ciscollm-cli 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +242 -242
- package/dist/cli/commands/dashboardCommand.d.ts +1 -0
- package/dist/cli/commands/dashboardCommand.js +16 -0
- package/dist/cli/commands/dashboardCommand.js.map +1 -0
- package/dist/cli/commands/monitorCommand.d.ts +4 -0
- package/dist/cli/commands/monitorCommand.js +132 -0
- package/dist/cli/commands/monitorCommand.js.map +1 -0
- package/dist/cli/commands/runCommand.d.ts +6 -0
- package/dist/cli/commands/runCommand.js +635 -0
- package/dist/cli/commands/runCommand.js.map +1 -0
- package/dist/cli/commands/serverCommand.d.ts +1 -0
- package/dist/cli/commands/serverCommand.js +11 -0
- package/dist/cli/commands/serverCommand.js.map +1 -0
- package/dist/cli/commands/shellCommand.d.ts +1 -0
- package/dist/cli/commands/shellCommand.js +44 -0
- package/dist/cli/commands/shellCommand.js.map +1 -0
- package/dist/core/agent/AgentLoop.d.ts +0 -4
- package/dist/core/agent/AgentLoop.js +1 -158
- package/dist/core/agent/AgentLoop.js.map +1 -1
- package/dist/core/agent/AutoHealer.d.ts +12 -0
- package/dist/core/agent/AutoHealer.js +129 -26
- package/dist/core/agent/AutoHealer.js.map +1 -1
- package/dist/core/agent/HierarchicalAgentManager.d.ts +1 -1
- package/dist/core/agent/HierarchicalAgentManager.js +21 -5
- package/dist/core/agent/HierarchicalAgentManager.js.map +1 -1
- package/dist/core/agent/PromptEngine.js +33 -68
- package/dist/core/agent/PromptEngine.js.map +1 -1
- package/dist/core/guardrails/AuditLogger.js +4 -4
- package/dist/core/guardrails/CommandFirewall.js +15 -0
- package/dist/core/guardrails/CommandFirewall.js.map +1 -1
- package/dist/index.js +24 -903
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/llm/LLMClient.js +102 -4
- package/dist/infrastructure/llm/LLMClient.js.map +1 -1
- package/dist/infrastructure/llm/ToolDefinitions.d.ts +0 -136
- package/dist/infrastructure/llm/ToolDefinitions.js +0 -102
- package/dist/infrastructure/llm/ToolDefinitions.js.map +1 -1
- package/dist/infrastructure/protocols/PlinkSerial.js +1 -1
- package/dist/infrastructure/protocols/PlinkSerial.js.map +1 -1
- package/dist/server/dashboard.js +1033 -1033
- package/dist/server/index.js +8 -8
- package/dist/server/shell-simulator.d.ts +28 -1
- package/dist/server/shell-simulator.js +599 -73
- package/dist/server/shell-simulator.js.map +1 -1
- package/dist/server/ssh.js +20 -20
- package/package.json +54 -54
package/LICENSE
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
MIT License
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2026 ThemeHackers
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
-
in the Software without restriction, including without limitation the rights
|
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
-
furnished to do so, subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in all
|
|
13
|
-
copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
-
SOFTWARE.
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 ThemeHackers
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
CHANGED
|
@@ -1,242 +1,242 @@
|
|
|
1
|
-
# ciscollm-cli
|
|
2
|
-
|
|
3
|
-
`ciscollm-cli` is an autonomous Cisco IOS automation agent CLI powered by LLM tool-calling. It allows network engineers to configure, troubleshoot, monitor, and simulate Cisco hardware safely and efficiently with strict enterprise safety guardrails and closed-loop auto-healing capabilities.
|
|
4
|
-
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## 🚀 Core Capabilities
|
|
8
|
-
|
|
9
|
-
1. **Intelligent Cisco Automation Swarm**
|
|
10
|
-
* Multi-agent coordination with role-based routing (Core, Distribution, Access).
|
|
11
|
-
* Supports both local models (Ollama, LM Studio) and cloud endpoints (OpenRouter).
|
|
12
|
-
|
|
13
|
-
2. **Enterprise-Grade Safety Guardrails & Custom Playbook**
|
|
14
|
-
* **Command Firewall**: Intercepts high-risk commands (e.g., disabling AAA, removing access groups, shutting management interfaces) and automatically **normalizes Cisco IOS command abbreviations** (e.g. `shut` -> `shutdown`, `no ip add` -> `no ip address`) to prevent firewall bypasses.
|
|
15
|
-
* **Custom Playbook (`.ciscollm-guard.yaml`)**: Custom block lists, protected interfaces, and confirmation rules loaded dynamically from your project directory.
