The AI smart collector¶
The appliance is more than a poller — it ships with its own local AI that runs on the box, plus a tightly-controlled path for the cloud AI assistant to act on your network with your approval. This page explains both, and exactly where the line between "look" and "touch" sits.
Two AIs, two jobs¶
| Local field agent (on the box) | Cloud assistant "Carlo" (The Floor) | |
|---|---|---|
| Runs on | The appliance itself (Ollama, llama3.2:3b) |
The Acutis backend |
| Job | Pre-digest each poll cycle into a short "field brief" + triage flag | Answer your questions, diagnose, and (on Pro+) stage fixes |
| Data | Stays on the box — telemetry is summarised locally | Reads the telemetry already reported to your backend |
| Tier | Any tier (runs free, on the box) | Chat + read tools are Pro+; execute is Pro+ |
The local field agent ("boots on the ground")¶
During first boot the appliance installs a small language model that runs entirely on the box. Each poll cycle it takes this cycle's real telemetry and produces:
- a short natural-language summary of what it's seeing,
- a per-item triage flag (routine vs. needs-a-senior), and
- a one-line diff vs. the previous cycle.
That brief is posted up to the backend as pre-digested, on-site context for the cloud assistant — so the senior AI starts from a situation report instead of raw counters. It is designed to be completely optional and fail-silent: no model, no Ollama, or a backend outage simply skips the brief (logged once) and never touches the telemetry poll loop. You can force it on/off with OLLAMA_AGENT_ENABLED (auto / true / false).
Nothing leaves the building for the local AI
The on-box model needs no internet to run. Your device telemetry is summarised locally; only the short brief travels to your backend over the same authenticated channel as the rest of your telemetry.
Read-only diagnosis¶
This is the default mode and the only mode below Pro. The AI (and the appliance generally) reads live state — interfaces, routes, neighbors, sessions, ARP/MAC tables, hardware health — and explains it. It can answer "why is port Gi0/3 flapping?" or "which firewall is near its session limit?" without ever changing a device.
Under the hood the appliance exposes read tools (over the Acutis Networks device toolkit): connect, show, facts, interfaces, routes, neighbors, ARP, BGP, and config backup. On the dashboard, AI chat and these read tools require the ai_read entitlement — Pro and above (Free tenants get topology, IPAM, and CVE flagging read-only, but not AI chat, so a free account can't run up model costs).
Staged, approved config changes¶
Actually changing a device is gated behind three things, in order:
- Tier. Execute requires the
ai_executeentitlement — Pro and above. On Free the assistant doesn't refuse coldly; it returns an in-conversation upsell explaining what Pro unlocks. - Your approval. Changes are staged, not auto-applied. The assistant proposes a concrete set of CLI commands; you approve them. The approved job is placed on a queue.
- Safe execution by the appliance. The appliance pulls the approved job from the CLI queue and runs it against the device with guardrails:
- Cisco IOS/IOS-XE: commands run line-by-line with abort-on-error — any
% Invalid input,% Incomplete command,% Ambiguous command, bad-mask/bad-address, etc. immediately aborts, escapes config mode, and applies your rollback commands if you supplied them. On success it issueswrite memory. The result (full output + status) is reported back. - PAN-OS: the equivalent staged operation runs via the XML API and reports its result.
- Cisco IOS/IOS-XE: commands run line-by-line with abort-on-error — any
The appliance can change gear; the Go agent never can
This approve-and-deploy capability is unique to the appliance, because it's the trusted, credentialed device on your management network. The Acutis Go agent on a laptop is observe-only by design and cannot read credentials or change anything. Keep that distinction in mind when deciding what to install where.
Hands-off auto-remediation (Autopilot)¶
On the Autopilot tier, the assistant can move from "propose → you approve → deploy" to supervised auto-remediation (still with rollback). That's a deliberate, higher-trust step up from the manual approval flow above. See Device limits by tier for what each tier unlocks.
Next: Device limits by tier.