CodiLime

04/05/2026

Two engineers who've actually solved the problem they're presenting. 👇

Przemysław Marcinkiewicz has spent nearly 8 years building and managing IT infrastructure, working across Linux, Kubernetes, AWS, and CI/CD. His focus isn't just making systems work, it's making them work efficiently. On May 7, he'll be drawing directly on that experience to walk through the orchestration decisions that cut hardware requirements by 64%.

Arkadiusz Cichoń brings a background in network automation and Kubernetes-centred solutions, building and tuning cloud and on-premises automation frameworks with a focus on scalability and reliability. He's currently deep in the kind of infrastructure bottleneck problems this webinar is built around: high-availability models, resource management, and complex network topologies.

Between them, they're not presenting a concept. They're presenting something they built, tested, and ran in production.

📅 May 7 | 8:00 AM PST / 5:00 PM CET
👉https://hubs.ly/Q04cjSJF0

30/04/2026

Hardware costs are easy to justify when test environments are running at full capacity. The problem is they rarely are.

Scarce environments, inconsistent baselines, and test suites that weren't designed for the systems running them, these are the things that quietly inflate infrastructure costs and slow down delivery without ever appearing on a risk register.

On May 7, Przemysław Marcinkiewicz and Arkadiusz Cichoń are presenting a production implementation that tackled exactly this.
The results:
💰 64% reduction in hardware resource requirements
⚡ 6x concurrent test runs on a single server
📊 Full resource-usage visibility where there were previously blind spots
🔄 Higher test frequency without adding physical machines

They'll walk through the architecture, the orchestration logic, and the custom scheduling decisions that got them there… so you leave with more than just the numbers.

📅 May 7 | 8:00 AM PST / 5:00 PM CET
👉 https://hubs.ly/Q04bzNyw0

29/04/2026

Most MCP setups rely on shared SSH keys to communicate with routers and switches. This creates significant security gaps: no user attribution in logs, no privilege scoping, and credentials that never expire.

Part 3 of our MCP security series for network infrastructure is live. We move past boundary security to focus on the devices themselves.

The technical breakdown includes:
💡 Replacing permanent keys with 60-second TTL certificates issued via OpenBao.
💡 Blocking shell injection and delegating to TACACS+.
💡 Implementing consistent per-role command rules across FRR, VyOS, and SONiC.
💡 Using four specific correlation IDs: username, session ID, cert serial, and request ID, to stitch together every action from login to ex*****on.

Read the full article here: https://hubs.ly/Q04dSvWV0

28/04/2026

Securing AI agents requires more than just traditional firewalls. When agents start taking actions within your infrastructure, authorization must be explicit and governed by strict policy guardrails.

At CodiLime, we’ve been spending a lot of time on exactly this problem: securing AI agents that reach infrastructure through MCP servers, making authorization decisions explicit, pushing enforcement closer to devices, and adding policy guardrails that do not depend on the model “doing the right thing.”

Check our related publications:
💡 https://hubs.ly/Q04dJ9HK0
💡 https://hubs.ly/Q04dJ8LR0
💡https://hubs.ly/Q04dJ6dS0

If you’re attending ONUG, reach out to Tomasz Janaszka or Janek Gonzalez to discuss how we implement these security layers in real-world environments.

24/04/2026

"We need more machines."

It's the first thing engineering teams say when test environments start to slow them down. It's also rarely the real problem.

In the new edition of our newsletter, Przemysław Marcinkiewicz and Arkadiusz Cichoń share how they took a testing setup stuck at one test per node and scaled it to six concurrent runs on a single server with 64% less hardware.

The shift wasn't more infrastructure. It was smarter orchestration, better observability, and a custom scheduler that actually understood what the tests were doing.

Full interview + webinar details inside
https://hubs.ly/Q04dkVXG0

23/04/2026

Here's what we'll cover in our webinar on May 7 👇

Przemysław Marcinkiewicz and Arkadiusz Cichoń will take you through a real implementation, from the problem to the production results. Each section is grounded in decisions made in a live environment, so expect concrete takeaways rather than high-level theory.

🔹 Why legacy test setups fail and where the hidden costs live
🔹 Environment isolation and what it unlocks for test frequency
🔹 The orchestration logic behind 6 concurrent test runs per server
🔹 Custom scheduling, priority labels, and how to prevent resource deadlocks
🔹 Metrics, dashboards, and eliminating infrastructure blind spots
🔹 A roadmap for cluster-wide network topology management

Whether you're hitting scaling limits, dealing with inconsistent environments, or simply spending too much on hardware you're underutilising, this webinar was built around problems that are very real in production today.

