OLAV โ AI-native platform for autonomous operations with domain-aware agents, API-as-Tool, and Agent Harness
Project description
OLAV ๐บ
Online Analytical Vertex for Agentic Operations
AI-native platform for autonomous infrastructure operations.
Control your infrastructure with natural language. Connect any REST API in one command, query it instantly, generate environment-aware automation scripts โ no MCP servers, no code generation, no runtime complexity.
pip install olav
olav # first run sets itself up โ just paste your LLM key
olav registry register http://netbox:8000 # connect any API
olav "how many devices are in NetBox?" # query immediately
olav --agent netops "write a backup script" # generate real scripts
Quick Start | Docs | ไธญๆ
Why OLAV?
API-as-Service โ Beyond MCP
MCP requires a server process per service, stdio/HTTP transport, and framework-specific adapters. OLAV takes a different approach:
MCP: Service โ MCP server process โ stdio/HTTP โ adapter โ agent
OLAV: Service โ olav registry register โ reference markdown โ api_request โ done
One command. No server processes. No generated code. No runtime overhead.
# Register once
olav registry register http://netbox:8000
# Query from any agent, forever
olav "how many devices are in NetBox?"
olav --agent netops "compare OLAV database vs NetBox โ are they in sync?"
The api_request tool is schema-aware โ it reads API reference docs generated at registration time, handles pagination (DRF/NetBox style), and manages auth (JWT/Bearer/API-key) automatically.
Three Agents โ Strict Tool Isolation
olav "list all devices" โ Core Agent (database + knowledge base)
olav --agent netops "simulate link failure" โ Ops Agent (network operations + SSH)
olav --agent audit "run health check" โ Audit Agent (compliance + learning)
Core agent uses a subagent architecture โ the orchestrator sees only 5 tools:
core orchestrator (5 tools: execute_sql, olav_recall_memory, web_search, format_and_export, olav_delegate)
โโโ db_query โ database queries, knowledge base, web search, export
โโโ api_query โ API requests, health checks, web search, export
โโโ remote โ SSH to servers, local shell commands
โโโ admin โ platform management, deployment, cron
Each subagent has only the tools it needs. execute_sql and api_request are in different subagents โ the LLM cannot confuse them. Principle of least authority, enforced by the harness.
7-Layer Write Security
AI agents that can write to production need more than HITL approval:
| Layer | Defense | Bypassable? |
|---|---|---|
--enable-api-write |
Write mode locked by default | No |
services.yaml readonly_only |
Per-service read/write control | Config only |
| Dry-run simulation | Must pass before approval offered | No |
| HITL approval | User sees diff, then confirms | Not skippable |
sandbox_guard hard_block |
HTTP writes in isolated sandbox | Not skippable |
unshare --net |
Kernel-level network isolation | Not skippable |
| Audit trail | Every api_request logged | โ |
--dangerously-skip-permissions bypasses tool approval for testing โ but cannot bypass API write approval. Network devices are always read-only.
Agent Harness โ The OS for AI Agents
Every agent decision passes through a mandatory execution control layer:
Layer 0: AAA Token/LDAP/OIDC auth โ RBAC โ full audit trail
Layer 1: Middleware HITL interception + memory injection
Layer 2: Sandbox Pre-scan โ DuckDB read-only โ network namespace isolation
Layer 3: Output Credential redaction + SSE encoding
Self-Improving Loop
Use OLAV โ audit log captures every tool call
โ failure patterns extracted โ written to LanceDB memory
โ future runs recall constraints before acting
Export as SFT/trajectory training data: olav log export sft.
The Software Understands You โ Not the Other Way Around
You should never need to read a manual before OLAV is useful, and never need to hand-edit JSON to recover from a mistake:
- Zero-ritual onboarding โ the first bare
olavbuilds everything itself (directories, databases, agents, local embedding model) and asks for exactly one thing: your LLM API key. No separate init step, no config file editing. - A first screen that knows your state โ instead of generic tips, the welcome screen tells you what's actually true: "embedding backend unavailable โ memory features limited", "netops installed but no device data yet โ import a snapshot", "welcome back โ last time: 'why is R1's BGP flapping?'".
