I'm a network engineer who moved into AI engineering, and I build the systems that sit between the two: agents that operate real network infrastructure, with the governance and the proof that let you actually trust them in production.
The thread through everything here is the same. Calling an LLM is the easy part. An agent you can let near a production fabric is the hard part, and that takes retrieval grounded in real documentation, tool layers that enforce safety in code instead of in the prompt, audit trails you can replay, and evals that gate every change. The projects below are where I work that out.
I also teach a lot of this at The Tech-E.
NetDecipher is an agentic network troubleshooting pipeline. Seven specialized agents (intake, clarify, scope, collect, correlate, remediate, compose) sit on a shared agent base, each owning one stage of moving a vague problem report to a grounded remediation. MCP and observability run through the whole thing.
Structured Network Autonomy is the governance layer for AI agents in enterprise networks. A policy engine intercepts every autonomous action and returns PERMIT, ESCALATE, or BLOCK based on a five-tier risk taxonomy, confidence scoring, and an Earned Autonomy Score, with full audit logging and human-in-the-loop escalation. This is my answer to how you let an agent touch the network without losing sleep.
NetworkOps Platform is a NetBox-backed MCP platform that exposes 178 registered tools across device operations, config, diagnostics, compliance, and orchestration, consumable by any MCP client. Multi-vendor, with a throughput benchmark and its methodology committed in the repo.
NetworkConfigPro is a multi-vendor configuration generator and validator. One data model in, deployable configs out for Cisco IOS/IOS-XE, NX-OS, Arista EOS, Juniper Junos, SONiC, and Fortinet FortiGate.
Intent-Based Networking brings Microsoft's Z3 SMT solver to network design. Define intent in YAML, get mathematically proven path diversity and BGP configs deployed to your routers. Provably correct, not best effort.
WellnessOps is a hybrid-retrieval RAG system, dense vectors plus BM25, over multimodal sources running on local Ollama and Anthropic models. The retrieval patterns here are the same ones my network agents depend on.
A few projects stay private because they carry lab topology, operational config, or NVIDIA reference material. Public documentation is up where it earns its place, and a walkthrough is available on request.
Engineer Brain (private) is an autonomous network engineering agent running in production on my k3s cluster: knowledge-first RAG, an OODA reasoning loop, SNA trust tiers enforced at the tool layer, and a git-backed immutable audit trail (GAIT) that halts the agent if it is ever unavailable. Documentation.
SuperPOD Design Factory (private) is design-as-code for NVIDIA DGX SuperPOD (H200) network deployments on Nautobot Design Builder. One requirements YAML expands to a validated 91-device, 504-cable deployment package, with every count citing the H200 reference architecture, plus a structural drift loop that reconciles the live fabric against the design. Documentation.
SuperPOD NIM Gateway (private) is an NVIDIA NIM-faithful, OpenAI-compatible inference gateway in FastAPI. It proxies to a self-hosted vLLM backend (Qwen3-8B-FP8) and serves the full NIM management surface plus chat and completions, streaming and non-streaming. The hard rule is that it never fabricates a completion: if the backend is unreachable it returns 503, never a synthesized 200. A Test Verification Standard enforces that rule, a harness that hashes every source file into a tamper-evident proof, runs the suite, and runs a mutation check that flips the backend-down 503 to a 200 and fails the build unless the tests catch it. CI runs the whole thing on every push.