netguard-configlisted

# NetGuard Config Use this skill to check a proposed network device configuration before it is applied. LLMs reliably produce configs that look right but contain wrong subnet masks, non-existent commands, or unsafe lines; this skill catches the mechanical and safety problems and produces a rollback, so a human approves a validated change rather than raw model output. ## When to use - Right after an agent or chat generates a router or switch configuration. - Before applying any config change to a device, as a pre-flight check. ## Workflow 1. Save the proposed config to a file. Run the check and show the evidence: ```bash python -m netguard check proposed.txt --rollback ``` 2. Report every ERROR (addressing and routing mistakes) and every HIGH danger (any-to-any permits, telnet, cleartext or default credentials). These must be fixed before the config is applied. 3. Present the generated rollback as part of the change plan. Tell the user the non-negotiable order: save a backup and the running-config, apply in a maintenance window with console access, validate, and only then `copy running-config startup-config`. 4. For a certifiable record, emit and verify a receipt: ```bash python -m netguard check proposed.txt --receipt | python -m pco verify - ``` A quarantined verdict means do not apply: there is an addressing error or a gating danger. 5. Do not apply the config. This skill validates and plans; a human applies. ## Honesty boundary