netapi: Roadmap & Commercialization

1. Roadmap

1.1. Vendor Expansion

Vendor API Type Priority Status

VyOS

REST + CLI

P1

Planned

Aruba CX

REST

P1

Planned

Juniper

NETCONF/REST

P2

Planned

MikroTik

REST

P2

Planned

Ubiquiti

REST

P3

Planned

OpenWrt

ubus/REST

P3

Planned

1.2. Deeper Coverage (Existing Vendors)

  • pfSense: HAProxy, Suricata APIs

  • Wazuh: Agent management, rule creation

  • Infoblox: Full DHCP, DNS, IPAM coverage

  • Synology: DSM API completion

1.3. Technical Features

  • gNMI streaming telemetry

  • AsyncIO for bulk operations

  • Auto-generated Python API docs (Sphinx autodoc)

1.4. AI Assistant (RAG)

Customer-facing AI support system using Retrieval-Augmented Generation.

Customer Query -> Embedding API -> Vector Store (ChromaDB)
                                        |
                                  Top K chunks
                                        |
                               Claude API -> Response

Features:

  • Index 244+ Antora doc pages + Python docstrings

  • CLI interface: netapi ask "How do I query failed auths?"

  • Returns answers with working code examples

  • Feature request intake for new API coverage

Implementation:

  • Vector DB: ChromaDB (local) → Qdrant (production)

  • Embeddings: OpenAI ada-002

  • LLM: Claude API

  • Module location: netapi/ai/

2. Commercialization

Commercial viability assessment conducted 2026-03-25.

2.1. Relationship to Kora

netapi is the private, battle-tested Python codebase. Kora is the clean-room public Go rewrite built for distribution. netapi remains the proving ground where patterns are validated before being ported to Kora.

2.2. Current State Assessment

Metric Score Notes

Overall Readiness

5/10

Approaching commercial viability

Code Architecture

9/10

Excellent — atomic design, 18 vendors

Test Coverage

1/10

Critical gap — 193 lines (needs ~2000)

User Documentation

8/10

244 Antora pages, comprehensive ISE coverage

Python API Docs

2/10

Missing Sphinx autodoc from docstrings

Distribution

0/10

Not on PyPI, version 0.1.0

2.3. Gap Analysis

Gap Priority Current Target

Tests

P0

193 lines

2,000+ lines

PyPI

P0

Not published

pip installable

Python API Docs

P1

None

Sphinx autodoc

Version

P1

0.1.0

1.0.0 (semver)

AI Assistant

P2

None

RAG-based support bot

2.4. Market Positioning

Target Niche: "NetAPI for Cisco ISE"

Rather than competing with broad tools (Ansible, Napalm, Netmiko), position as THE ISE automation library:

  • 5 APIs fully implemented (ERS, MnT, DataConnect, pxGrid, OpenAPI)

  • Only tool with DataConnect SQL support

  • pxGrid real-time capabilities

  • Enterprise-grade exception hierarchy

2.5. VyOS Appliance Opportunity

Business Model: Build custom VyOS-based router/firewall appliances with enterprise support.

Component Description

Custom Images

Pre-configured VyOS images with security hardening, netapi integration

Support Contracts

Enterprise support for VyOS deployments (similar to Netgate/pfSense model)

netapi Integration

VyOS vendor module becomes the management/automation layer

Target Market

SMB/Enterprise needing open-source firewall with commercial support

Synergy with netapi:

  • VyOS REST API + CLI automation via netapi.vendors.vyos

  • Unified management across VyOS + ISE + pfSense fleet

  • Differentiator: ISE-integrated firewall (802.1X, SGT-aware policies)

2.6. Implementation Phases

2.6.1. Phase 1: Test Infrastructure

  • pytest setup with fixtures

  • Unit tests for ISE clients (ERS, MnT, DataConnect)

  • Integration tests (mock servers)

  • CI/CD with GitHub Actions

  • Coverage target: 70%

2.6.2. Phase 2: Documentation

  • Sphinx/MkDocs site

  • API reference (auto-generated)

  • Quick start guides

  • ISE automation cookbook

  • Examples repository

2.6.3. Phase 3: Distribution

  • Version bump to 0.5.0 → 1.0.0

  • PyPI publication

  • Semantic versioning

  • CHANGELOG.md (keepachangelog format)

2.6.4. Phase 4: Community

  • GitHub Discussions enabled

  • Contributing guide

  • Issue templates

  • DevNet integration

  • Conference talks (Cisco Live, DevNet Create)

2.7. Success Metrics

Milestone Metric Target

PyPI Launch

Downloads/month

100+

Documentation

Page views

500+/month

Community

GitHub stars

50+

Enterprise

Paid users

5+ orgs

3. Change Log

3.1. [0.4.0] - 2026-03-25

Security:

  • Patched 4 Dependabot vulnerabilities:

    • cryptography >=46.0.5 — SECT curve subgroup attack (HIGH)

    • pyasn1 >=0.6.3 — DoS via unbounded recursion (HIGH)

    • requests >=2.33.0 — Insecure temp file reuse (MEDIUM)

    • python-socketio >=5.14.0 — RCE via pickle deserialization (MEDIUM)

Added:

  • Unified exception hierarchy (netapi.primitives.exceptions)

    • NetapiError base class — catch all vendor errors with single except

    • NetapiApiError, NetapiAuthError, NetapiConnectionError

    • NetapiNotFoundError, NetapiRateLimitError, NetapiTimeoutError

  • New extras: github, gitlab, gitea, monad, vault

Breaking:

  • genie/pyats removed from parsing extra (CVE conflict with pyasn1)

Fixed:

  • Bare except: clauses replaced with specific exceptions