# Assembled Notebook â€” Network Topology Agents
_Generated 2025-11-08T01:52:25.824328Z_

> Synthesized from your **Network Topology** Mermaid diagram. Only runnable Python is produced.

In [None]:
# %% [SETUP]
!pip install -U semantic-kernel
!pip -q uninstall -y pydrive2

In [None]:
# %% [SETUP-ENV]
import os, getpass
os.environ.setdefault('AZURE_OPENAI_ENDPOINT', 'https://4th-openai-resource.openai.azure.com')
os.environ.setdefault('AZURE_OPENAI_DEPLOYMENT', 'gpt-35-turbo')
os.environ.setdefault('AZURE_OPENAI_API_VERSION', '2024-10-21')
if not os.getenv('AZURE_OPENAI_API_KEY'):
    os.environ['AZURE_OPENAI_API_KEY'] = getpass.getpass('Enter AZURE_OPENAI_API_KEY (hidden): ').strip()
print('Azure OpenAI env ready (key is session-only).')

In [None]:
# %% [KERNEL]
import os
from semantic_kernel import Kernel
from semantic_kernel.connectors.ai.open_ai import AzureChatCompletion

kernel = Kernel()

service = AzureChatCompletion(
    service_id='azure',
    api_key=os.getenv('AZURE_OPENAI_API_KEY'),
    deployment_name=os.getenv('AZURE_OPENAI_DEPLOYMENT'),
    endpoint=os.getenv('AZURE_OPENAI_ENDPOINT'),
)
kernel.add_service(service)
print('Kernel ready (Azure OpenAI)')

In [None]:
# %% [TOOLS]

def tool_appgw_route(**kwargs):
    """Route external traffic via App Gateway/WAF (dmz)."""
    return "stub:appgw_route " + str(kwargs)

def tool_apim_forward(**kwargs):
    """Forward requests from APIM External to app plane with headers/policies."""
    return "stub:apim_forward " + str(kwargs)

def tool_firewall_allow(**kwargs):
    """Create/validate Azure Firewall/NVA allow rules (east-west)."""
    return "stub:firewall_allow " + str(kwargs)

def tool_firewall_deny(**kwargs):
    """Create/validate Azure Firewall/NVA deny rules (egress)."""
    return "stub:firewall_deny " + str(kwargs)

def tool_peer_status(**kwargs):
    """Check Hub-Spoke VNet peering status and UDRs."""
    return "stub:peer_status " + str(kwargs)

def tool_nat_config(**kwargs):
    """Show NAT gateway egress configuration and SNAT utilization."""
    return "stub:nat_config " + str(kwargs)

def tool_private_endpoint_bind(**kwargs):
    """Bind Private Endpoint (AOAI/Search/Storage) to privatelink subnet."""
    return "stub:private_endpoint_bind " + str(kwargs)

def tool_private_endpoint_dns(**kwargs):
    """Validate Private DNS zone links and A records."""
    return "stub:private_endpoint_dns " + str(kwargs)

def tool_svc_call_aoai(**kwargs):
    """Call Azure OpenAI through PE (no public egress)."""
    return "stub:svc_call_aoai " + str(kwargs)

def tool_svc_call_search(**kwargs):
    """Call Azure AI Search through PE."""
    return "stub:svc_call_search " + str(kwargs)

def tool_svc_call_storage(**kwargs):
    """Call Blob Storage through PE."""
    return "stub:svc_call_storage " + str(kwargs)

def tool_monitor_emit(**kwargs):
    """Emit logs/metrics to Monitor/Log Analytics."""
    return "stub:monitor_emit " + str(kwargs)


