latticio is an MCP server that connects Claude, Cursor, and VS Code to your network infrastructure. 345 tools across 7 vendor platforms. Query, diagnose, and configure through natural language.
latticio is in active development. pip install latticio, Docker images, and full documentation will be available at launch. Follow @latticio for updates.
You ask a question. Your AI assistant picks the right tools, queries your devices, and explains what it found.
From basic show commands to full fabric validation, async operations, and AI cluster health monitoring.
All drivers implement the same protocol with 36 normalized getters. Write tools once, run them anywhere.
| Vendor | Platform | Protocol | Status |
|---|---|---|---|
| Arista | EOS | eAPI (HTTPS) | Supported |
| Cisco | IOS-XE | RESTCONF | Preview |
| Cisco | NX-OS | NX-API | Preview |
| Juniper | JunOS | NETCONF | Preview |
| SONiC | SONiC | REST API | Preview |
| Palo Alto | PAN-OS | XML/REST API | Experimental |
| Fortinet | FortiOS | REST API | Experimental |
Multiple safety layers active by default. Enterprise auth, RBAC, and MCP protocol compliance for team deployments.
All write operations blocked unless explicitly enabled. Dangerous commands like reload, write erase, and bash are permanently denied. Configurable deny-list for site-specific needs.
Framework-level protection blocks semicolons, backticks, subshell syntax, and null bytes before any command reaches a device. Tool authors cannot bypass this.
MCP Elicitation support prompts for user confirmation before destructive operations. Cancel a write before it happens. Graceful fallback when clients don't support it.
MCP Tasks primitive for long-running operations. Fabric health checks, compliance audits, and fleet commands return a task handle with progress tracking.
RFC 9728/8707 compliant authentication. Scope-based access control with hierarchy: admin implies write implies read. Step-up authorization for privilege escalation.
20+ regex patterns plus keyword-based fallback redact passwords, secrets, community strings, and API keys from every response before reaching the AI assistant.
Optional per-device certificate pinning for high-security environments. Supports both hostname and IP-addressed connections.
Only meta-tools load at startup. Tool categories are loaded on demand as the AI needs them, keeping the context window efficient. Code Mode reduces tokens by 99%.
Structured JSON audit log with HMAC signing, configurable rotation and retention, syslog forwarding. Prometheus metrics. Per-device circuit breakers and rate limiting.
Vendor-aware validation catches bad interface names, invalid BGP ASNs, and mismatched parameters before they reach the device. Clear error messages with remediation hints.
Validate configuration changes against a Containerlab digital twin before applying to production. Compare live topology to lab for drift detection.
Extend with custom drivers, compliance packs, and tool modules via Python entry points. No core code changes needed.
Inventory, secrets, incident management, metrics, and infrastructure-as-code.
Connect latticio to the AI tools you already use.
From a local subprocess to a Kubernetes cluster with Helm, health checks, and horizontal scaling.
345 tools. 7 vendors. Production safety by default. Launching soon.
Follow @latticio on X for launch announcements. PyPI, Docker, and full documentation coming soon.