Extensibility & Intelligence

Built to be extended

Write plugins with a typed SDK, distribute them through a signed marketplace, and bring AI into your operations (beta) with multi-provider LLM support and a governance model that keeps credentials and PII from leaving your environment.

Get started in 30 seconds

Install the SDK

$ pip install freesdn-sdk

Scaffold a plugin

$ freesdn-sdk init my-plugin
Extensibility

Plugin System & SDK

Extend FreeSDN with two-tier extensibility: native first-party modules (full trust) and SDK plugins (permission-declared, SDK-bounded, super_admin install only). The Plugin SDK gives developers typed interfaces, testing utilities, and CLI tools. Install from PyPI with pip install freesdn-sdk.

Trusted-Author Model

The plugin loader applies load-time import hygiene and permission checks. It is not a security sandbox in the OS/container sense. Plugins are cooperative: they are expected to be authored by trusted parties (super_admin installs only). SDK interfaces, SSRF-locked HTTP, and permission gates provide the safety guardrails.

Full SDK Interfaces

Typed interfaces for devices, alerts, events, settings, and HTTP. Your plugin gets a PluginContext with DeviceSDK, AlertSDK, EventSDK, PluginSettingsSDK, and an SSRF-protected HTTP client (blocks internal IPs, private ranges, cloud metadata endpoints).

Manifest Validation

Every plugin declares a plugin.yaml manifest with ID, version, permissions, dependencies, event subscriptions, and settings schema. Validated at install time and at development time via the SDK CLI.

Event-Driven Architecture

Subscribe to any event pattern (device.status.changed, alert.created, etc.) with priority routing. Plugins can emit their own events. Full correlation and causation ID tracing across the event chain.

Ed25519-Signed Marketplace

Package plugins as versioned ZIPs. Marketplace catalog entries are Ed25519-signed by the publisher; unsigned packages are refused by default. SHA-256 verified at install. Per-organization plugin enablement. Super_admin install only.

Developer CLI

freesdn-sdk init, validate, package, and check commands. Scaffold a plugin in seconds, validate your manifest, build a distributable ZIP, and check for import hygiene issues before deploying.

Write a plugin in minutes

Subclass FreeSDNPlugin, implement lifecycle hooks, and use the typed SDK context to interact with devices, alerts, events, and settings. Permissions you declare in the manifest are the ceiling for what the platform will allow.

SDK Interfaces
DeviceSDK

Query and manage devices across all adapters

list, get, get_ports, update

AlertSDK

Create alerts, resolve incidents, manage severity

list, create, resolve, update

EventSDK

Publish and subscribe to domain events

emit, subscribe

PluginSettingsSDK

Per-plugin configuration and encrypted secrets

get, set, get_secret, set_secret

PluginHTTPClient

SSRF-protected HTTP client with timeout limits

get, post, put, delete, patch

plugin.py
from freesdn import FreeSDNPlugin, PluginContext
class OfflineMonitor(FreeSDNPlugin):
"""Alert when devices go offline."""
async def on_start(self, org_id, db=None):
await super().on_start(org_id, db)
self.ctx.events.subscribe(
"device.status.changed"
)
async def on_event(self, event):
if event.payload.get("status") == "offline":
await self.ctx.alerts.create(
title=f"{event.payload['name']} went offline",
severity="critical",
)
terminal
$ pip install freesdn-sdk
$ freesdn-sdk init offline-monitor
$ freesdn-sdk validate .
# Manifest valid. 0 warnings.
$ freesdn-sdk check .
# Import hygiene OK. 0 warnings.
$ freesdn-sdk package .
# Created offline-monitor-1.0.0.zip (2.1 KB)

Runtime Limits

Hard limits enforced by the FreeSDN runtime to prevent resource abuse.

50

Triggers per plugin

50

Actions per plugin

20

AI tools per plugin

50

Python dependencies

50 MB

Max ZIP size

60s

HTTP timeout

Fabric: universal app-interconnect

The Fabric layer (GET /api/v1/fabric/catalog) publishes a single tier-tagged catalog of operations, events, and AI-tool projections from both native modules and SDK plugins. Operators author Connections (event → step chain) that wire any app to any other without custom code. Three built-in sinks (notify / log / webhook), inbound org-key ingestion, outbound webhook, and a community n8n node (n8n-nodes-freesdn). Writes always ride the staged dual-gate.

