The first AI agent built for network engineers.
Download · ARIA Agent · Features · Security · Dev Setup
NetCopilot is not just a terminal — it is an AI agent that connects to your network devices, understands your infrastructure, and acts autonomously to diagnose, troubleshoot, and fix problems.
At its core is ARIA (Autonomous Real-time Infrastructure Agent): a real agentic system that plans investigations, executes commands, reads output, and delivers structured recommendations — all without leaving your terminal. You describe the problem; ARIA handles the rest.
Screen.Recording.2026-04-26.at.12.17.25.AM.mov
Pre-built binaries for all platforms — no build step required.
| Platform | File | Architecture |
|---|---|---|
| macOS | .dmg |
Apple Silicon (arm64) / Intel (x64) |
| Windows | .exe installer |
x64 |
| Linux | .AppImage / .deb |
x64 |
ARIA is the core of NetCopilot. It is not a chatbot — it is a real agentic system built specifically for network and infrastructure engineers.
When you describe a problem, ARIA doesn't just answer — it acts:
You: "There's a BGP flapping issue on this router"
ARIA:
Plan → [Check BGP summary] [Check neighbor state] [Check route table] [Check logs]
↓ show ip bgp summary ✓
↓ show ip bgp neighbors ✓
↓ show ip route bgp ✓
↓ show logging | include BGP ✓
Analysis: Neighbor 10.0.0.1 is flapping due to hold-timer expiry.
MTU mismatch detected on Gi0/0/1. Recommended fix: ...
- Plans — generates a structured investigation plan before touching anything
- Executes — runs commands automatically, one after another
- Analyzes — reads all output collectively, not per-command
- Delivers — complete, structured diagnosis with actionable recommendations
ARIA carries deep, vendor-specific knowledge for every supported platform — not generic advice. Each device type has a dedicated playbook:
- Signature commands — the exact commands a senior engineer would run first
- Common root causes — the failure modes that actually happen in production
- Diagnostic flow — the correct order to isolate the failing layer
On Cisco ASA →
packet-tracer. On FortiGate →diagnose debug flow. On Palo Alto →test security-policy-match. These are the expert moves.
| Capability | Description |
|---|---|
| Batch Execution | 2–5 independent commands in a single round-trip |
| Structured Context | Every message includes parsed hostname, prompt, last 5 commands + outputs |
| Auto Device Detection | Identifies device type from live terminal output before responding |
| Smart Retry | Auto-retries with vendor-appropriate syntax when output is empty |
| Conversation Compression | Summarizes older messages intelligently while preserving intent |
| L4 Planning Mode | Visual investigation plan card with live step-by-step progress |
| Multi-Session Intelligence | Aware of all open sessions; routes commands to correct device |
| Session Summary | Delivers a recap of all commands when closing a tab |
| Mode | Description |
|---|---|
| Troubleshoot | Read-only diagnostics (show, display, ping, traceroute) — no config changes |
| Full Access | Any command including configuration — ARIA warns before destructive operations |
| Control | Behavior |
|---|---|
| Ask | Shows every command and waits for approval |
| Auto | Executes all commands immediately |
| Blocked Patterns | reload, rm -rf, write erase, etc. — always enforced regardless of mode |
When enabled, ARIA silently monitors your terminal output in real time. If it detects errors, misconfigurations, or anomalies — it alerts you immediately without interrupting your work.
ARIA is free during the beta period — no payment required:
- Go to netcopilot.app/register and get your free key
- Open the app → Settings → ARIA
- Paste your license key — done
Your license key is stored in the OS keychain — never on disk or in any file.