|
|
16
|
-
* **Dry-Run Validation**: Analyzes network topology beforehand to prevent accidental disruptions.
|
|
17
|
-
* **Strict Command Reference**: Restricts execution to valid Cisco IOS command sets indexed from `cf_command_ref.pdf`.
|
|
18
|
-
|
|
19
|
-
3. **Closed-Loop Auto-Healing (AIOps)**
|
|
20
|
-
* Real-time monitoring of syslog notification events (interface state transitions, OSPF adjacency status changes).
|
|
21
|
-
* Autonomous diagnosis, remediation planning, validation, and rollback via an AI-driven OODA loop.
|
|
22
|
-
* **Livelock Prevention (Cooldown)**: Implements sliding-window rate-limiting (maximum 3 healing events within 10 minutes) that triggers a 15-minute cooldown period to protect devices from flapping interface infinite loops.
|
|
23
|
-
|
|
24
|
-
4. **Atomic Transactions & Recovery**
|
|
25
|
-
* **Atomic Replace**: Backs up configuration to flash and uses `configure replace` to restore state on failures. Includes a **pre-flight flash space check** to ensure enough storage exists before performing backups.
|
|
26
|
-
* **Command Inversion Fallback**: Generates reverse commands (e.g., `shutdown` -> `no shutdown`) to recover state if flash storage is unavailable.
|
|
27
|
-
|
|
28
|
-
5. **Live Visualization & Audits**
|
|
29
|
-
* **Visual Control Dashboard**: A real-time SPA showing network topology maps, agent thinking logs, configuration diffs, and manual rollbacks.
|
|
30
|
-
* **State Diff Engine**: Displays colorized differences (green/red/yellow) in routing tables, VLANs, and interfaces.
|
|
31
|
-
* **Enterprise Audit Log**: Local, structured audit logging (`audit.log` & `healing-audit.log`) for compliance.
|
|
32
|
-
|
|
33
|
-
6. **Multi-Protocol Simulation & Adapters**
|
|
34
|
-
* Adapters for Serial (Plink), SSH, Telnet, NETCONF XML, and Cisco Modeling Labs (CML).
|
|
35
|
-
* Stateful mock IOS simulator server and local interactive shell (`ciscollm shell`).
|
|
36
|
-
|
|
37
|
-
---
|
|
38
|
-
|
|
39
|
-
## 📦 Quick Start
|
|
40
|
-
|
|
41
|
-
### Installation
|
|
42
|
-
Install the global executable via `npm`:
|
|
43
|
-
```bash
|
|
44
|
-
npm install -g ciscollm-cli
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
### Starting the Simulator Server (For Sandbox Testing)
|
|
48
|
-
Start the multi-protocol test server (SSH, Telnet, NETCONF, and Mock LLM endpoint):
|
|
49
|
-
```bash
|
|
50
|
-
ciscollm server --ssh-port 2222 --telnet-port 2323 --http-port 11434
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
### Launching the Agent
|
|
54
|
-
Run the interactive setup wizard to configure the agent target and goals:
|
|
55
|
-
```bash
|
|
56
|
-
ciscollm run
|
|
57
|
-
```
|
|
58
|
-
|
|
59
|
-
### Launching the Stateful Mock Cisco IOS Shell
|
|
60
|
-
Launch the mock CLI simulator shell directly:
|
|
61
|
-
```bash
|
|
62
|
-
ciscollm shell
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
### Starting the Visual Control Dashboard
|
|
66
|
-
Start the visual dashboard standalone:
|
|
67
|
-
```bash
|
|
68
|
-
ciscollm dashboard --port 3000
|
|
69
|
-
```
|
|
70
|
-
|
|
71
|
-
---
|
|
72
|
-
|
|
73
|
-
## 🛠️ CLI Usage & Options
|
|
74
|
-
|
|
75
|
-
### 1. `ciscollm run [options]`
|
|
76
|
-
Execute configuration or optimization tasks on target hardware.