TOOLS = {

    'tool_appgw_route': tool_appgw_route,

    'tool_apim_forward': tool_apim_forward,

    'tool_firewall_allow': tool_firewall_allow,

    'tool_firewall_deny': tool_firewall_deny,

    'tool_peer_status': tool_peer_status,

    'tool_nat_config': tool_nat_config,

    'tool_private_endpoint_bind': tool_private_endpoint_bind,

    'tool_private_endpoint_dns': tool_private_endpoint_dns,

    'tool_svc_call_aoai': tool_svc_call_aoai,

    'tool_svc_call_search': tool_svc_call_search,

    'tool_svc_call_storage': tool_svc_call_storage,

    'tool_monitor_emit': tool_monitor_emit,

}
print('Tools:', list(TOOLS.keys()))

In [None]:
# %% [AGENTS]

class Agent_dmz_gateway:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "DMZ Gateway"
        self.system_message = "Manage App Gateway/WAF routing from Internet to APIM External."
        self.skills = ["tool_appgw_route", "tool_apim_forward", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[DMZ Gateway stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)

class Agent_hub_firewall:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "Hub Firewall"
        self.system_message = "Control east-west flows Hub\u2192Spoke and enforce egress policy."
        self.skills = ["tool_firewall_allow", "tool_firewall_deny", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[Hub Firewall stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)

class Agent_network_peering:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "Network Peering"
        self.system_message = "Ensure Hub\u2194Spoke peering and user-defined routes are correct."
        self.skills = ["tool_peer_status", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[Network Peering stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)

class Agent_private_link_broker:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "Private Link Broker"
        self.system_message = "Bind/validate Private Endpoints and Private DNS zones."
        self.skills = ["tool_private_endpoint_bind", "tool_private_endpoint_dns", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[Private Link Broker stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)

class Agent_app_orchestrator:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "App Orchestrator"
        self.system_message = "Drive app-plane calls to AOAI/Search/Storage strictly via PE."
        self.skills = ["tool_svc_call_aoai", "tool_svc_call_search", "tool_svc_call_storage", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[App Orchestrator stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)

class Agent_egress_controller:
    def __init__(self, kernel):
        self.kernel = kernel
        self.name = "Egress Controller"
        self.system_message = "Direct all egress via NAT; report SNAT health."
        self.skills = ["tool_nat_config", "tool_firewall_deny", "tool_monitor_emit"]
    async def run(self, user_text: str) -> str:
        try:
            result = await self.kernel.invoke_prompt(self.system_message + "\n\nUser: " + user_text)
            return str(result)
        except Exception as e:
            return f"[Egress Controller stub] Adjust SK call. Error: {e}"
    def available_tools(self):
        return [t for t in self.skills if t in TOOLS]
    def call(self, tool_name: str, **kwargs):
        fn = TOOLS.get(tool_name)
        if not fn:
            raise ValueError(f"Tool not found: {tool_name}")
        return fn(**kwargs)


# Instances

agent_dmz_gateway = Agent_dmz_gateway(kernel)

agent_hub_firewall = Agent_hub_firewall(kernel)

agent_network_peering = Agent_network_peering(kernel)

agent_private_link_broker = Agent_private_link_broker(kernel)

agent_app_orchestrator = Agent_app_orchestrator(kernel)

agent_egress_controller = Agent_egress_controller(kernel)

print('Agents:', ['agent_dmz_gateway', 'agent_hub_firewall', 'agent_network_peering', 'agent_private_link_broker', 'agent_app_orchestrator', 'agent_egress_controller'])

In [None]:
# %% [WIRES]
WIRES = {
  "DMZ Gateway": {
    "tools": [
      "tool_appgw_route",
      "tool_apim_forward",
      "tool_monitor_emit"
    ]
  },
  "Hub Firewall": {
    "tools": [
      "tool_firewall_allow",
      "tool_firewall_deny",
      "tool_monitor_emit"
    ]
  },
  "Network Peering": {
    "tools": [
      "tool_peer_status",
      "tool_monitor_emit"
    ]
  },
  "Private Link Broker": {
    "tools": [
      "tool_private_endpoint_bind",
      "tool_private_endpoint_dns",
      "tool_monitor_emit"
    ]
  },
  "App Orchestrator": {
    "tools": [
      "tool_svc_call_aoai",
      "tool_svc_call_search",
      "tool_svc_call_storage",
      "tool_monitor_emit"
    ]
  },
  "Egress Controller": {
    "tools": [
      "tool_nat_config",
      "tool_firewall_deny",
      "tool_monitor_emit"
    ]
  }
}
print('Wiring entries:', len(WIRES))