- Health checks anywhere โ
olav doctorfrom the shell or/doctorinside the TUI: zero-LLM probes of scaffolding, LLM, and embedding, each failure paired with the fix. - Change config by talking โ "switch my LLM to deepseek-chat" is validated against the live provider before it's saved; a bad key or model name is rejected with the real error and your working config untouched. Every change snapshots the previous one โ "rollback my LLM config" undoes it.
- Undo for agent actions โ file writes and cron changes are journaled; "undo that" reverts the most recent one.
- Failures tell you what to do next โ a mid-session 401 or quota error prints the diagnosis path and the rollback phrase, not a stack trace.
Quick Start
# 1. Install
pip install olav
# 2. Run โ first launch sets everything up and asks for your LLM API key
olav
# 3. Connect a service
olav registry register http://netbox:8000
# 4. Query
olav "how many devices are in NetBox?"
Scripted/CI setup:
olav initstill performs the same bootstrap non-interactively (setOPENAI_API_KEYor edit.olav/config/api.jsonfor the key). Check any installation's health witholav doctor.
Network Operations (optional)
olav agent install /path/to/olav-netops/ # adds netops + devops workspaces
# (legacy alias: `olav skill install`)
olav --agent netops "/netops_init" # collect device data via SSH
olav --agent netops "simulate R2 link failure" # What-If analysis
olav --agent netops "deploy digital twin" # ContainerLab validation
Other Interfaces
olav # interactive TUI
olav service start --all # web UI at localhost:2280
olav --agent core "run: df -h" # shell commands via Core Agent
Architecture
olav v0.18.0 (pip install olav)
โโโ core orchestrator (5 tools)
โ โโโ db_query โ execute_sql, olav_recall_memory, web_search, format_and_export
โ โโโ api_query โ api_request, service_health, web_search, format_and_export
โ โโโ remote โ remote_execute (SSH), run_shell
โ โโโ admin โ workspace_health, bulk_ingest, deploy/stop_service, cron, ...
โ
olav-netops v0.19.0 (olav agent install olav-netops/)
โโโ netops orchestrator
โ โโโ probe โ Parallel SSH with command whitelist (Nornir)
โ โโโ analysis โ Dijkstra + ECMP simulation (networkx)
โ โโโ diff โ Cross-snapshot drift detection
โ โโโ lab โ ContainerLab digital twin + commit-validate
โโโ audit
โ โโโ design โ Compliance profiles + health reports
โ โโโ learn โ TextFSM template learning
โโโ netops.* โ DuckDB tables + TextFSM collection pipeline
Tech Stack: LangChain ยท LangGraph ยท DeepAgents ยท DuckDB ยท LanceDB ยท FastAPI ยท NetworkX
Documentation
Docs: docs.olavai.com ยท Website: olavai.com
License
BSL-1.1 โ Business Source License 1.1
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file olav-0.22.0.tar.gz.
File metadata
- Download URL: olav-0.22.0.tar.gz
- Upload date:
- Size: 1.7 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e0e5e7f18e73a0a09d18d4561cdf5dcb9eba519b2e7f2d5c15c20471f07afa6f
|
|
| MD5 |
eec5c044900d20b26ed4973fc79d5d47
|
|
| BLAKE2b-256 |
6819fa1cd0c5a32606dca4ef644a5877db7ced6e6a9290e27907a744f348f69d
|
File details
Details for the file olav-0.22.0-py3-none-any.whl.
File metadata
- Download URL: olav-0.22.0-py3-none-any.whl
- Upload date:
- Size: 1.9 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca6cd74b8075063e0a403f145b3774965991a2596b9b618bfa484f115f4de36a
|
|
| MD5 |
077625c55e84012a8f16f92cf595ffb5
|
|
| BLAKE2b-256 |
034a05f03edc8a30a79460a619e8ce7f8fa932532098a8280e02c2d48b80b319
|