|
|
77
|
-
|
|
78
|
-
| Option / Flag | Description | Default |
|
|
79
|
-
|---|---|---|
|
|
80
|
-
| `-g, --goal <intent>` | Configuration goal. Omit to launch the Interactive Setup Wizard. | - |
|
|
81
|
-
| `--protocol <type>` | Connection protocol (`serial`, `ssh`, `telnet`, `netconf`, `cml`). | `serial` |
|
|
82
|
-
| `--provider <type>` | LLM provider mode (`local`, `cloud`). | `local` |
|
|
83
|
-
| `--local-type <type>` | Local LLM service flavor (`ollama`, `lmstudio`). | `ollama` |
|
|
84
|
-
| `--model <name>` | LLM model name. | - |
|
|
85
|
-
| `--endpoint <url>` | LLM API server endpoint. | - |
|
|
86
|
-
| `--api-key <key>` | Cloud provider (OpenRouter) API key. | - |
|
|
87
|
-
| `-c, --com <ports>` | COM Port(s), comma-separated (e.g., `COM3,COM4`). | - |
|
|
88
|
-
| `-b, --baud <rate>` | Serial transmission baud rate constraint. | `9600` |
|
|
89
|
-
| `--host <address>` | Target IP / hostnames, comma-separated. | - |
|
|
90
|
-
| `--port <port>` | Target connection port. | - |
|
|
91
|
-
| `-u, --username <name>` | Login username. | - |
|
|
92
|
-
| `-p, --password <pass>` | Login password. | - |
|
|
93
|
-
| `--env-password` | Read device password from `$CISCOLLM_PASS` environment variable. | `false` |
|
|
94
|
-
| `--private-key <path>` | SSH private key file path. | - |
|
|
95
|
-
| `--passphrase <passphrase>`| Passphrase for the SSH private key file. | - |
|
|
96
|
-
| `--netconf-ready-timeout <ms>` | NETCONF SSH connection ready timeout. | - |
|
|
97
|
-
| `--netconf-hello-timeout <ms>` | NETCONF hello exchange timeout. | - |
|
|
98
|
-
| `--netconf-rpc-timeout <ms>` | NETCONF RPC invocation timeout. | - |
|
|
99
|
-
| `--netconf-keepalive-interval <ms>` | NETCONF SSH keepalive interval. | - |
|
|
100
|
-
| `--strict-command-ref` | Block commands not listed in `cf_command_ref.pdf`. | `false` |
|
|
101
|
-
| `--no-ref-telemetry` | Disable command-reference telemetry logs during startup. | `false` |
|
|
102
|
-
| `--non-interactive` | Auto-reject high-risk commands instead of prompting for approval. | `false` |
|
|
103
|
-
| `--rbac-role <role>` | Authorization role (`admin`, `read_only`). | `admin` |
|
|
104
|
-
| `--dashboard-port <port>` | Live Visual Dashboard port. | `3000` |
|
|
105
|
-
|
|
106
|
-
### 2. `ciscollm monitor [options]`
|
|
107
|
-
Start the Closed-Loop Auto-Diagnosis & Healing Monitor (AIOps) to listen for device syslog events and heal outages autonomously.
|
|
108
|
-
|
|
109
|
-
| Option / Flag | Description | Default |
|
|
110
|
-
|---|---|---|
|
|
111
|
-
| `--protocol <type>` | Connection protocol (`serial`, `ssh`, `telnet`). | `serial` |
|
|
112
|
-
| `--provider <type>` | LLM provider mode (`local`, `cloud`). | `local` |
|
|
113
|
-
| `--api-key <key>` | Cloud provider (OpenRouter) API key. | - |
|
|
114
|
-
| `-c, --com <ports>` | COM Port(s), comma-separated. | - |
|
|
115
|
-
| `-b, --baud <rate>` | Serial transmission baud rate constraint. | `9600` |
|
|
116
|
-
| `--host <address>` | Target IP / hostnames, comma-separated. | - |
|
|
117
|
-
| `--port <port>` | Target connection port. | - |
|
|
118
|
-
| `-u, --username <name>` | Login username. | - |
|
|
119
|
-
| `-p, --password <pass>` | Login password. | - |
|
|
120
|
-
| `--env-password` | Read device password from `$CISCOLLM_PASS` environment variable. | `false` |
|
|
121
|
-
| `--private-key <path>` | SSH private key file path. | - |
|
|
122
|
-
| `--passphrase <passphrase>`| Passphrase for the SSH private key file. | - |
|
|
123
|
-
| `--local-type <type>` | Local LLM service flavor (`ollama`, `lmstudio`). | `ollama` |
|
|
124
|
-
| `--model <name>` | LLM model name. | - |
|
|
125
|
-
| `--endpoint <url>` | LLM API server endpoint. | - |
|
|
126
|
-
| `--non-interactive` | Enable completely autonomous, non-interactive healing (skip prompts). | `false` |
|
|
127
|
-
| `--min-confidence <conf>` | Minimum AI confidence threshold (0.00 to 1.00) required to apply remediation. | `0.80` |
|
|
128
|
-
|
|
129
|
-
### Other Commands
|
|
130
|
-
* `ciscollm server [options]` - Start mock SSH (`--ssh-port`), Telnet (`--telnet-port`), and HTTP LLM (`--http-port`) servers.