| Protocol | Details |
|---|---|
| SSH | Password, SSH key, key+passphrase, Cisco Enable Password |
| Telnet | Full NAWS negotiation, automatic terminal resize |
| Serial | RS-232 / USB-to-Serial, configurable baud/parity/data bits/stop bits/flow control |
| Category | Platforms |
|---|---|
| Auto-detect | Automatically identifies device type on first login |
| Cisco | IOS, IOS-XE, NX-OS, ASA |
| Routing & Switching | Juniper JunOS, Arista EOS, Nokia SR-OS, Huawei VRP, MikroTik RouterOS, HP/Aruba ProCurve |
| Firewalls | Palo Alto PAN-OS, Fortinet FortiOS |
| Load Balancers | F5 BIG-IP TMOS |
| Servers | Linux / Unix, Windows Server |
| Generic | Any SSH/Telnet/Serial device |
- In-terminal search with regex and case-sensitivity (
⌘F) - Right-click context menu (Copy, Paste, Search, Clear)
- Configurable font family, size, line height, cursor style, and scrollback
- Session logging with ANSI stripping and optional timestamps
- Split view — two sessions side by side
- Auto-reconnect on session drop
- Connection overlays (spinner, disconnect, error states)
- Port Forwarding — local port forwarding rules per connection with live status
- SOCKS Proxy — dynamic port forwarding (SOCKS4/SOCKS5) through SSH
- Jump Host / Bastion — connect through intermediate servers transparently
- Organized library with groups, colors, tags, and notes
- Tags filter from the HomeScreen pills bar
- Quick Connect (
⌘K) — instant session fromuser@host:portwithout saving - Startup commands that run automatically after connecting
- SSH key manager with reusable named keys
- Full import / export as JSON
| Shortcut | Action |
|---|---|
⌘K / Ctrl+K |
Quick Connect |
⌘T / Ctrl+T |
New tab |
⌘W / Ctrl+W |
Close active tab |
⌘, |
Settings |
⌘D / Ctrl+D |
Toggle Split View |
⌘⇧A |
Toggle ARIA panel |
⌘1–9 |
Switch to tab N |
⌘F |
Search in terminal |
| Layer | Protects | Technology |
|---|---|---|
| Encrypted Database | All connections, settings, configuration | SQLCipher (AES-256) |
| OS Keychain | Passwords, SSH keys, license keys, DB encryption key | Electron safeStorage |
| Master Password | App-level lock on startup | scrypt + timing-safe comparison |
| Command Blacklist | Dangerous command execution | Code-level enforcement, always-on |
Credentials are never stored in plaintext. The database encryption key is generated on first launch, stored in the OS keychain, and never written to disk directly.
- Network engineers working daily with Cisco, Juniper, Arista, Palo Alto, and similar platforms
- DevOps and infrastructure teams managing Linux and Windows servers remotely
- NOC teams that need fast diagnostics and a clean, modern interface
- Security teams performing network audits and configuration reviews
- Anyone who spends serious time in SSH sessions and wants real AI assistance
- Node.js v20+
- npm v9+
- Git
git clone https://github.com/AnasProgrammer2/netcopilot.git
cd netcopilot
npm install
npm run devThe app launches immediately with hot-reload enabled.
npm run build:mac # macOS
npm run build:win # Windows
npm run build:linux # LinuxOutput files in dist/.
| Layer | Technology |
|---|---|
| Framework | Electron 31 + electron-vite |
| Frontend | React 19, Tailwind CSS, Zustand |
| Terminal | xterm.js 6 |
| Database | SQLite (SQLCipher AES-256) via better-sqlite3 |
| AI Backend | NetCopilot API |
| Protocols | ssh2, serialport, raw TCP (Telnet) |
- SFTP browser for visual file transfer
- Command snippets library
- Persistent ARIA memory across sessions
- Network topology map from ARIA discoveries
- Config diff (running vs startup / device vs device)
- Team collaboration — shared connection libraries
Contributions are welcome! Please open an issue first to discuss what you'd like to change.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'feat: add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the Business Source License 1.1 (BSL-1.1).
| View & learn | Anyone can read the source code |
| Personal use | Free — unlimited |
| Academic / research | Free |
| Internal evaluation | Free |
| Commercial use | Requires a license — support@netcopilot.app |
| Change Date | January 1, 2029 → Apache 2.0 |
Why BSL? The source code is fully visible so you can verify NetCopilot never exfiltrates your credentials, passwords, or SSH keys. BSL ensures no one can take this codebase and launch a competing commercial product without a license.
See the LICENSE file for full details.
Built with purpose for the engineers who keep networks running.