Skip to content

Agent networks API link#824

Closed
mlsmaycon wants to merge 14 commits into
mainfrom
feature/anet
Closed

Agent networks API link#824
mlsmaycon wants to merge 14 commits into
mainfrom
feature/anet

Conversation

@mlsmaycon

@mlsmaycon mlsmaycon commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary by CodeRabbit

  • New Features

    • Added a new Agent Network area to the app navigation, including a dedicated resources link.
    • Introduced a new Agent Network documentation hub with quickstart, overview, providers, policies, limits, guardrails, usage, logs, and architecture pages.
  • Documentation

    • Expanded guidance for setup, access control, request flow, logging, and retention.
    • Added clearer explanations of limits, guardrails, and provider configuration.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

This PR adds a new "Agent Network" documentation section, including navigation entries in the API and docs sidebars, and a comprehensive set of new MDX pages covering overview, quickstart, architecture, providers, policies, limits, guardrails, and usage/logs. It also updates the OpenAPI generation script in package.json to use a Go-based generator instead of swagger-codegen.

Changes

Agent Network Documentation

Layer / File(s) Summary
Navigation entries
src/components/NavigationAPI.jsx, src/components/NavigationDocs.jsx
Adds "Agent Network" links to the API resources sidebar and a new "AGENT NETWORK" top-level group with nested Policies and Usage & Logs links to the docs sidebar.
Overview and quickstart
src/pages/agent-network/index.mdx, src/pages/agent-network/quickstart.mdx
New index page introduces Agent Network, its two use cases, and enterprise IT fit; quickstart page walks through end-to-end setup, provider connection, policy creation, and verification.
Architecture documentation
src/pages/agent-network/how-it-works.mdx
New page details request paths, the LLM request middleware pipeline, identity/routing, policy/limit/guardrail evaluation, keyless access, logging, and overlay transport.
Providers documentation
src/pages/agent-network/providers.mdx
New page lists supported providers/gateways, connection steps, model/pricing behavior, and the shared keyless endpoint.
Policies, limits, guardrails
src/pages/agent-network/policies/index.mdx, src/pages/agent-network/policies/limits.mdx, src/pages/agent-network/policies/guardrails.mdx, src/pages/agent-network/global-limits.mdx
New pages describe policy creation, token/budget window semantics and enforcement, guardrail configuration, and account-wide global limits.
Usage and logs documentation
src/pages/agent-network/usage-and-logs/*
New pages cover usage overview, access logs, and log collection/retention settings.

OpenAPI Generation Script

Layer / File(s) Summary
Gen script pipeline change
package.json
The gen script now curls the OpenAPI spec, runs a Go generator to produce expanded.yml, and feeds that into the existing ts-node generator/index.ts gen step, replacing the prior swagger-codegen flow.

Estimated code review effort: 2 (Simple) | ~15 minutes

Possibly related PRs

  • netbirdio/docs#813: Introduces the same Agent Network MDX pages and navigation entry structure.
  • netbirdio/docs#816: Overlaps in the same index.mdx and quickstart.mdx intro/beta messaging sections.
  • netbirdio/docs#822: Modifies the same access-logs.mdx page introduced here, extending it with a Sessions view.

Poem

A rabbit hops through docs anew,
"Agent Network" springs into view 🐇
Policies, limits, logs all fine,
Guardrails keeping every line,
Curl and Go now fetch the spec—
Hop, hop, hooray, no more neglect!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is related to the Agent Network additions, but it undersells the broader documentation rollout.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/anet
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch feature/anet

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

src/components/NavigationAPI.jsx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/components/NavigationDocs.jsx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

src/pages/agent-network/global-limits.mdx

Oops! Something went wrong! :(

ESLint: 9.39.4

TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Object'
| property 'configs' -> object with constructor 'Object'
| property 'flat' -> object with constructor 'Object'
| ...
| property 'plugins' -> object with constructor 'Object'
--- property 'react' closes the circle
Referenced from:
at JSON.stringify ()
at file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:308:45
at Array.map ()
at ConfigValidator.formatErrors (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:299:23)
at ConfigValidator.validateConfigSchema (file:///node_modules/@eslint/eslintrc/lib/shared/config-validator.js:330:84)
at ConfigArrayFactory._normalizeConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:676:19)
at ConfigArrayFactory._loadConfigData (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:641:21)
at ConfigArrayFactory._loadExtendedShareableConfig (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:946:21)
at ConfigArrayFactory._loadExtends (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:814:25)
at ConfigArrayFactory._normalizeObjectConfigDataBody (file:///node_modules/@eslint/eslintrc/lib/config-array-factory.js:752:25)

  • 11 others

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
package.json (1)

11-11: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick win

Unpinned upstream spec source (main branch) makes doc generation non-reproducible.