|
|
131
|
-
* `ciscollm shell` - Launch a stateful interactive mock Cisco IOS command line directly.
|
|
132
|
-
* `ciscollm dashboard [--port <port>]` - Start the visual dashboard standalone (default: 3000).
|
|
133
|
-
|
|
134
|
-
---
|
|
135
|
-
|
|
136
|
-
## 🛡️ Custom Safety Playbook (`.ciscollm-guard.yaml`)
|
|
137
|
-
|
|
138
|
-
You can create a `.ciscollm-guard.yaml` file in the directory where you execute the CLI to define custom safety rules for the command firewall.
|
|
139
|
-
|
|
140
|
-
### Example Configuration:
|
|
141
|
-
```yaml
|
|
142
|
-
# .ciscollm-guard.yaml
|
|
143
|
-
protectedInterfaces:
|
|
144
|
-
- "GigabitEthernet0/1"
|
|
145
|
-
- "Vlan1"
|
|
146
|
-
|
|
147
|
-
blockedCommands:
|
|
148
|
-
- "reload"
|
|
149
|
-
- "write erase"
|
|
150
|
-
- "erase startup-config"
|
|
151
|
-
- "crypto key zeroize"
|
|
152
|
-
|
|
153
|
-
requireConfirmationCommands:
|
|
154
|
-
- "interface Loopback"
|
|
155
|
-
- "ip route 0.0.0.0"
|
|
156
|
-
```
|
|
157
|
-
|
|
158
|
-
* **`protectedInterfaces`**: Safeguards critical interfaces from shutdown or IP removal.
|
|
159
|
-
* **`blockedCommands`**: Commands that are strictly banned and rejected automatically.
|
|
160
|
-
* **`requireConfirmationCommands`**: Overrides non-interactive mode or triggers an explicit administrator warning before execution.
|
|
161
|
-
|
|
162
|
-
---
|
|
163
|
-
|
|
164
|
-
## 🧠 AIOps Auto-Healing (OODA Loop) Workflow
|
|
165
|
-
|
|
166
|
-
When running `ciscollm monitor`, the agent acts in a closed loop to keep network interfaces and protocols operational:
|
|
167
|
-
|
|
168
|
-
```
|
|
169
|
-
[Observe]
|
|
170
|
-
Syslog Notification (e.g., %LINK-3-UPDOWN)
|
|
171
|
-
│
|
|
172
|
-
▼
|
|
173
|
-
[Orient]
|
|
174
|
-
Gather Diagnostic Context (Routing tables, interface status)
|
|
175
|
-
│
|
|
176
|
-
▼
|
|
177
|
-
[Decide]
|
|
178
|
-
Analyze via LLM to generate Root Cause, Confidence, Remediation, and Verification plan
|
|
179
|
-
│
|
|
180
|
-
▼
|
|
181
|
-
[Act]
|
|
182
|
-
Execute Configuration Remediation with backups (auto-rollback on failure)
|
|
183
|
-
│
|
|
184
|
-
▼
|
|
185
|
-
[Verify]
|
|
186
|
-
Run validation checks. Revert immediately via Transaction Manager if verification fails
|
|
187
|
-
```
|
|
188
|
-
|
|
189
|
-
---
|
|
190
|
-
|
|
191
|
-
## 💡 Quick Examples
|
|
192
|
-
|
|
193
|
-
#### 1. Configuring Interfaces via Local Simulation (SSH)
|
|
194
|
-
```bash
|
|
195
|
-
ciscollm run --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Configure GigabitEthernet0/1 with IP 192.168.2.1/24 and interface description 'LAN B'"
|
|
196
|
-
```
|
|
197
|
-
|
|
198
|
-
#### 2. Running local LLM (Ollama) against Simulation
|
|
199
|
-
```bash
|
|
200
|
-
ciscollm run --provider local --local-type ollama --endpoint http://127.0.0.1:11434/v1 --model qwen3.5:4b --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Show IP routing table"
|
|
201
|
-
```
|
|
202
|
-
|
|
203
|
-
#### 3. Strict Command Reference compliance
|
|
204
|
-
```bash
|
|
205
|
-
ciscollm run --strict-command-ref --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Configure router ospf 1 and advertise 192.168.1.0/24"
|
|
206
|
-
```
|
|
207
|
-
|
|
208
|
-
#### 4. Launching the Auto-Healing Monitor
|
|
209
|
-
```bash
|
|
210
|
-
ciscollm monitor --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --min-confidence 0.85 --non-interactive
|
|
211
|
-
```
|
|
212
|
-
|
|
213
|
-
---
|
|
214
|
-
|
|
215
|
-
## 💻 Development
|
|
216
|
-
|
|
217
|
-
1. **Setup Workspace:**
|
|
218
|
-
```bash
|
|
219
|
-
git clone https://github.com/ThemeHackers/ciscollm-cli.git
|
|
220
|
-
cd ciscollm-cli
