REC SECTOR ns kagent MODEL gpt-5.5 MASTER ARM · CONSENT REQ 172.16.10.0/24
Tactical NetOps · kagent

Two wingmen.
One rule of engagement.

Two kagent agents fly a live FortiGate firewall and an F5 BIG-IP load balancer in plain English — in-cluster MCP wrappers, gpt-5.5, a runbook in the seat. Recon is weapons-free: ask anything, reads come straight back. But every strike holds for your call — the agent locks the target and waits for consent before it touches production.

▣ TARGET LOCKEDARMED
Inbound request“Block the guest iPad off the Wi-Fi.”
create_temporary_block_policy(
  srcaddr="10.20.4.66",
  name="block-guest-ipad"
)
Awaiting consent to fire
Recon complete · list_detected_devices
Section 01 · Engagement sequence

How a request flows

Both wingmen fly the same profile. You never hold a device credential and you never touch the CLI — the agent plans against its /skills runbook, locks a single tool, and holds every strike at the consent gate.

01 · CALL

Plain English

You radio in via the Solo UI, or a wingman tasks it over A2A.

Solo UI · A2A
02 · PLAN

gpt-5.5 + runbook

The model reads its /skills runbook and sets the play.

gpt-5.5 · /openai
03 · LOCK

Target a tool

Selects one MCP tool and fills in the exact arguments.

RemoteMCPServer
05 · STRIKE

Real REST

The wrapper calls the device API and reports back plainly.

FortiOS · iControl

Recon on sight — strike only on your call.

Wingman 01 · Callsign SENTRY

FortiGate agent

fortigate-agent firewall 172.16.10.1 · REST API token (Bearer) · wrapper fortigate-mcp-server

Holds the perimeter: policies, NAT, address objects, routing — plus the soft edge most firewalls hide: DHCP leases, fingerprinted devices, and FortiAP wireless clients. It runs recon first, then proposes the narrowest strike that does the job.

Hostname
fw-maniak-hq
FortiOS
v7.4.11
Auth
API token
Agent
Ready
Model
gpt-5.5

Firewall & NAT

Audit policies, flag any accept rule that runs all→all, and isolate a host with a targeted deny rule.

list_policies · get_firewall_policy · enable/disable_firewall_policy · create_temporary_block_policy · list_central_snat · list_ip_pools · list_vips

Objects, interfaces & routing

The building blocks: addresses, groups, services, interfaces, and the static routing table.

list_addresses · list_address_groups · get_address_group · list_services · list_service_groups · list_interfaces · list_static_routes

System & health

Firmware, serial, uptime, live resource load, and which HA node is primary before any strike.

system_status · system_resources · ha_status

Who's on the network

DHCP leases and fingerprinted devices — the “what is that on my Wi-Fi” picture, by IP, MAC, or hostname.

list_dhcp_leases · list_detected_devices

Wireless / FortiAP

See connected clients and SSIDs; kick one client, or gate an SSID on/off (hits everyone on it).

list_wireless_clients · list_ssids · disconnect_wireless_client · disable_ssid · enable_ssid

Behind the gate

Red tools above never fire on their own — the agent locks the target and waits for you.

6 write tools require consent
Show me all firewall policies What's on my Wi-Fi right now? Any policy that allows all → all? Block this iPadCONSENT Disable the guest SSIDCONSENT
Wingman 02 · Callsign VIPER

F5 BIG-IP agent

f5-bigip-agent load balancer 172.16.10.10 · iControl REST · wrapper f5-wrapper-bigip

Runs traffic: pools and members, virtual servers, nodes, health monitors, iRules, certificates, and HA. It checks dependencies and failover state before proposing a strike, and speaks the address:port member format precisely.

Product
BIG-IP
Version
v17.5.1.3
Auth
iControl
Agent
Ready
Partition
Common

Pools & members

List and inspect pools, check member health, and drain a member for zero-impact maintenance.

list_pools · get_pool · create_pool · delete_pool · list_pool_members · add/remove_pool_member · set_pool_member_state

Virtual servers & nodes

The front doors and the backends behind them — created and removed only with your sign-off.

list_virtual_servers · get_virtual_server · create/delete_virtual_server · list_nodes · get_node · create/delete_node · set_node_state

Monitors, iRules & certs

Health-monitor configs, iRule definitions, and SSL certificates — including what's expiring soon.

list_monitors · list_http/https/tcp_monitors · list_irules · get_irule · list_certificates · get_certificate

System & HA

Version and box info, active/standby failover state, config-sync status, and live performance.

system_info · failover_status · config_sync_status · system_performance

Dependency-aware

Before a delete it checks who references the pool or node, and warns if the target is the standby.

recon runs first · then the gated strike

Behind the gate

Red tools above hold for consent — every create, delete, and state change.

10 write tools require consent
List all pools and their health What's the failover status? Which certs expire in 30 days? Drain member 10.0.1.25:80CONSENT Create pool staging-apiCONSENT
Section 02 · Tactical picture

Architecture

Each wingman = an in-cluster MCP wrapper Deployment + a RemoteMCPServer (direct in-cluster service, not proxied) + an Agent on gpt-5-5. Device credentials live in Vault and are synced to the wrapper pods by External Secrets — the agent side holds nothing.

  Solo UI / A2A ─►  kagent controller   (ns kagent)
                       │  plans on gpt-5.5 via agentgateway /openai  ·  /skills runbook per wingman
          ┌────────────┴────────────┐
          ▼                         ▼
   RemoteMCPServer            RemoteMCPServer
   fortigate-mcp              f5-bigip-mcp
          │                         │
          ▼                         ▼
   fortigate-mcp-server pod    f5-wrapper-bigip pod        creds:  Vault ─► ESO ─► Secret (ns kagent)
   FORTI_TOKEN ◄─────────────       F5_USER/PASS ◄─────────       agentgateway/fortigate · agentgateway/f5/bigip
          │ HTTPS  Bearer            │ HTTPS  iControl
          ▼                         ▼
   FortiGate 172.16.10.1       F5 BIG-IP 172.16.10.10
   fw-maniak-hq · v7.4.11         BIG-IP · v17.5.1.3

Migrated from the k8s-iceman OSS lab and adapted to goose: model gpt-5-5, the vault ClusterSecretStore on the agentgateway/ mount, and NetworkPolicies dropped. FortiGate authenticates with a REST API token (Bearer) — not a password.

Section 03 · Rules of engagement

What holds for consent

Human-in-the-loop is declared per tool on each agent (requireApproval). Recon never prompts; anything that mutates a device does. The agent shows the exact call and its arguments, and does nothing until you clear it hot.

OperationWingmanToolStatus
Enable / disable a firewall policySENTRYenable/disable_firewall_policy✦ consent
Isolate a hostSENTRYcreate_temporary_block_policy✦ consent
Kick / gate wirelessSENTRYdisconnect_wireless_client · disable/enable_ssid✦ consent
Create / delete pool or member stateVIPERcreate/delete_pool · *_pool_member · set_pool_member_state✦ consent
Create / delete virtual server or nodeVIPERcreate/delete_virtual_server · create/delete_node · set_node_state✦ consent
List, get, audit, inventory, statusbothlist_* · get_* · *_status · failover_status◇ weapons-free
Section 04 · Mission status

Built & proven

Deployed by ArgoCD and verified end-to-end — both wrappers reached the real devices and authenticated, not just started.

SENTRY
Ready
VIPER
Ready
MCP servers
Accepted
FortiGate auth
200 · v7.4.11
F5 auth
200 · v17.5.1.3
Secrets
Vault → ESO