Fetching directly from netbirdio/netbird's main branch means the generated API pages can change or break silently whenever the upstream repo's spec changes, with no way to reproduce a prior build. Consider pinning to a tagged release/commit SHA and bumping it deliberately.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 11, The docs generation command is pulling the OpenAPI
spec from netbirdio/netbird main, which makes builds non-reproducible. Update
the gen script in package.json to fetch a pinned upstream reference instead of
main, using a specific tag or commit SHA, and keep the rest of the generator
flow unchanged. Adjust the command so future bumps are deliberate and easy to
review.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 11: The package.json gen script currently downloads
generator/openapi/openapi.yml with curl without failing on HTTP errors, so
invalid responses can still flow into the downstream generator. Update the gen
command to make the curl invocation fail fast on non-2xx responses by adding the
appropriate fail flag, and keep the rest of the pipeline unchanged so go run .
and generator/index.ts only run after a successful download.

In `@src/pages/agent-network/policies/index.mdx`:
- Around line 14-18: The MDX page uses the Note component in the agent-network
policies content but does not import it, which will break the build unless it is
globally available. Add the Note import at the top of the MDX file, using the
custom MDX components entry from `@/components/mdx`, and ensure the Note usage in
the page resolves to that imported symbol.
- Around line 40-52: The curl example in the MDX page uses a real
production-looking hostname and disables TLS verification with -k, which should
not be shown in public docs. Update the example to use a placeholder endpoint
instead of sailcloth.netbird.ai, and remove -k so certificate checks remain
enabled unless the surrounding documentation explicitly justifies bypassing
them. Keep the change within the existing example block so it remains consistent
with the rest of the page.

---

Nitpick comments:
In `@package.json`:
- Line 11: The docs generation command is pulling the OpenAPI spec from
netbirdio/netbird main, which makes builds non-reproducible. Update the gen
script in package.json to fetch a pinned upstream reference instead of main,
using a specific tag or commit SHA, and keep the rest of the generator flow
unchanged. Adjust the command so future bumps are deliberate and easy to review.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 44882364-869f-4484-b944-5aad7bc6ad7f

📥 Commits

Reviewing files that changed from the base of the PR and between 7c8e149 and 25fc1e6.

⛔ Files ignored due to path filters (25)
  • public/docs-static/img/agent-network/global-limits/agent-network-create-global-limit.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/global-limits/agent-network-global-limits-list.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/how-it-works/agent-network-diagram-internal-resources.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/how-it-works/agent-network-diagram-llm-apis.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/overview/agent-network-control-center-v2.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/overview/agent-network-control-center.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/overview/agent-network-internal-resources-policy.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/overview/agent-network-llm-policy.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/policies/agent-network-access-log.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/policies/agent-network-create-policy.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/policies/agent-network-guardrails.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/policies/agent-network-policy-limits.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/providers/agent-network-create-provider.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/providers/agent-network-providers-list.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-add-policy.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-add-provider.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-agent-config.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-connect-device.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-empty-endpoint.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-endpoint.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/quickstart/agent-network-usage-and-logs.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/usage-and-logs/agent-network-access-log-filters.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/usage-and-logs/agent-network-access-logs.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/usage-and-logs/agent-network-log-collection.png is excluded by !**/*.png
  • public/docs-static/img/agent-network/usage-and-logs/agent-network-usage-overview.png is excluded by !**/*.png
📒 Files selected for processing (15)
  • package.json
  • src/components/NavigationAPI.jsx
  • src/components/NavigationDocs.jsx
  • src/pages/agent-network/global-limits.mdx
  • src/pages/agent-network/how-it-works.mdx
  • src/pages/agent-network/index.mdx
  • src/pages/agent-network/policies/guardrails.mdx
  • src/pages/agent-network/policies/index.mdx
  • src/pages/agent-network/policies/limits.mdx
  • src/pages/agent-network/providers.mdx
  • src/pages/agent-network/quickstart.mdx
  • src/pages/agent-network/usage-and-logs/access-logs.mdx
  • src/pages/agent-network/usage-and-logs/index.mdx
  • src/pages/agent-network/usage-and-logs/log-collection.mdx
  • src/pages/agent-network/usage-and-logs/usage-overview.mdx

Comment thread package.json
"gen:last-updated": "node scripts/generate-last-updated.mjs",
"gen:sitemap": "node scripts/generate-sitemap.mjs",
"gen": "swagger-codegen generate -i https://raw.githubusercontent.com/netbirdio/netbird/main/management/server/http/api/openapi.yml -l openapi -o generator/openapi && npx ts-node generator/index.ts gen --input generator/openapi/openapi.json --output src/pages/ipa/resources",
"gen": "mkdir -p generator/openapi && curl -L -o generator/openapi/openapi.yml https://raw.githubusercontent.com/netbirdio/netbird/main/shared/management/http/api/openapi.yml && (cd generator && go run .) && npx ts-node generator/index.ts gen --input generator/openapi/expanded.yml --output src/pages/ipa/resources",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Add -f/--fail to the curl call.