|
|
221
|
-
npm install
|
|
222
|
-
```
|
|
223
|
-
|
|
224
|
-
2. **Build and Run:**
|
|
225
|
-
```bash
|
|
226
|
-
npm run build
|
|
227
|
-
npm start -- run
|
|
228
|
-
```
|
|
229
|
-
|
|
230
|
-
3. **Run Unit & Integration Tests:**
|
|
231
|
-
* Run the main test suite:
|
|
232
|
-
```bash
|
|
233
|
-
npm run test
|
|
234
|
-
```
|
|
235
|
-
* Run AIOps auto-healing tests:
|
|
236
|
-
```bash
|
|
237
|
-
npm run test:healing
|
|
238
|
-
```
|
|
239
|
-
* Run Plink serial connection utility tests:
|
|
240
|
-
```bash
|
|
241
|
-
npm run test:plink
|
|
242
|
-
```
|
|
1
|
+
# ciscollm-cli
|
|
2
|
+
|
|
3
|
+
`ciscollm-cli` is an autonomous Cisco IOS automation agent CLI powered by LLM tool-calling. It allows network engineers to configure, troubleshoot, monitor, and simulate Cisco hardware safely and efficiently with strict enterprise safety guardrails and closed-loop auto-healing capabilities.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## 🚀 Core Capabilities
|
|
8
|
+
|
|
9
|
+
1. **Intelligent Cisco Automation Swarm**
|
|
10
|
+
* Multi-agent coordination with role-based routing (Core, Distribution, Access).
|
|
11
|
+
* Supports both local models (Ollama, LM Studio) and cloud endpoints (OpenRouter).
|
|
12
|
+
|
|
13
|
+
2. **Enterprise-Grade Safety Guardrails & Custom Playbook**
|
|
14
|
+
* **Command Firewall**: Intercepts high-risk commands (e.g., disabling AAA, removing access groups, shutting management interfaces) and automatically **normalizes Cisco IOS command abbreviations** (e.g. `shut` -> `shutdown`, `no ip add` -> `no ip address`) to prevent firewall bypasses.
|
|
15
|
+
* **Custom Playbook (`.ciscollm-guard.yaml`)**: Custom block lists, protected interfaces, and confirmation rules loaded dynamically from your project directory.
|
|
16
|
+
* **Dry-Run Validation**: Analyzes network topology beforehand to prevent accidental disruptions.
|
|
17
|
+
* **Strict Command Reference**: Restricts execution to valid Cisco IOS command sets indexed from `cf_command_ref.pdf`.
|
|
18
|
+
|
|
19
|
+
3. **Closed-Loop Auto-Healing (AIOps)**
|
|
20
|
+
* Real-time monitoring of syslog notification events (interface state transitions, OSPF adjacency status changes).
|
|
21
|
+
* Autonomous diagnosis, remediation planning, validation, and rollback via an AI-driven OODA loop.
|
|
22
|
+
* **Livelock Prevention (Cooldown)**: Implements sliding-window rate-limiting (maximum 3 healing events within 10 minutes) that triggers a 15-minute cooldown period to protect devices from flapping interface infinite loops.
|
|
23
|
+
|
|
24
|
+
4. **Atomic Transactions & Recovery**
|
|
25
|
+
* **Atomic Replace**: Backs up configuration to flash and uses `configure replace` to restore state on failures. Includes a **pre-flight flash space check** to ensure enough storage exists before performing backups.
|
|
26
|
+
* **Command Inversion Fallback**: Generates reverse commands (e.g., `shutdown` -> `no shutdown`) to recover state if flash storage is unavailable.
|
|
27
|
+
|
|
28
|
+
5. **Live Visualization & Audits**
|
|
29
|
+
* **Visual Control Dashboard**: A real-time SPA showing network topology maps, agent thinking logs, configuration diffs, and manual rollbacks.
|
|
30
|
+
* **State Diff Engine**: Displays colorized differences (green/red/yellow) in routing tables, VLANs, and interfaces.
|
|
31
|
+
* **Enterprise Audit Log**: Local, structured audit logging (`audit.log` & `healing-audit.log`) for compliance.
|
|
32
|
+
|
|
33
|
+
6. **Multi-Protocol Simulation & Adapters**
|
|
34
|
+
* Adapters for Serial (Plink), SSH, Telnet, NETCONF XML, and Cisco Modeling Labs (CML).
