Skip to main content

OLAV โ€” AI-native platform for autonomous operations with domain-aware agents, API-as-Tool, and Agent Harness

Project description

OLAV Logo

OLAV ๐Ÿบ

Online Analytical Vertex for Agentic Operations
AI-native platform for autonomous infrastructure operations.

Version License Python Docs Website

ไธญๆ–‡ๆ–‡ๆกฃ

Control your infrastructure with natural language. Connect any REST API in one command, query it instantly, generate environment-aware automation scripts โ€” no MCP servers, no code generation, no runtime complexity.

pip install olav
olav                                              # first run sets itself up โ€” just paste your LLM key
olav registry register http://netbox:8000        # connect any API
olav "how many devices are in NetBox?"            # query immediately
olav --agent netops "write a backup script"          # generate real scripts

Quick Start | Docs | ไธญๆ–‡


Why OLAV?

API-as-Service โ€” Beyond MCP

MCP requires a server process per service, stdio/HTTP transport, and framework-specific adapters. OLAV takes a different approach:

MCP:   Service โ†’ MCP server process โ†’ stdio/HTTP โ†’ adapter โ†’ agent
OLAV:  Service โ†’ olav registry register โ†’ reference markdown โ†’ api_request โ†’ done

One command. No server processes. No generated code. No runtime overhead.

# Register once
olav registry register http://netbox:8000

# Query from any agent, forever
olav "how many devices are in NetBox?"
olav --agent netops "compare OLAV database vs NetBox โ€” are they in sync?"

The api_request tool is schema-aware โ€” it reads API reference docs generated at registration time, handles pagination (DRF/NetBox style), and manages auth (JWT/Bearer/API-key) automatically.

Three Agents โ€” Strict Tool Isolation

olav "list all devices"                  โ†’ Core Agent (database + knowledge base)
olav --agent netops "simulate link failure" โ†’ Ops Agent (network operations + SSH)
olav --agent audit "run health check"    โ†’ Audit Agent (compliance + learning)

Core agent uses a subagent architecture โ€” the orchestrator sees only 5 tools:

core orchestrator (5 tools: execute_sql, olav_recall_memory, web_search, format_and_export, olav_delegate)
  โ”œโ”€โ”€ db_query    โ€” database queries, knowledge base, web search, export
  โ”œโ”€โ”€ api_query   โ€” API requests, health checks, web search, export
  โ”œโ”€โ”€ remote      โ€” SSH to servers, local shell commands
  โ””โ”€โ”€ admin       โ€” platform management, deployment, cron

Each subagent has only the tools it needs. execute_sql and api_request are in different subagents โ€” the LLM cannot confuse them. Principle of least authority, enforced by the harness.

7-Layer Write Security

AI agents that can write to production need more than HITL approval:

Layer Defense Bypassable?
--enable-api-write Write mode locked by default No
services.yaml readonly_only Per-service read/write control Config only
Dry-run simulation Must pass before approval offered No
HITL approval User sees diff, then confirms Not skippable
sandbox_guard hard_block HTTP writes in isolated sandbox Not skippable
unshare --net Kernel-level network isolation Not skippable
Audit trail Every api_request logged โ€”

--dangerously-skip-permissions bypasses tool approval for testing โ€” but cannot bypass API write approval. Network devices are always read-only.

Agent Harness โ€” The OS for AI Agents

Every agent decision passes through a mandatory execution control layer:

Layer 0: AAA        Token/LDAP/OIDC auth โ†’ RBAC โ†’ full audit trail
Layer 1: Middleware  HITL interception + memory injection
Layer 2: Sandbox    Pre-scan โ†’ DuckDB read-only โ†’ network namespace isolation
Layer 3: Output     Credential redaction + SSE encoding

Self-Improving Loop

Use OLAV โ†’ audit log captures every tool call
    โ†’ failure patterns extracted โ†’ written to LanceDB memory
    โ†’ future runs recall constraints before acting

Export as SFT/trajectory training data: olav log export sft.

The Software Understands You โ€” Not the Other Way Around

You should never need to read a manual before OLAV is useful, and never need to hand-edit JSON to recover from a mistake:

  • Zero-ritual onboarding โ€” the first bare olav builds everything itself (directories, databases, agents, local embedding model) and asks for exactly one thing: your LLM API key. No separate init step, no config file editing.
  • A first screen that knows your state โ€” instead of generic tips, the welcome screen tells you what's actually true: "embedding backend unavailable โ€” memory features limited", "netops installed but no device data yet โ€” import a snapshot", "welcome back โ€” last time: 'why is R1's BGP flapping?'".
  • Health checks anywhere โ€” olav doctor from the shell or /doctor inside the TUI: zero-LLM probes of scaffolding, LLM, and embedding, each failure paired with the fix.
  • Change config by talking โ€” "switch my LLM to deepseek-chat" is validated against the live provider before it's saved; a bad key or model name is rejected with the real error and your working config untouched. Every change snapshots the previous one โ€” "rollback my LLM config" undoes it.
  • Undo for agent actions โ€” file writes and cron changes are journaled; "undo that" reverts the most recent one.
  • Failures tell you what to do next โ€” a mid-session 401 or quota error prints the diagnosis path and the rollback phrase, not a stack trace.

