Autonomous threat detection and response: eBPF monitors the kernel, MAF-powered LLM agents decide the action, Go/Rust enforces it at line rate — no human in the loop.
All AI orchestration is unified on Microsoft Agent Framework (MAF) rc5. Tested on MAF rc5; may require changes for GA.
ZTNA.mp4
IPS.mp4
[ Threats / Traffic ]
│
┌──────▼──────────────────────────────────────────────────┐
│ Data Plane: Rust + eBPF/XDP │ Tetragon (kernel mon) │
└──────┬──────────────────────────────────┬───────────────┘
│ stats / events │ security events
┌──────▼──────────────┐ ┌─────────────▼──────────────────────────┐
│ Control Plane (Go) │◄────│ MAF rc5 Orchestration │
│ REST API + XDP map │ │ ┌──────────────┐ ┌────────────────┐ │
└─────────────────────┘ │ │ Admin agent │ │ SASE agent │ │
│ ├──────────────┤ ├────────────────┤ │
┌─────────────────────┐ │ │ Netmiko agent│ │ NETCONF+RAG │ │
│ Infra: Containerlab│ │ └──────────────┘ └────────────────┘ │
│ VPP + Juniper cRPD │ │ │ Llama-3 via Groq API │
└─────────────────────┘ └─────────┴──────────────────────────────┘
This framework was developed through iterative experimentation (documented in the notebooks):
- Phase 1–5: Evolution from simple log analysis to reactive policy enforcement.
- Phase 6: Orchestrator decomposes natural language intent into a DAG of tasks and dispatches them to Workers in dependency order.
- Phase 7 (Current): Four safety boundary layers added to the Orchestrator-Worker pattern — PolicyChecker, ValidationAgent, RollbackOrchestrator, and AuditLogger — for production-grade reliability.
All AI orchestration is unified under MAF rc5 (agent_framework). This was a deliberate architectural choice:
- Native tool dispatch: MAF automatically invokes tools from function signatures + docstrings — no manual dispatcher needed.
- Session & history management: Conversation history and token limits are delegated to the MAF session layer.
- Unified LLM interface:
OpenAIChatClientwith MAF'smodel_idspec works seamlessly with Groq-hosted Llama-3 models via the OpenAI-compatible API. - Consistent error handling: Rate limits, bad requests, and retries are handled by the MAF layer across all agents.
The same MAF-based agent pattern is used across all four modules — from low-level XDP security enforcement to high-level NETCONF/RAG configuration management.
| Layer | Technology |
|---|---|
| AI Orchestration | Microsoft Agent Framework (MAF) rc5 |
| LLM Backend | Llama-3 (via Groq API, OpenAI-compatible) |
| Data Plane | Rust + eBPF/XDP — line-rate packet filtering |
| Control Plane | Go — kernel map management & policy REST API |
| Infrastructure | Containerlab + VPP + Juniper cRPD/vevo |
my-sase-project/
├── config.ini.example # API key template (copy to config.ini)
├── infra/
│ └── containerlab/
│ └── vpp.clab.yml # Containerlab topology definition
├── ips-maf/ # IPS module — human-in-the-loop enforcement (MAF rc5)
│ ├── go-control-plane/
│ │ ├── go.mod
│ │ └── main.go
│ ├── python-agents/
│ │ ├── api_spec.py
│ │ └── sase_agent.py
│ └── xdp-ebpf/
│ ├── Cargo.toml
│ └── main.rs
├── netconf-rag-maf/ # NETCONF config generation with RAG + MAF (Jupyter)
│ ├── netconf_rag_agent_framework.ipynb
│ └── policy.yaml # NETCONF agent policy (allowed interfaces, VLANs, forbidden XML ops)
├── netmiko-maf/ # Network automation via Netmiko + MAF (Jupyter)
│ ├── netmiko_agent_framework.ipynb # MAF rc5 agent implementation
│ └── network_diagnostic_agent_v5.ipynb # Diagnostic agent (evolution from v1–v5)
├── LICENSE
├── README.md
└── ztna-tetragon-maf/ # ZTNA module — autonomous blocking (MAF rc5)
├── go-control-plane/
│ ├── go.mod
│ └── main.go # REST API + XDP map management
├── python-agents/
│ ├── admin_agent_maf.py # Security admin agent (MAF rc5)
│ ├── api_spec.py
│ └── sase_agent_maf.py # User-facing SASE agent (MAF rc5)
├── tetragon/
│ └── block-shadow-access.template.yaml # Tetragon policy: blocks shadow /etc/passwd access
└── xdp-ebpf/
├── Cargo.toml
└── main.rs # Rust/XDP line-rate packet filter
ztna-tetragon-maf/tetragon/block-shadow-access.template.yaml is a Tetragon TracingPolicy that detects and blocks unauthorized access to /etc/shadow and /etc/passwd at the kernel level via eBPF.