|
|
35
|
+
* Stateful mock IOS simulator server and local interactive shell (`ciscollm shell`).
|
|
36
|
+
|
|
37
|
+
---
|
|
38
|
+
|
|
39
|
+
## 📦 Quick Start
|
|
40
|
+
|
|
41
|
+
### Installation
|
|
42
|
+
Install the global executable via `npm`:
|
|
43
|
+
```bash
|
|
44
|
+
npm install -g ciscollm-cli
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
### Starting the Simulator Server (For Sandbox Testing)
|
|
48
|
+
Start the multi-protocol test server (SSH, Telnet, NETCONF, and Mock LLM endpoint):
|
|
49
|
+
```bash
|
|
50
|
+
ciscollm server --ssh-port 2222 --telnet-port 2323 --http-port 11434
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
### Launching the Agent
|
|
54
|
+
Run the interactive setup wizard to configure the agent target and goals:
|
|
55
|
+
```bash
|
|
56
|
+
ciscollm run
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
### Launching the Stateful Mock Cisco IOS Shell
|
|
60
|
+
Launch the mock CLI simulator shell directly:
|
|
61
|
+
```bash
|
|
62
|
+
ciscollm shell
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
### Starting the Visual Control Dashboard
|
|
66
|
+
Start the visual dashboard standalone:
|
|
67
|
+
```bash
|
|
68
|
+
ciscollm dashboard --port 3000
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
---
|
|
72
|
+
|
|
73
|
+
## 🛠️ CLI Usage & Options
|
|
74
|
+
|
|
75
|
+
### 1. `ciscollm run [options]`
|
|
76
|
+
Execute configuration or optimization tasks on target hardware.
|
|
77
|
+
|
|
78
|
+
| Option / Flag | Description | Default |
|
|
79
|
+
|---|---|---|
|
|
80
|
+
| `-g, --goal <intent>` | Configuration goal. Omit to launch the Interactive Setup Wizard. | - |
|
|
81
|
+
| `--protocol <type>` | Connection protocol (`serial`, `ssh`, `telnet`, `netconf`, `cml`). | `serial` |
|
|
82
|
+
| `--provider <type>` | LLM provider mode (`local`, `cloud`). | `local` |
|
|
83
|
+
| `--local-type <type>` | Local LLM service flavor (`ollama`, `lmstudio`). | `ollama` |
|
|
84
|
+
| `--model <name>` | LLM model name. | - |
|
|
85
|
+
| `--endpoint <url>` | LLM API server endpoint. | - |
|
|
86
|
+
| `--api-key <key>` | Cloud provider (OpenRouter) API key. | - |
|
|
87
|
+
| `-c, --com <ports>` | COM Port(s), comma-separated (e.g., `COM3,COM4`). | - |
|
|
88
|
+
| `-b, --baud <rate>` | Serial transmission baud rate constraint. | `9600` |
|
|
89
|
+
| `--host <address>` | Target IP / hostnames, comma-separated. | - |
|
|
90
|
+
| `--port <port>` | Target connection port. | - |
|
|
91
|
+
| `-u, --username <name>` | Login username. | - |
|
|
92
|
+
| `-p, --password <pass>` | Login password. | - |
|
|
93
|
+
| `--env-password` | Read device password from `$CISCOLLM_PASS` environment variable. | `false` |
|
|
94
|
+
| `--private-key <path>` | SSH private key file path. | - |
|
|
95
|
+
| `--passphrase <passphrase>`| Passphrase for the SSH private key file. | - |
|
|
96
|
+
| `--netconf-ready-timeout <ms>` | NETCONF SSH connection ready timeout. | - |
|
|
97
|
+
| `--netconf-hello-timeout <ms>` | NETCONF hello exchange timeout. | - |
|
|
98
|
+
| `--netconf-rpc-timeout <ms>` | NETCONF RPC invocation timeout. | - |
|
|
99
|
+
| `--netconf-keepalive-interval <ms>` | NETCONF SSH keepalive interval. | - |
|
|
100
|
+
| `--strict-command-ref` | Block commands not listed in `cf_command_ref.pdf`. | `false` |
|
|
101
|
+
| `--no-ref-telemetry` | Disable command-reference telemetry logs during startup. | `false` |
|
|
102
|
+
| `--non-interactive` | Auto-reject high-risk commands instead of prompting for approval. | `false` |
|
|
103
|
+
| `--rbac-role <role>` | Authorization role (`admin`, `read_only`). | `admin` |
|
|
104
|
+
| `--dashboard-port <port>` | Live Visual Dashboard port. | `3000` |
|
|
105
|
+
|
|
106
|
+
### 2. `ciscollm monitor [options]`
|
|
107
|
+
Start the Closed-Loop Auto-Diagnosis & Healing Monitor (AIOps) to listen for device syslog events and heal outages autonomously.