Quick Start

# 1. Install
pip install olav

# 2. Run โ€” first launch sets everything up and asks for your LLM API key
olav

# 3. Connect a service
olav registry register http://netbox:8000

# 4. Query
olav "how many devices are in NetBox?"

Scripted/CI setup: olav init still performs the same bootstrap non-interactively (set OPENAI_API_KEY or edit .olav/config/api.json for the key). Check any installation's health with olav doctor.

Network Operations (optional)

olav agent install /path/to/olav-netops/          # adds netops + devops workspaces
                                                   # (legacy alias: `olav skill install`)

olav --agent netops "/netops_init"                 # collect device data via SSH
olav --agent netops "simulate R2 link failure"     # What-If analysis
olav --agent netops "deploy digital twin"          # ContainerLab validation

Other Interfaces

olav                            # interactive TUI
olav service start --all        # web UI at localhost:2280
olav --agent core "run: df -h"  # shell commands via Core Agent

Architecture

olav v0.18.0 (pip install olav)
โ”œโ”€โ”€ core orchestrator (5 tools)
โ”‚   โ”œโ”€โ”€ db_query    โ€” execute_sql, olav_recall_memory, web_search, format_and_export
โ”‚   โ”œโ”€โ”€ api_query   โ€” api_request, service_health, web_search, format_and_export
โ”‚   โ”œโ”€โ”€ remote      โ€” remote_execute (SSH), run_shell
โ”‚   โ””โ”€โ”€ admin       โ€” workspace_health, bulk_ingest, deploy/stop_service, cron, ...
โ”‚
olav-netops v0.19.0 (olav agent install olav-netops/)
โ”œโ”€โ”€ netops orchestrator
โ”‚   โ”œโ”€โ”€ probe    โ€” Parallel SSH with command whitelist (Nornir)
โ”‚   โ”œโ”€โ”€ analysis โ€” Dijkstra + ECMP simulation (networkx)
โ”‚   โ”œโ”€โ”€ diff     โ€” Cross-snapshot drift detection
โ”‚   โ””โ”€โ”€ lab      โ€” ContainerLab digital twin + commit-validate
โ”œโ”€โ”€ audit
โ”‚   โ”œโ”€โ”€ design   โ€” Compliance profiles + health reports
โ”‚   โ””โ”€โ”€ learn    โ€” TextFSM template learning
โ””โ”€โ”€ netops.*     โ€” DuckDB tables + TextFSM collection pipeline

Tech Stack: LangChain ยท LangGraph ยท DeepAgents ยท DuckDB ยท LanceDB ยท FastAPI ยท NetworkX


Documentation

Docs: docs.olavai.com ยท Website: olavai.com


License

BSL-1.1 โ€” Business Source License 1.1

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

olav-0.22.0.tar.gz (1.7 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

olav-0.22.0-py3-none-any.whl (1.9 MB view details)

Uploaded Python 3

File details

Details for the file olav-0.22.0.tar.gz.

File metadata

  • Download URL: olav-0.22.0.tar.gz
  • Upload date:
  • Size: 1.7 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for olav-0.22.0.tar.gz
Algorithm Hash digest
SHA256 e0e5e7f18e73a0a09d18d4561cdf5dcb9eba519b2e7f2d5c15c20471f07afa6f
MD5 eec5c044900d20b26ed4973fc79d5d47
BLAKE2b-256 6819fa1cd0c5a32606dca4ef644a5877db7ced6e6a9290e27907a744f348f69d

See more details on using hashes here.

File details

Details for the file olav-0.22.0-py3-none-any.whl.

File metadata

  • Download URL: olav-0.22.0-py3-none-any.whl
  • Upload date:
  • Size: 1.9 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for olav-0.22.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ca6cd74b8075063e0a403f145b3774965991a2596b9b618bfa484f115f4de36a
MD5 077625c55e84012a8f16f92cf595ffb5
BLAKE2b-256 034a05f03edc8a30a79460a619e8ce7f8fa932532098a8280e02c2d48b80b319

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page