Discover and model
Read live network state, normalize device facts, and align inventory with your source of truth before automation begins.
- Device discovery
- Source-of-truth sync
- Vendor read adapters
- Site and device grouping
Netcode Automation + Rez RCA
Netcode turns live network state into controlled automation workflows: discover, model intent, plan bulk changes, validate safety, dry-run or canary, apply through gates, verify live state, roll back from Git, and monitor drift.
When live state does not match intent, Rez runs read-only RCA with device evidence.
Bulk Change CHG-2048
Command preview
vlan 210
name APP_SEGMENT
interface Port-Channel10
switchport trunk allowed vlan add 210
ip prefix-list REGION3-APP permit 10.204.210.0/24
Rollback preview
interface Port-Channel10
switchport trunk allowed vlan remove 210
no vlan 210
no ip prefix-list REGION3-APP permit 10.204.210.0/24
Netcode Automation
Netcode is the automation workspace for network engineers. Start with live discovery and source-of-truth alignment. Define the intended outcome. Preview the exact network change. Validate safety. Dry-run or canary. Apply in controlled batches. Verify live state. Track drift over time.
Read live network state, normalize device facts, and align inventory with your source of truth before automation begins.
Turn intended outcomes into exact configuration changes, policy checks, risk summaries, and rollback plans.
Use canary, batch controls, approval gates, verification checks, drift watch, and Git-backed rollback.
Bulk Network Automation
Netcode is built for repeatable network changes across sites, regions, and device groups. Engineers define the outcome once, review the generated plan, canary the first batch, then promote safely.
| Device | Site | Vendor | Planned Change | Validation | Canary/Batch | Verify |
|---|---|---|---|---|---|---|
| Access-SW-01 | Site 101 | EOS | VLAN 210 + uplink trunk | Passed | Canary | Verified |
| Access-SW-02 | Site 101 | IOS-XE | Access VLAN + trunk scope | Passed | Batch 2 | Pending |
| Edge-FW-01 | Site 104 | FortiOS | Firewall object + policy reference | Warning | Held | Not applied |
| Core-RTR-02 | Site 108 | Junos | Prefix export policy | Passed | Batch 3 | Pending |
Under the Hood / How Network Automation Works
Netcode does not blindly push templates. It follows a deterministic automation loop: read live state, model intended state, calculate the delta, validate policy, dry-run or canary, apply through gates, verify actual state, and keep rollback tied to Git.
Interfaces, VLANs, BGP neighbors, routes, ACLs, NTP, SNMP, firmware, interface state.
Approved NTP servers, VLAN standards, interface roles, routing peers, ACL rules.
Devices affected, commands to add, commands to remove, rollback commands, risk summary.
Each change is isolated, reviewed, checked, and blocked before execution if unsafe.
Candidate config, device syntax check, first-batch canary, and no-commit validation where supported.
NTP peers active, VLAN present, BGP session established, route installed, ACL ordered correctly.
Rollback to previous approved intent, validate reverse plan, apply through the same gates, and monitor drift.
Product Modules
One guided workspace for intent, plan, validation, dry-run, apply, verify, rollback, and drift.
Select device groups by site, role, vendor, tag, or source-of-truth query. Plan one change across many devices.
Show exact generated commands and rollback commands before anything touches a device.
Create review branches, commit generated artifacts, review diffs, merge approved intent, and roll back by reverting Git state.
Block unsafe changes before apply using device groups, command patterns, maintenance windows, approvals, and rollback requirements.
Apply to a small canary first, verify, then promote in controlled batches with automatic stop conditions.
Continuously compare intended state to live state and create remediation plans when drift appears.
Open governed SSH sessions with command guardrails, transcripts, change attachment, and runner-side credentials.
Start with NTP standardization, VLAN rollout, interface standardization, BGP neighbor updates, ACL changes, firmware pre-checks, and branch onboarding.
Netcode Secure Shell
Network engineers still need a real CLI. Netcode Secure Shell gives them one with controls traditional SSH workflows do not provide: runner-side credentials, command guardrails, transcripts, change attachment, and a path from ad-hoc investigation into governed automation.
Device credentials resolve on the customer-side runner, not in the browser and not in the control plane.
Read-only commands can run immediately. Config lines are staged into Netcode plans instead of becoming invisible one-off changes.
Transcripts can attach to a change, RCA, drift investigation, rollback, or approval record.
Session attached to CHG-2048
Core-RTR-02# show bgp ipv4 unicast 10.204.210.0/24
BGP routing table entry for 10.204.210.0/24
Paths: 2 available, best #1
Community: region3-app-segment
Core-RTR-02# configure terminal
[guard] config mode detected
[staged] attach this command to CHG-2048 plan before apply
NetDevOps Governance
Netcode uses Git as the system of record for network intent and generated artifacts. Engineers can review plans before apply, promote approved changes, and roll back by reverting to the last known good intent.
intent.yaml
plan.md
commands.txt
rollback.txt
validation.md
canary-result.md
verify.md
Git Rollback Panel
Rez RCA
Rez is the read-only RCA layer for network operations. It collects live SSH/API evidence, compares expected vs actual state, identifies failed conditions, and gives engineers the next safe action.
Investigate reachability, VLANs, BGP, routes, ACLs, firewall policy, interface health, and drift.
Rez gathers read-only facts from routers, switches, firewalls, wireless controllers, and network APIs.
Rez shows the likely cause, failed checks, supporting evidence, confidence, and recommended next action.
Incident
VLAN 210 exists on Access-SW-01, but the uplink toward Core-RTR-02 does not allow VLAN 210.
Closed Loop Operations
Bulk VLAN rollout across Sites 201-212. Verification fails on 4 devices. Rez identifies uplink trunk inconsistency. Netcode creates a remediation plan for affected devices only. Rollback remains available from Git.
Define intent, plan changes, validate, canary, apply, and verify.
Live state no longer matches approved intent.
Read-only RCA identifies the failed condition and supporting evidence.
Rez finding becomes a safe Netcode remediation plan.
If remediation fails, rollback is generated from the previous approved intent.
Use Cases
Standardize NTP, SNMP, VLANs, interfaces, routing, and ACLs across many sites without pushing blind templates.
Run repeatable changes across customer environments, verify live state, and investigate failures without escalating every issue.
Bring Git, review branches, policy gates, canary apply, and rollback workflows to network engineers without forcing them to become software developers.
Use approval gates, controlled execution, live verification, and change history for regulated environments.
Security
Netcode and Rez are designed for controlled enterprise adoption. Start with read-only discovery and RCA. Add automation gates when your team is ready. Keep credentials inside your environment with a customer-side runner.
For testing workflows and learning automation concepts.
For one team, one workspace, and starter automation packs.
For live device access while credentials remain inside the customer network.
For SSO, RBAC, private deployment, multi-workspace operations, and integration support.
Pricing
For learning, local examples, and testing the automation model.
For a small team starting with one automation workflow.
For teams validating Netcode against a real workflow.
For production teams and service providers.
Get Started
Start with a focused workflow such as NTP standardization, VLAN rollout, interface standardization, BGP neighbor updates, or ACL cleanup. Netcode plans it, validates it, gates it, applies it safely, verifies live state, and keeps rollback tied to Git.