|
|
108
|
+
|
|
109
|
+
| Option / Flag | Description | Default |
|
|
110
|
+
|---|---|---|
|
|
111
|
+
| `--protocol <type>` | Connection protocol (`serial`, `ssh`, `telnet`). | `serial` |
|
|
112
|
+
| `--provider <type>` | LLM provider mode (`local`, `cloud`). | `local` |
|
|
113
|
+
| `--api-key <key>` | Cloud provider (OpenRouter) API key. | - |
|
|
114
|
+
| `-c, --com <ports>` | COM Port(s), comma-separated. | - |
|
|
115
|
+
| `-b, --baud <rate>` | Serial transmission baud rate constraint. | `9600` |
|
|
116
|
+
| `--host <address>` | Target IP / hostnames, comma-separated. | - |
|
|
117
|
+
| `--port <port>` | Target connection port. | - |
|
|
118
|
+
| `-u, --username <name>` | Login username. | - |
|
|
119
|
+
| `-p, --password <pass>` | Login password. | - |
|
|
120
|
+
| `--env-password` | Read device password from `$CISCOLLM_PASS` environment variable. | `false` |
|
|
121
|
+
| `--private-key <path>` | SSH private key file path. | - |
|
|
122
|
+
| `--passphrase <passphrase>`| Passphrase for the SSH private key file. | - |
|
|
123
|
+
| `--local-type <type>` | Local LLM service flavor (`ollama`, `lmstudio`). | `ollama` |
|
|
124
|
+
| `--model <name>` | LLM model name. | - |
|
|
125
|
+
| `--endpoint <url>` | LLM API server endpoint. | - |
|
|
126
|
+
| `--non-interactive` | Enable completely autonomous, non-interactive healing (skip prompts). | `false` |
|
|
127
|
+
| `--min-confidence <conf>` | Minimum AI confidence threshold (0.00 to 1.00) required to apply remediation. | `0.80` |
|
|
128
|
+
|
|
129
|
+
### Other Commands
|
|
130
|
+
* `ciscollm server [options]` - Start mock SSH (`--ssh-port`), Telnet (`--telnet-port`), and HTTP LLM (`--http-port`) servers.
|
|
131
|
+
* `ciscollm shell` - Launch a stateful interactive mock Cisco IOS command line directly.
|
|
132
|
+
* `ciscollm dashboard [--port <port>]` - Start the visual dashboard standalone (default: 3000).
|
|
133
|
+
|
|
134
|
+
---
|
|
135
|
+
|
|
136
|
+
## 🛡️ Custom Safety Playbook (`.ciscollm-guard.yaml`)
|
|
137
|
+
|
|
138
|
+
You can create a `.ciscollm-guard.yaml` file in the directory where you execute the CLI to define custom safety rules for the command firewall.
|
|
139
|
+
|
|
140
|
+
### Example Configuration:
|
|
141
|
+
```yaml
|
|
142
|
+
# .ciscollm-guard.yaml
|
|
143
|
+
protectedInterfaces:
|
|
144
|
+
- "GigabitEthernet0/1"
|
|
145
|
+
- "Vlan1"
|
|
146
|
+
|
|
147
|
+
blockedCommands:
|
|
148
|
+
- "reload"
|
|
149
|
+
- "write erase"
|
|
150
|
+
- "erase startup-config"
|
|
151
|
+
- "crypto key zeroize"
|
|
152
|
+
|
|
153
|
+
requireConfirmationCommands:
|
|
154
|
+
- "interface Loopback"
|
|
155
|
+
- "ip route 0.0.0.0"
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
* **`protectedInterfaces`**: Safeguards critical interfaces from shutdown or IP removal.
|
|
159
|
+
* **`blockedCommands`**: Commands that are strictly banned and rejected automatically.
|
|
160
|
+
* **`requireConfirmationCommands`**: Overrides non-interactive mode or triggers an explicit administrator warning before execution.