In [None]:

# %% [DEMO]
import os, getpass, types, asyncio
from semantic_kernel import Kernel
from semantic_kernel.connectors.ai.open_ai import AzureChatCompletion

os.environ.setdefault("AZURE_OPENAI_ENDPOINT",    "https://4th-openai-resource.openai.azure.com")
os.environ.setdefault("AZURE_OPENAI_DEPLOYMENT",  "gpt-35-turbo")
os.environ.setdefault("AZURE_OPENAI_API_VERSION", "2024-10-21")
if not os.getenv("AZURE_OPENAI_API_KEY"):
    os.environ["AZURE_OPENAI_API_KEY"] = getpass.getpass("Enter AZURE_OPENAI_API_KEY (hidden): ").strip()

try:
    kernel
except NameError:
    kernel = Kernel()
try:
    kernel.remove_service("azure")
except Exception:
    pass
kernel.add_service(AzureChatCompletion(
    service_id="azure",
    api_key=os.getenv("AZURE_OPENAI_API_KEY"),
    deployment_name=os.getenv("AZURE_OPENAI_DEPLOYMENT"),
    endpoint=os.getenv("AZURE_OPENAI_ENDPOINT"),
    api_version=os.getenv("AZURE_OPENAI_API_VERSION"),
))

async def _run_with_azure(self, user_text: str):
    prompt = (getattr(self, "system_message", "") or "") + "\\n\\nUser: " + str(user_text)
    result = await self.kernel.invoke_prompt(prompt, service_id="azure")
    return str(result)

patched = []
for name, obj in list(globals().items()):
    if name.startswith("agent_"):
        try:
            obj.kernel = kernel
            obj.run = types.MethodType(_run_with_azure, obj)
            patched.append(name)
        except Exception:
            pass
print("Patched run() for:", patched if patched else "(none)")

async def demo():
    dmz = globals().get("agent_dmz_gateway")
    fw  = globals().get("agent_hub_firewall")
    pe  = globals().get("agent_private_link_broker")
    app = globals().get("agent_app_orchestrator")
    egr = globals().get("agent_egress_controller")

    if dmz:
        print(dmz.call("tool_appgw_route", host="api.contoso.com", path="/v1/*"))
        print(dmz.call("tool_apim_forward", product="external", backend="appsvc"))
    if fw:
        print(fw.call("tool_firewall_allow", src="10.0.0.0/16", dst="10.1.1.0/24", proto="TCP", ports=[443]))
        print(fw.call("tool_firewall_deny", rule="block-public-egress"))
    if pe:
        print(pe.call("tool_private_endpoint_bind", service="AOAI", subnet="10.1.3.0/24"))
        print(pe.call("tool_private_endpoint_dns", zone="privatelink.openai.azure.com"))
    if app:
        print(app.call("tool_svc_call_aoai", prompt="hello", via="PE"))
        print(app.call("tool_svc_call_search", index="docs", query="private endpoints"))
        print(app.call("tool_svc_call_storage", op="put", container="logs", path="2025/11/07.log"))
    if egr:
        print(egr.call("tool_nat_config", snat_ports=1024, idle_timeout=240))

    print("LLM demo:")
    try:
        out = await app.run("Summarize why APIM+WAF+PE+NAT enforce least-privileged, private-only data plane access.")
        print(out)
    except Exception as e:
        print("[demo] invoke failed:", e)

await demo()