When Tetragon fires an event matching this policy, the admin agent (MAF rc5) picks it up, reasons about the threat, and instructs the Go control plane to update the XDP drop map in real time — no human intervention required.
netmiko-maf/policy.yaml is a NETCONF agent policy that declaratively defines the scope of allowed operations — permitted interfaces, VLAN ID ranges, forbidden XML keywords (e.g. delete-config, kill-session), allowed <configuration> nodes, and max VLAN operations per run. Operational constraints can be adjusted here without touching any Python code.
This project covers the network operations loop through two Jupyter notebooks.
netconf-rag-maf/ — Permanent remediation via NETCONF × RAG
- Why RAG? LLMs do not have reliable knowledge of vendor-specific NETCONF schemas and CLI syntax. RAG injects the relevant device documentation at inference time, enabling accurate XML config generation for Juniper and other vendors.
- Why NETCONF? NETCONF rewrites the router's running configuration directly — enabling intent-based, permanent network changes.
- Orchestrator-Worker pattern: Natural language intent (e.g. "delete VLAN70 and create VLAN100") is decomposed into a DAG of tasks by the Orchestrator, then dispatched to Worker agents in dependency order. Each Worker runs the full
get_inventory → translate → generate → validate → fix → deploy → auditcycle independently.
netmiko-maf/ — Multi-layer fault diagnosis across vendors
A multi-agent diagnostic system for correlating L2 and L3 state across devices. Understanding network faults requires input from multiple layers simultaneously — this notebook provides a 5-agent pipeline for that:
| Agent | Role |
|---|---|
| Command selector | Chooses the right command set from symptom description |
| L2 analyst | Detects interface and MAC-level anomalies |
| L3 analyst | Identifies routing and ARP issues |
| Consistency checker | Cross-validates L2/L3 state, applies Self-Correction |
| Report generator | Produces structured findings with evidence citations |
- Multi-vendor by design:
VENDOR_KEYdecouples the SSH driver (netmiko_driver) from the command dictionary — adding a new device type requires only a YAML entry, no code changes. - Mock mode: All agents run against mock data without physical devices, enabling CI/CD-friendly testing.
| Tool | Version | Link |
|---|---|---|
| Microsoft Agent Framework | rc5 | pip install agent-framework |
| Groq API Key | — | console.groq.com |
| Go | 1.21+ | go.dev |
| Rust + cargo | stable | rustup.rs |
| Containerlab | latest | containerlab.dev |
-
Deploy the Topology:
sudo containerlab deploy -t infra/containerlab/vpp.clab.yml
-
Setup API Key:
cp config.ini.example config.ini # Edit config.ini and set GROQ_API_KEYOr use the environment variable:
export SASE_CONFIG=/path/to/config.ini -
Launch Go Control Plane:
cd ztna-tetragon-maf/go-control-plane && go run main.go
-
Run the MAF Agents:
# Security admin agent (Tetragon event monitoring + XDP enforcement) python3 ztna-tetragon-maf/python-agents/admin_agent_maf.py # User-facing SASE agent (ticket & policy management) python3 ztna-tetragon-maf/python-agents/sase_agent_maf.py
-
Explore the Notebooks:
netmiko-maf/— Network diagnostics and automation with MAF agentsnetconf-rag-maf/— NETCONF config generation with RAG + MAF orchestration
MIT License © 2026 hidemi-k