|
|
161
|
+
|
|
162
|
+
---
|
|
163
|
+
|
|
164
|
+
## 🧠 AIOps Auto-Healing (OODA Loop) Workflow
|
|
165
|
+
|
|
166
|
+
When running `ciscollm monitor`, the agent acts in a closed loop to keep network interfaces and protocols operational:
|
|
167
|
+
|
|
168
|
+
```
|
|
169
|
+
[Observe]
|
|
170
|
+
Syslog Notification (e.g., %LINK-3-UPDOWN)
|
|
171
|
+
│
|
|
172
|
+
▼
|
|
173
|
+
[Orient]
|
|
174
|
+
Gather Diagnostic Context (Routing tables, interface status)
|
|
175
|
+
│
|
|
176
|
+
▼
|
|
177
|
+
[Decide]
|
|
178
|
+
Analyze via LLM to generate Root Cause, Confidence, Remediation, and Verification plan
|
|
179
|
+
│
|
|
180
|
+
▼
|
|
181
|
+
[Act]
|
|
182
|
+
Execute Configuration Remediation with backups (auto-rollback on failure)
|
|
183
|
+
│
|
|
184
|
+
▼
|
|
185
|
+
[Verify]
|
|
186
|
+
Run validation checks. Revert immediately via Transaction Manager if verification fails
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
---
|
|
190
|
+
|
|
191
|
+
## 💡 Quick Examples
|
|
192
|
+
|
|
193
|
+
#### 1. Configuring Interfaces via Local Simulation (SSH)
|
|
194
|
+
```bash
|
|
195
|
+
ciscollm run --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Configure GigabitEthernet0/1 with IP 192.168.2.1/24 and interface description 'LAN B'"
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
#### 2. Running local LLM (Ollama) against Simulation
|
|
199
|
+
```bash
|
|
200
|
+
ciscollm run --provider local --local-type ollama --endpoint http://127.0.0.1:11434/v1 --model qwen3.5:4b --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Show IP routing table"
|
|
201
|
+
```
|
|
202
|
+
|
|
203
|
+
#### 3. Strict Command Reference compliance
|
|
204
|
+
```bash
|
|
205
|
+
ciscollm run --strict-command-ref --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --goal "Configure router ospf 1 and advertise 192.168.1.0/24"
|
|
206
|
+
```
|
|
207
|
+
|
|
208
|
+
#### 4. Launching the Auto-Healing Monitor
|
|
209
|
+
```bash
|
|
210
|
+
ciscollm monitor --protocol ssh --host 127.0.0.1 --port 2222 -u admin -p admin --min-confidence 0.85 --non-interactive
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
---
|
|
214
|
+
|
|
215
|
+
## 💻 Development
|
|
216
|
+
|
|
217
|
+
1. **Setup Workspace:**
|
|
218
|
+
```bash
|
|
219
|
+
git clone https://github.com/ThemeHackers/ciscollm-cli.git
|
|
220
|
+
cd ciscollm-cli
|
|
221
|
+
npm install
|
|
222
|
+
```
|
|
223
|
+
|
|
224
|
+
2. **Build and Run:**
|
|
225
|
+
```bash
|
|
226
|
+
npm run build
|
|
227
|
+
npm start -- run
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
3. **Run Unit & Integration Tests:**
|
|
231
|
+
* Run the main test suite:
|
|
232
|
+
```bash
|
|
233
|
+
npm run test
|
|
234
|
+
```
|
|
235
|
+
* Run AIOps auto-healing tests:
|
|
236
|
+
```bash
|
|
237
|
+
npm run test:healing
|
|
238
|
+
```
|
|
239
|
+
* Run Plink serial connection utility tests:
|
|
240
|
+
```bash
|
|
241
|
+
npm run test:plink
|
|
242
|
+
```
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function dashboardAction(options: any): void;
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
+
};
|
|
5
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.dashboardAction = dashboardAction;
|
|
7
|
+
const chalk_1 = __importDefault(require("chalk"));
|
|
8
|
+
const MultiAgentCoordinator_1 = require("../../core/agent/MultiAgentCoordinator");
|
|
9
|
+
const dashboard_1 = require("../../server/dashboard");
|
|
10
|
+
function dashboardAction(options) {
|
|
11
|
+
const port = parseInt(options.port, 10);
|
|
12
|
+
const coordinator = new MultiAgentCoordinator_1.MultiAgentCoordinator();
|
|
13
|
+
(0, dashboard_1.startDashboardServer)(coordinator, port);
|
|
14
|
+
console.log(chalk_1.default.yellow('Standalone mode: Visualizing historical records and active topology when connected.'));
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=dashboardCommand.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dashboardCommand.js","sourceRoot":"","sources":["../../../src/cli/commands/dashboardCommand.ts"],"names":[],"mappings":";;;;;AAIA,0CAKC;AATD,kDAA0B;AAC1B,kFAA+E;AAC/E,sDAA8D;AAE9D,SAAgB,eAAe,CAAC,OAAY;IACxC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,IAAI,6CAAqB,EAAE,CAAC;IAChD,IAAA,gCAAoB,EAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,qFAAqF,CAAC,CAAC,CAAC;AACrH,CAAC"}
|