AI-Powered Operations

LLM Integration & Governance BETA

Bring AI into your network operations with built-in governance. Three cloud and self-hosted providers, 11 platform tools, an agentic loop, and a 3-layer governance model that keeps credentials and PII from reaching the cloud. AI is off by default and must be explicitly enabled.

Supported Providers

ProviderModelsStatus
OpenAIGPT-4o, GPT-4o-mini, and othersReady
AnthropicClaude Sonnet, Haiku, and othersReady
OllamaLlama 3, Mistral, Qwen (self-hosted)Ready

Global Kill-Switch (default OFF)

AI is disabled by default at the platform level. Administrators must explicitly enable it. No AI calls leave the platform until a super_admin opts in, preventing accidental cloud exposure.

Per-Org Policy

Each organization has its own AI policy: DISABLED, LOCAL_ONLY (Ollama only, no cloud), or CLOUD_APPROVED. Orgs cannot exceed the platform-level policy ceiling.

PII Redaction Before Cloud

Sensitive values are stripped from context before any prompt reaches a cloud provider. Device credentials, secrets, and personal data are redacted so they never leave your environment in plain text.

11 Built-in Tools & Agentic Loop

The assistant ships 11 platform tools (device queries, alert management, config review, diagnostics, and more). An agentic loop (up to 5 iterations) lets the model chain tool calls to complete multi-step tasks. Plugins can register up to 20 additional AI tools each.

Built-in Use Cases

Network Diagnostics

Ask AI to analyze device health, explain port errors, and suggest fixes based on real-time telemetry data.

Alert Triage

AI summarizes alert clusters, identifies root causes, and recommends remediation steps across device types.

Configuration Review

Submit config changes for AI review before deployment. Catch VLAN mismatches, routing loops, and security gaps.

Natural Language Queries

Ask questions in plain English: 'Which switches have high CPU?' or 'Show me all offline cameras at Site 3'.

Plugin Security

Cooperative trusted-author model

The plugin loader applies load-time import hygiene and permission checks. It isnot an OS-level or container-level security sandbox. Plugins are expected to be authored by trusted parties; super_admin installation is required. Guardrails include: SDK-only interfaces, SSRF-locked HTTP, a confused-deputy permission check (plugin runs with plugin∩caller permissions), hash-pinned dependencies, and an Ed25519-signed marketplace catalog that refuses unsigned packages by default.

SDK

Typed Interfaces Only

Plugins access devices, alerts, events, and settings exclusively through typed SDK interfaces

SSRF

Protected HTTP

HTTP client blocks internal IPs, private ranges, and cloud metadata endpoints

Ed25519

Signed Catalog

Marketplace catalog is publisher-signed; unsigned packages refused by default

Confused-Deputy Guard

Plugin executes with the intersection of plugin permissions and calling-user permissions

Open Source

Free as in freedom

FreeSDN is fully open-source under the AGPLv3 (AGPL-3.0-only) license. No artificial limitations, no "community edition" crippling, no surprise licensing changes.

AGPL-3.0 Licensed

No vendor lock-in, no per-device fees, no phone-home telemetry. Fork it, extend it, build services on top of it. The source is yours.

No Per-Device Fees

Monitor a small lab or a large fleet. FreeSDN charges nothing per device. Compare that to commercial per-device licensing.

Self-Hosted

By default, your credentials and data stay on your own infrastructure. No cloud dependency, no SaaS outage risk, fully air-gappable.

Community-Driven

Built by network engineers for network engineers. Feature requests, bug reports, and pull requests are all welcome.

Ready to take control of your network?

Join the community managing their multi-vendor infrastructure with a single, open-source platform.

See it running in your browser

Explore the full FreeSDN dashboard with realistic sample data, no signup, no backend. Then install it in minutes.