Operations queue

Automation, diagnostics, and approvals in one workflow.

Use this screen to see what is ready to plan, what is blocked by verification, which Rez incidents have draft fixes, and which changes are waiting for human approval.

Discover Plan Verify Diagnose Remediate Approve
CHG-4271 waiting for approval

Region 3 edge remediation: 7 sites, 42 devices, rollback generated, canary ready.

INC-2048 Rez RCA found missing outbound NAT evidence for the scoped flow.

Next: review generated commands, approve canary, apply, then verify live state.

Shared Discovery spine

One inventory and topology context feeds automation, drift, RCA, and packet investigation.

Local Runner-held credentials

SSH/API credentials stay on the Windows or Linux runner next to the network.

Read-only Rez Diagnostics

Rez can collect evidence and propose remediation, but it cannot apply configuration.

Gated Netcode writes

Writes require plan, policy gates, canary, approval, apply, and verification.

Outcome Lower change risk

Every device write is gated by a plan, validation, and proof.

Outcome Faster delivery

Engineers declare the result; the platform builds the artifacts.

Outcome Audit-ready proof

Each change ends with commands, evidence, Git history, and rollback.

Outcome Practical adoption

Use Git, YAML, templates, and Rez through guided workflows.

Story 01

Get ready

Git, source of truth, read access, and a safe test target — verified before any change.

Checking
Story 02

Bring devices under management

Point at an IP, read its live state, review the record, save it to source of truth.

Checking
Story 03

Make a safe change

Declare the outcome, branch it, see exact commands, prove it, apply, verify, push for review.

Waiting
Story 04

Troubleshoot / Investigate

Run read-only Rez checks, compare expected vs live, attach evidence to the change.

Not checked
Story 05

Prove it

One evidence package with request, intent, branch, commands, proof, investigation, rollback.

Waiting

Setup Wizard — run this once

Connect the pieces Netcode needs before daily SSH work: Git, source of truth, runner reachability, and proof mode. After these gates are green, most engineers should live in Shell.

Required before you can start a change

Required · 1

Git connected

Can changes be reviewed and audited?

Checking.

Required · 2

Source of truth

Does the platform know your network?

Checking.

How your changes will be proven (informational — these never block planning)

Info

Device reachability

Can the platform read your devices?

Checking.

Verification and drift read live device state. If the platform cannot read, you are blind after an apply.

Info

Proof mode

Where do changes get proven before they matter?

Checking.

Advanced: platform configuration
Editable platform configuration

Control the options this UI uses

Configuration has not been loaded yet.

Git
Source of truth
Credentials
Discovery defaults
Change defaults
Workflow gates
Full configuration JSON

Edit change cards, field labels, defaults, vendor choices, gates, paths, and audit settings.

Inventory

Bring devices under management: discover them live with Rez, or import them from NetBox — the de-facto network source of truth.

NetBox source of truth

Import devices from NetBox

Read-only. Set the URL and API token, test, then sync devices into inventory. Local YAML stays the default.

Discovered device

No discovery run yet.

Discovery is read-only. It collects device state and creates an import candidate; it does not change device config.

Desired State

Pick the outcome first. The platform builds the right YAML, template, validation, plan, and apply gates for that intent type.

What do you want the network to look like?

Target

Intent details

Step 2 · Give this change its own branch

Change branch not created

The change branch carries intent, config, validation, and proof for review.

Selected workflow

Add VLAN

Choose a change type and fill in the outcome. YAML remains visible as an artifact, not as the primary workflow.

Create a plan to see the YAML intent.

Plan

Preview the exact impact — forward and rollback — before the lab switch sees anything.

ActionNo plan yet
Affected device-
RiskUnknown
Apply gateNone
Terraform-style summary
Create a desired state first.
Exact generated commands
No commands generated yet.
Rollback plan (known before apply)
No rollback plan yet.
Pre / post checks for this change type
Create a plan to see the checks.

Validate

Policy checks must pass for every intent. Lab dry-run is available only for intent types with an Arista write adapter.

Git review plan
Create a plan first.
Lab dry-run proof
Run dry-run after validation is reviewed.

Apply + Verify

Apply stays locked until the selected intent type supports lab writes, policy validation passes, and dry-run proof exists.

PlanWaiting
ValidationWaiting
Dry-runWaiting
VerifyWaiting
No device command has been committed.

Send for review

Commit every artifact of this change to its branch, then push it so your team can review before merge.

Commit and push to produce a review-ready summary.

Fleet rollout — canary, then batches, halt on first failure

One change, many devices. Every device gets its own change record with the full safety spine (plan, policy gate, dry-run proof, apply, verify) — the rollout only sequences the waves. A failure anywhere stops everything that has not started.

Launch a fleet change

Golden path: add a VLAN across the fleet. The canary proves it before any batch runs.

Rollout

No rollout planned yet.

Plan a rollout to see the canary and batch waves before anything touches a device.

Fleet drift

Live state vs the committed baseline for every device in the source of truth — the out-of-band change finder. Runs on the on-prem runner; the sweep is recorded as an evidence report.

Never run in this session.
Netcode Shell Runner Shell mode: Direct Credentials stay on the runner The browser never touches the device
no session idle
Pick a device and press Open session for a live, guarded SSH terminal.

Troubleshoot / Investigate

Read-only checks use Rez SSH/API adapters to collect live evidence. Use them before a change, after a change, or during an incident. If a change is active, the result is attached to that change record.

Run a read-only check

No config mode. No commit. This only reads live device state.

Investigation result

No investigation run yet.

Pick a device and check type. The result will show the live evidence and whether it matches what you expected.

Read-only evidence will appear here.
InvestigationUnknown
ScopeNone
Live stateNot collected
Next actionReview
Create a plan, then check drift for that intent.

Evidence — the change record

One readable package per change: request, plan, safety, lab proof, apply proof, verification, Git record, rollback. Attach it to a ticket.

Pick a change to see its full record.

Advanced: raw artifacts
No artifacts yet. Start with Setup or Desired State.