Local-first network config dependency mapper — parse, visualize, and lint vendor configs
Project description
confgraph
Network configs are text files. The dependencies between them are a graph. confgraph makes the blast radius visible and human error avoidable.
uvx confgraph map router.txt
What it does
Point it at a config file. It parses every protocol, builds a dependency graph, and exports a self-contained interactive HTML file you can open in any browser.
uvx confgraph map router.txt --output-dir .
open router.html
Why this matters
Reducing Cognitive Load. Most engineers navigate configs with grep — find the prefix-list, grep for the route-map, grep for the BGP neighbor. That's a 5-step mental join query just to understand one dependency. confgraph replaces it with a single glance, so you can focus on logic rather than navigation.
Preventing Human Error. An engineer deletes an ACL that looks unused. Ten minutes later they realize it was the only thing protecting the management plane on a different VRF. In a graph, that ACL is visibly connected — you can see what you're about to break before you break it.
Ghost configuration. Large enterprise configs accumulate ghost objects: prefix-lists nobody calls, route-maps that reference non-existent ACLs. In a CLI they look like valid config. In a graph they appear as disconnected nodes — making confgraph a clean-up tool, not just a visualization tool.
High Blast Radius Dependency Mapping. When a shared policy object — an ACL used by both NAT and BGP, or a community list referenced across multiple neighbors — gets modified, the effects ripple unpredictably. confgraph surfaces these high blast radius objects so architects can trace the full directional flow before touching anything. The conversation shifts from "I think it affects these three neighbors" to "I can see it does."
Designed for troubleshooting
confgraph doesn't dump nodes on a screen — it clusters by protocol domain. Infrastructure, Routing, Policy, QoS, Security, and Management objects are grouped so the parts of the config that work together stay together visually.
Troubleshooting a BGP flap? The BGP cluster automatically pulls in related route-maps and prefix-lists, creating a logical island of the entire prefix path from neighbor to policy to filter.
Focused root cause analysis. Select any node to instantly isolate its direct dependencies. See exactly which interfaces are tied to a VRF, which policies are affecting a routing instance, or which ACLs a NAT rule depends on — without scrolling through thousands of lines of config.
Supported platforms
| OS | Parser |
|---|---|
| Cisco IOS / IOS-XE | IOSParser |
| Cisco IOS-XR | IOSXRParser |
| Cisco NX-OS | NXOSParser |
| Arista EOS | EOSParser |
| Juniper JunOS | JunOSParser |
Try it instantly
Pre-generated maps for all supported platforms — open any in your browser, no install needed:
| Platform | Sample config | Interactive map |
|---|---|---|
| Cisco IOS | samples/ios.txt | Live demo |
| Cisco IOS-XE | samples/ios_xe.txt | Live demo |
| Cisco IOS-XR | samples/ios_xr.txt | Live demo |
| Cisco NX-OS | samples/nxos.txt | Live demo |
| Arista EOS | samples/eos.txt | Live demo |
| Juniper JunOS | samples/junos_test.cfg | Live demo |
Install
Requires pip:
pip install confgraph
Or run without installing via uv:
uvx confgraph map router.txt
Protocols parsed
BGP · OSPF · ACLs · NAT · VRF · IS-IS · EIGRP · RIP · Route-maps · Prefix-lists · Community lists · AS-path lists · Static routes · NTP · SNMP · Syslog · Banners · QoS · Crypto/IPsec · BFD · IP SLA · EEM · Object tracking · Multicast
Use as a library
from confgraph.parsers.ios_parser import IOSParser
parsed = IOSParser(open("router.txt").read()).parse()
print(parsed.bgp_instances)
print(parsed.route_maps)
Security & Privacy
Local-first by design. confgraph never sends your config files anywhere. All parsing, graph generation, and analysis run entirely on your machine. The output is a single self-contained HTML file with no external requests — no CDN, no analytics, no telemetry. This means it can be safely moved to and used within air-gapped management jump-hosts where internet access is prohibited.
Contributing
Contributions welcome — new parsers, bug fixes, additional protocol coverage. See docs/ARCHITECTURE.md to get started.
License
Apache 2.0
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file confgraph-0.2.0.tar.gz.
File metadata
- Download URL: confgraph-0.2.0.tar.gz
- Upload date:
- Size: 302.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
16a273c17d2b5ac81febc1a45b3734a0f105d102c824e17cc96e706278fd78af
|
|
| MD5 |
4b3ec9c9d2d0830a3548abb5ba5ce54a
|
|
| BLAKE2b-256 |
77ad18f4687a7484af154a86578baed644491ba2c28a62f133b2f385b8365719
|
File details
Details for the file confgraph-0.2.0-py3-none-any.whl.
File metadata
- Download URL: confgraph-0.2.0-py3-none-any.whl
- Upload date:
- Size: 318.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5fc611a4dce6f239720f5596851711860714cfae6ac62eb53fb0d8acea0c4c6b
|
|
| MD5 |
28b7500c4e7820714815539983e14af8
|
|
| BLAKE2b-256 |
95338b6506fbdb638e2c3e0fb1d4f15515f29a2b2da208b907e3072b892a3951
|
