pyez[PyEZ Collector<br/>NETCONF]:::svc
    gait[GAIT Audit<br/>JSONL]:::svc
    evalh[Eval Harness<br/>10 scenarios]:::svc
    dev[(Devices<br/>FRR / Junos / EOS)]:::infra
    ui --> ai & bf & nor & mv
    ai --> orch
    mv --> pyez
    ai --> gait
    orch --> evalh
    nor -->|SSH| dev
    pyez -->|NETCONF| dev
    classDef ui fill:#1e3a8a,color:#dbeafe,stroke:#60a5fa;
    classDef core fill:#4c1d95,color:#ede9fe,stroke:#a78bfa;
    classDef ai fill:#312e81,color:#e0e7ff,stroke:#818cf8;
    classDef svc fill:#0e7490,color:#e0f2fe,stroke:#22d3ee;
    classDef infra fill:#1f2937,color:#e5e7eb,stroke:#22d3ee;

Runtime

How it works — data flow

An AI Command request travels from the UI tab to the Flask API, through the on-prem-first LLM chain to a vendor-correct CLI, out to a live device over SSH (FRR wrapped as vtysh -c), back through the LLM for a plain-English explanation, and into the GAIT immutable audit trail.

◆ AI Command Sequence

End-to-end runtime flow of the AI Command tab: NL query to CLI to live SSH to AI explanation, with audit logging.

sequenceDiagram
    participant U as UI Tab
    participant A as Flask /api/ai-command
    participant L as LLM Chain
    participant D as Device (FRR/Junos)
    participant G as GAIT Audit
    U->>A: POST {query, hostname}
    A->>L: translate NL to CLI
    L-->>A: cli (preamble stripped)
    A->>D: SSH exec (vtysh -c for FRR)
    D-->>A: raw output
    A->>L: explain output
    L-->>A: plain-English summary
    A->>G: record action
    A-->>U: {cli, output, explanation}

◆ Nornir Task State

Lifecycle of a parallel Nornir audit, from request validation through threaded execution to per-device OK/WARN/ERROR classification and aggregation.

stateDiagram-v2
    [*] --> Received
    Received --> Validated: task + site
    Validated --> Dispatched: workers = min(req,200,n)
    Dispatched --> Running: ThreadPoolExecutor
    Running --> Classified: _classify_output
    Classified --> OK
    Classified --> WARN
    Classified --> ERROR
    OK --> Aggregated
    WARN --> Aggregated
    ERROR --> Aggregated
    Aggregated --> [*]

Built with

Tech stack

A Python / Flask core, an on-prem-first LLM chain, MCP surfaces for Claude Code, and a Docker FRR lab — with NetBox-backed visibility and YubiKey-PIV SSH in production.

Source map

Components & modules

Real modules from the repository root and their responsibilities.

Module	Responsibility

Get running

Quickstart

Commands quoted verbatim from the repository README.

Note: the README Quick Start references a legacy layout (network-lab/, demo/, 04_Scripts_Tools/DCN_Network_Tool/) that is not present in this flattened, archived root — these commands may not run as-is here. The cleaner public release is multivendor-ai-network-lab.

Lab mode — bash

# Clone and start the FRR lab + Flask API
git clone https://github.com/georgi-gaydarov/gesh-ai-network-tool.git
cd gesh-ai-network-tool
./network-lab/start_lab_tool.sh

# Open the demo UI / API directly
open http://localhost:8080/demo/index.html
open http://localhost:5757/api/devices

Production mode — bash

# Configure credentials and install deps
cp .env.example .env
pip install -r requirements.txt

# Run the Flask API on port 5757
python3 app.py

# Run the test suite
pytest tests/ -v