📅 May 7 | 8:00 AM PST / 5:00 PM CET
👉 https://hubs.ly/Q04byFZR0

22/04/2026

Giving an AI agent access to your live network infrastructure is a massive security risk… unless you have the right guardrails in place.

In our latest session, Tomasz Janaszka, walks through the architecture of securing MCP-connected AI agents. He moves past the hype to address critical technical challenges e.g. “How do you ensure an agent doesn't execute a "no router bgp" command just because a user prompted it?”

Key takeaways from the session:
🔑 Why per-tool authorization isn't enough and where the current protocol falls short.
🔑 Combining identity-based RBAC with device-level command validation.
🔑 Using OpenBao to issue ephemeral SSH certificates instead of using static keys.
🔑 Solving the problem of fragmented logs by propagating 6 specific correlation IDs across the entire chain.

The highlight? A live demo of Net-Inspector, demonstrating how to implement Attribute-Based Access Control (ABAC) and dynamic maintenance windows using Open Policy Agent (OPA).

Watch the full breakdown here: https://hubs.ly/Q04d0NDM0

When AI agents get the keys to your network | CodiLime

14/04/2026

Is your test infrastructure quietly draining your budget? 🔍
We're hosting a free webinar on how to cut hardware costs and scale test ex*****on, backed by real, in-production numbers.

📅 May 7 | 8:00 AM PST / 5:00 PM CET

Our engineers, Przemysław Marcinkiewicz and Arkadiusz Cichoń, will walk through how Encapsulated Network Test Architecture took concurrent test runs from 1 to 6 per server and reduced hardware requirements by 64%. They'll cover the orchestration logic, custom scheduling, and observability tooling that made it all possible.
If you're dealing with inconsistent test environments, hardware sprawl, or delivery pipelines that can't keep up with demand, this one's for you.

No theory. Just architecture, results, and a roadmap you can act on.
👉 https://hubs.ly/Q04bzfDb0

09/04/2026

The biggest blocker for production-ready AI in networking is security. Most AI automation stays in the lab because giving agents CLI access to live infrastructure is a major risk.

Today at 5:00 PM CET, Tomasz Janaszka demonstrates how to solve this by moving enforcement to the hardware level using JIT certificates and TACACS+. If you need to bridge the gap between AI-driven automation and enterprise security standards, this is your last chance to join the session.

🔗 Join us here: https://hubs.ly/Q047TRl80

06/04/2026

We go live in 72 hours. If you are responsible for network delivery and security standards, this is your last chance to join.

We aren't talking about "theoretical" AI. This is a deep dive into securing real CLI commands on switches and routers via MCP servers.

Final agenda check:
✔️ The "anti-pattern" that allows read-only users to bypass controls.
✔️ The stack – Keycloak, TACACS+, OpenSSH ForceCommand, and JWT.
✔️ The audit – linking a user's prompt to the final ex*****on log.

Registration closes soon. Don't miss the playbook for production-ready AI infrastructure.
🔗
https://hubs.ly/Q047TSJ00

01/04/2026

Your AI agent just called a tool on a production router. Do you know if it was allowed to?

Part 1 of our MCP security series mapped six gaps that most infrastructure teams haven't closed yet. Part 2 shows what fixing them actually looks like, code, architecture, and a working demo against real network devices.

Solutions Architect Tomasz Janaszka walks through a practical security model for the MCP server layer:
→ JWT authentication at the MCP server boundary, with four validation checks before any tool code runs
→ A scope namespace (mcp::) that maps permissions to risk level: read, probe, write
→ Role bundles that reflect how network operations teams are actually structured
→ Per-tool scope enforcement using a decorator in FastMCP
→ Discovery-time filtering so agents only see tools they're authorised to use

The article also covers where scope-based access control breaks down — and why tool design is a prerequisite for any of this to work.

Read part 2 here → https://hubs.ly/Q048rBtg0

31/03/2026

As enterprises move from AI prototypes to production, the "security gaps" are becoming critical.

Traditional security models don't translate to agent-to-device interactions. If an agent is compromised or poorly designed, its effective permissions can expand far beyond what was intended.

We’re hosting this session now because securing the MCP (Model Context Protocol) layer is a critical step toward autonomous network operations.

The shift we'll discuss:
✔️ Moving enforcement from the application layer to devices.
✔️ Transitioning from human-to-machine to agent-to-device security protocols.
✔️ Using OPA (Open Policy Agent) to evaluate JWT attributes against live inventory.

📅 April 9, 2026
🔗 Register here: https://hubs.ly/Q047TB9m0