Without -f, curl -L -o writes HTTP error bodies (e.g. a GitHub 404/5xx page) to openapi.yml and still exits 0, letting go run . and the downstream generator proceed on invalid input instead of failing fast with a clear network error.

🔧 Proposed fix
-    "gen": "mkdir -p generator/openapi && curl -L -o generator/openapi/openapi.yml https://raw.githubusercontent.com/netbirdio/netbird/main/shared/management/http/api/openapi.yml && (cd generator && go run .) && npx ts-node generator/index.ts gen --input generator/openapi/expanded.yml --output src/pages/ipa/resources",
+    "gen": "mkdir -p generator/openapi && curl -fL -o generator/openapi/openapi.yml https://raw.githubusercontent.com/netbirdio/netbird/main/shared/management/http/api/openapi.yml && (cd generator && go run .) && npx ts-node generator/index.ts gen --input generator/openapi/expanded.yml --output src/pages/ipa/resources",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"gen": "mkdir -p generator/openapi && curl -L -o generator/openapi/openapi.yml https://raw.githubusercontent.com/netbirdio/netbird/main/shared/management/http/api/openapi.yml && (cd generator && go run .) && npx ts-node generator/index.ts gen --input generator/openapi/expanded.yml --output src/pages/ipa/resources",
"gen": "mkdir -p generator/openapi && curl -fL -o generator/openapi/openapi.yml https://raw.githubusercontent.com/netbirdio/netbird/main/shared/management/http/api/openapi.yml && (cd generator && go run .) && npx ts-node generator/index.ts gen --input generator/openapi/expanded.yml --output src/pages/ipa/resources",
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 11, The package.json gen script currently downloads
generator/openapi/openapi.yml with curl without failing on HTTP errors, so
invalid responses can still flow into the downstream generator. Update the gen
command to make the curl invocation fail fast on non-2xx responses by adding the
appropriate fail flag, and keep the rest of the pipeline unchanged so go run .
and generator/index.ts only run after a successful download.

Comment on lines +14 to +18
<Note>
This page explains how to create and manage access to AI providers and gateways. If you are
looking for a guide on how to manage access to internal resources, see
[Access Control](/manage/access-control).
</Note>

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🔴 Critical | ⚡ Quick win

Import Note before using it.

This page renders <Note> but never imports it, so the MDX build will fail unless the component is globally injected. Add the import at the top of the file.

Fix
+ import { Note } from '`@/components/mdx`'

As per path instructions, import custom components from @/components/mdx when you use them.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<Note>
This page explains how to create and manage access to AI providers and gateways. If you are
looking for a guide on how to manage access to internal resources, see
[Access Control](/manage/access-control).
</Note>
import { Note } from '`@/components/mdx`'
<Note>
This page explains how to create and manage access to AI providers and gateways. If you are
looking for a guide on how to manage access to internal resources, see
[Access Control](/manage/access-control).
</Note>
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/agent-network/policies/index.mdx` around lines 14 - 18, The MDX
page uses the Note component in the agent-network policies content but does not
import it, which will break the build unless it is globally available. Add the
Note import at the top of the MDX file, using the custom MDX components entry
from `@/components/mdx`, and ensure the Note usage in the page resolves to that
imported symbol.

Source: Path instructions

Comment on lines +40 to +52
```bash
curl -vk https://sailcloth.netbird.ai/v1/chat/completions \
--header "Content-Type: application/json" \
--data '{
"model": "gpt-5.5",
"messages": [
{
"role": "user",
"content": "What is NetBird?"
}
]
}' | jq
```

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Replace the concrete hostname and drop -k.

This example disables TLS verification and hard-codes a production-looking host into a public MDX page. Use a placeholder endpoint and keep certificate checks enabled unless the page explicitly explains why they must be bypassed.

Fix
- curl -vk https://sailcloth.netbird.ai/v1/chat/completions \
+ curl -v https://<agent-network-endpoint>/v1/chat/completions \

As per coding guidelines, src/pages/**/*.{md,mdx}: Never include real customer names, internal hostnames, IPs, or production credentials in MDX documentation or public/ files — use placeholders instead.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
```bash
curl -vk https://sailcloth.netbird.ai/v1/chat/completions \
--header "Content-Type: application/json" \
--data '{
"model": "gpt-5.5",
"messages": [
{
"role": "user",
"content": "What is NetBird?"
}
]
}' | jq
```
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/pages/agent-network/policies/index.mdx` around lines 40 - 52, The curl
example in the MDX page uses a real production-looking hostname and disables TLS
verification with -k, which should not be shown in public docs. Update the
example to use a placeholder endpoint instead of sailcloth.netbird.ai, and
remove -k so certificate checks remain enabled unless the surrounding
documentation explicitly justifies bypassing them. Keep the change within the
existing example block so it remains consistent with the rest of the page.

Source: Coding guidelines

@mlsmaycon mlsmaycon closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants