Add brownfield import mode and sponsor LLM support

agent/llm_client.py

@@ -1,6 +1,6 @@
 """
 LLM Client for Overgrowth Pipeline
-Supports multiple providers: OpenAI, Anthropic, Blaxel, SambaNova, Nebius, Hugging Face
+Supports multiple providers: OpenAI, Anthropic, Blaxel, SambaNova, Nebius, Hugging Face, Modal
 """
 
 import os
@@ -46,6 +46,9 @@ class LLMClient:
         self.sambanova_key = _get_env(["SAMBA_NOVA_MCP_1ST_BDAY"])
         self.nebius_key = _get_env(["NEBIUS_MCP_1ST_BDAY"])
         self.huggingface_key = _get_env(["HUGGING_FACE_MCP_1ST_BDAY"])
+        self.modal_key = _get_env(["MODAL_API_KEY", "MODAL_TOKEN"])
+        self.modal_base_url = os.getenv("MODAL_BASE_URL")
+        self.modal_model = os.getenv("MODAL_MODEL", "gpt-4o-mini")
         
         # Determine which provider to use
         self.provider = self._detect_provider()
@@ -75,6 +78,7 @@ class LLMClient:
             "sambanova_key": "present" if _present(["SAMBA_NOVA_MCP_1ST_BDAY"]) else "missing",
             "nebius_key": "present" if _present(["NEBIUS_MCP_1ST_BDAY"]) else "missing",
             "huggingface_key": "present" if _present(["HUGGING_FACE_MCP_1ST_BDAY"]) else "missing",
+            "modal_key": "present" if _present(["MODAL_API_KEY", "MODAL_TOKEN"]) else "missing",
             "provider": "unknown",
         }
         if status["anthropic_key"] == "present":
@@ -87,6 +91,8 @@ class LLMClient:
             status["provider"] = "sambanova"
         elif status["nebius_key"] == "present":
             status["provider"] = "nebius"
+        elif status["modal_key"] == "present":
+            status["provider"] = "modal"
         elif status["huggingface_key"] == "present":
             status["provider"] = "huggingface"
         return status
@@ -103,6 +109,8 @@ class LLMClient:
             return "sambanova"
         elif self.nebius_key:
             return "nebius"
+        elif self.modal_key:
+            return "modal"
         elif self.huggingface_key:
             return "huggingface"
         return None
@@ -131,6 +139,8 @@ class LLMClient:
             return self._call_sambanova(messages, temperature, max_tokens)
         elif self.provider == "nebius":
             return self._call_nebius(messages, temperature, max_tokens)
+        elif self.provider == "modal":
+            return self._call_modal(messages, temperature, max_tokens)
         elif self.provider == "huggingface":
             return self._call_huggingface(messages, temperature, max_tokens)
     
@@ -448,6 +458,46 @@ class LLMClient:
                 monitor.complete_call(call_id, success=False, error_message=str(e))
             raise
 
+    def _call_modal(self, messages, temperature, max_tokens):
+        """Call Modal's OpenAI-compatible endpoint (optional sponsor integration)."""
+        import requests
+        call_id = str(uuid.uuid4())
+        model = self.modal_model or "gpt-4o-mini"
+        base_url = (self.modal_base_url or "https://api.modal.com/v1").rstrip("/")
+        endpoint = f"{base_url}/chat/completions"
+        if monitor:
+            monitor.start_call(call_id, "llm", "modal", model, temperature=temperature)
+        if not self.modal_key:
+            raise RuntimeError("Modal provider selected but MODAL_API_KEY/MODAL_TOKEN is missing")
+        payload = {
+            "model": model,
+            "messages": [{"role": m.role, "content": m.content} for m in messages],
+            "temperature": temperature,
+            "max_tokens": max_tokens,
+        }
+        headers = {
+            "Authorization": f"Bearer {self.modal_key}",
+            "Content-Type": "application/json",
+        }
+        try:
+            resp = requests.post(endpoint, json=payload, headers=headers, timeout=45)
+            resp.raise_for_status()
+            data = resp.json()
+            content = data.get("choices", [{}])[0].get("message", {}).get("content", "")
+            usage = data.get("usage", {})
+            if monitor:
+                monitor.complete_call(
+                    call_id,
+                    success=True,
+                    input_tokens=usage.get("prompt_tokens"),
+                    output_tokens=usage.get("completion_tokens"),
+                )
+            return content
+        except Exception as e:
+            if monitor:
+                monitor.complete_call(call_id, success=False, error_message=str(e))
+            raise
+
     def _call_huggingface(self, messages, temperature, max_tokens):
         """Call Hugging Face Inference API (text generation)."""
         import requests

agent/netbox_client.py

@@ -7,6 +7,7 @@ import os
 import logging
 from typing import Dict, List, Optional, Any
 from dataclasses import dataclass
+from ipaddress import ip_network
 
 logger = logging.getLogger(__name__)
 
@@ -245,6 +246,82 @@ class NetBoxClient:
         except Exception as e:
             logger.error(f"Failed to get prefixes: {e}")
             return []
+
+    # ==================== Brownfield Export ====================
+
+    def export_network_model(self, site: Optional[str] = None) -> Dict[str, Any]:
+        """
+        Export devices, VLANs, and prefixes from NetBox into a simplified model
+        that can be fed into the Overgrowth pipeline for brownfield validation.
+        """
+        if self.mock_mode:
+            logger.warning("NetBox client in mock mode - returning empty export")
+            return {"devices": [], "vlans": [], "subnets": [], "routing": {"protocol": "static"}, "services": ["DHCP", "DNS", "NTP"]}
+
+        filters = {"site": site} if site else {}
+
+        devices_raw = self.get_devices(**filters)
+        vlans_raw = self.get_vlans(**filters)
+        prefixes_raw = self.get_prefixes(**filters)
+
+        devices = []
+        for dev in devices_raw:
+            dev_type = dev.get("device_type") or {}
+            manufacturer = dev_type.get("manufacturer") or {}
+            mgmt = dev.get("primary_ip4") or dev.get("primary_ip") or {}
+            mgmt_ip = mgmt.get("address", "0.0.0.0/32").split("/")[0]
+            devices.append(
+                {
+                    "name": dev.get("name", "device"),
+                    "role": (dev.get("device_role") or {}).get("name", "access").lower(),
+                    "model": dev_type.get("model", "unknown"),
+                    "vendor": manufacturer.get("slug", "other"),
+                    "mgmt_ip": mgmt_ip,
+                    "location": (dev.get("site") or {}).get("name", "unspecified"),
+                    "interfaces": [],
+                }
+            )
+
+        vlans = []
+        for vlan in vlans_raw:
+            vlans.append(
+                {
+                    "id": vlan.get("vid"),
+                    "name": vlan.get("name") or f"VLAN{vlan.get('vid')}",
+                    "purpose": vlan.get("description") or "Imported from NetBox",
+                    "subnet": None,
+                }
+            )
+
+        subnets = []
+        for prefix in prefixes_raw:
+            cidr = prefix.get("prefix")
+            gateway = None
+            try:
+                net = ip_network(cidr, strict=False)
+                hosts = list(net.hosts())
+                if hosts:
+                    gateway = str(hosts[0])
+            except Exception:
+                gateway = None
+            subnets.append(
+                {
+                    "network": cidr,
+                    "gateway": gateway or (cidr.split("/")[0] if cidr else "0.0.0.0"),
+                    "vlan": (prefix.get("vlan") or {}).get("vid"),
+                    "purpose": prefix.get("description") or "Imported prefix",
+                }
+            )
+
+        routing = {"protocol": "static", "networks": [s.get("network") for s in subnets if s.get("network")]}
+
+        return {
+            "devices": devices,
+            "vlans": vlans,
+            "subnets": subnets,
+            "routing": routing,
+            "services": ["DHCP", "DNS", "NTP"],
+        }
     
     # ==================== Helper Methods ====================
     

agent/pipeline_engine.py

@@ -19,6 +19,7 @@ from pathlib import Path
 import json
 import yaml
 import logging
+import os
 from .netbox_client import NetBoxClient
 
 logger = logging.getLogger(__name__)
@@ -210,6 +211,257 @@ class OvergrowthPipeline:
             self.ray_executor = None
             self.parallel_mode = False
     
+    def _build_model_from_dict(self, data: Dict[str, Any], description: str,
+                               constraints: Optional[List[str]] = None) -> NetworkModel:
+        """
+        Normalize raw data into a NetworkModel with safe defaults.
+        Used by brownfield import paths (NetBox, GNS3, existing YAML).
+        """
+        constraints = constraints or []
+        intent_data = data.get('intent') or {}
+        intent = NetworkIntent(
+            description=intent_data.get('description', description),
+            business_requirements=intent_data.get('business_requirements', ["Maintain current network safely"]),
+            constraints=intent_data.get('constraints', []) + constraints,
+            timeline=intent_data.get('timeline'),
+            budget=intent_data.get('budget')
+        )
+
+        allowed_roles = {"core", "distribution", "access", "edge", "firewall", "router", "wireless"}
+        allowed_vendors = {"cisco", "juniper", "arista", "hp", "dell", "ubiquiti", "mikrotik", "other"}
+        role_synonyms = {
+            "ap": "wireless",
+            "access_point": "wireless",
+            "access-point": "wireless",
+            "wifi": "wireless",
+            "server": "access",
+        }
+
+        devices: List[Device] = []
+        mgmt_seed = 11
+        for dev in data.get("devices", []):
+            mgmt_ip = dev.get("mgmt_ip") or f"10.255.0.{mgmt_seed}"
+            mgmt_seed += 1
+            vendor = (dev.get("vendor") or "other").lower()
+            role = (dev.get("role") or "access").lower().replace(" ", "_")
+            role = role_synonyms.get(role, role)
+            if role not in allowed_roles:
+                role = "access"
+            if vendor not in allowed_vendors:
+                vendor = "other"
+            devices.append(
+                Device(
+                    name=dev.get("name", f"device-{mgmt_seed}"),
+                    role=role,
+                    model=dev.get("model", "Unknown"),
+                    vendor=vendor,
+                    mgmt_ip=mgmt_ip,
+                    location=dev.get("location", "unspecified"),
+                    interfaces=dev.get("interfaces", [])
+                )
+            )
+
+        if not devices:
+            devices.append(
+                Device(
+                    name="imported-edge-01",
+                    role="edge",
+                    model="Imported",
+                    vendor="other",
+                    mgmt_ip="10.255.0.10",
+                    location="unspecified",
+                    interfaces=[]
+                )
+            )
+
+        vlans = data.get("vlans") or [{
+            "id": 999,
+            "name": "brownfield_mgmt",
+            "subnet": "10.255.0.0/24",
+            "purpose": "Imported management network"
+        }]
+        subnets = data.get("subnets") or [{
+            "network": "10.255.0.0/24",
+            "gateway": "10.255.0.1",
+            "vlan": vlans[0]["id"],
+            "purpose": "Brownfield management overlay"
+        }]
+        routing = data.get("routing") or {"protocol": "static", "networks": [s.get("network") for s in subnets if s.get("network")]}
+        services = data.get("services") or ["DHCP", "DNS", "NTP"]
+
+        return NetworkModel(
+            name=data.get("name") or "brownfield_network",
+            version=data.get("version") or "1.0.0",
+            intent=intent,
+            devices=devices,
+            vlans=vlans,
+            subnets=subnets,
+            routing=routing,
+            services=services
+        )
+
+    def _model_from_topology(self, topology: Dict[str, Any]) -> Dict[str, Any]:
+        """Convert a GNS3 topology snapshot into a basic NetworkModel dict."""
+        nodes = topology.get("nodes", [])
+        devices = []
+        mgmt_seed = 11
+        for node in nodes:
+            node_type = (node.get("node_type") or "").lower()
+            name = node.get("name", f"node-{mgmt_seed}")
+            role = "access"
+            if "fw" in name.lower() or "firewall" in name.lower():
+                role = "firewall"
+            elif node_type in {"router", "qemu"}:
+                role = "router"
+            elif node_type in {"switch", "sw"}:
+                role = "distribution"
+            elif "ap" in name.lower():
+                role = "wireless"
+            devices.append({
+                "name": name,
+                "role": role,
+                "model": node.get("properties", {}).get("symbol") or "GNS3 node",
+                "vendor": "other",
+                "mgmt_ip": f"10.254.0.{mgmt_seed}",
+                "location": topology.get("project", "gns3"),
+                "interfaces": []
+            })
+            mgmt_seed += 1
+
+        vlan = {
+            "id": 999,
+            "name": "brownfield_mgmt",
+            "subnet": "10.254.0.0/24",
+            "purpose": "Imported from GNS3"
+        }
+        subnet = {
+            "network": "10.254.0.0/24",
+            "gateway": "10.254.0.1",
+            "vlan": vlan["id"],
+            "purpose": "Management overlay"
+        }
+
+        return {
+            "name": topology.get("project", "gns3-import"),
+            "version": "1.0.0",
+            "devices": devices,
+            "vlans": [vlan],
+            "subnets": [subnet],
+            "routing": {"protocol": "static", "networks": [subnet["network"]]},
+            "services": ["DHCP", "DNS", "NTP"],
+            "links": topology.get("links", [])
+        }
+
+    def run_brownfield_pipeline(
+        self,
+        consultation_input: str,
+        source: str = "netbox",
+        project_name: Optional[str] = None,
+        sot_path: Optional[str] = None,
+        simulation_only: bool = True,
+        read_only_validation: bool = True
+    ) -> Dict[str, Any]:
+        """
+        Brownfield/read-only workflow: import an existing network and validate without pushing changes.
+        Supports NetBox, GNS3, or an existing SoT file.
+        """
+        logger.info(f"Starting brownfield pipeline from source={source}")
+        source = (source or "netbox").lower()
+        import_summary = {"source": source, "project": project_name}
+        topology = None
+        raw_model: Dict[str, Any] = {}
+
+        if source == "netbox":
+            if self.use_netbox and not self.netbox.mock_mode:
+                raw_model = self.netbox.export_network_model()
+                import_summary["note"] = "Imported from NetBox/Nautobot"
+            else:
+                logger.warning("NetBox unavailable; falling back to local SoT file")
+                import_summary["note"] = "NetBox unavailable - using local SoT"
+                source = "file"
+
+        if source == "gns3":
+            try:
+                from agent.network_ops import get_lab_topology
+                topo_name = project_name or os.getenv("GNS3_PROJECT_NAME", "overgrowth")
+                topology = get_lab_topology(topo_name)
+                raw_model = self._model_from_topology(topology)
+                import_summary["note"] = f"Discovered topology from GNS3 project '{topo_name}'"
+            except Exception as e:
+                logger.error(f"Failed to import from GNS3: {e}")
+                import_summary["note"] = f"GNS3 import failed: {e}"
+
+        if source == "file" or not raw_model:
+            path = Path(sot_path or self.sot_file)
+            try:
+                content = path.read_text()
+                if path.suffix.lower() in [".yaml", ".yml"]:
+                    raw_model = yaml.safe_load(content) or {}
+                else:
+                    raw_model = json.loads(content)
+                import_summary["note"] = f"Loaded SoT from {path}"
+            except Exception as e:
+                logger.error(f"Could not load SoT from {path}: {e}")
+                import_summary["note"] = f"File load failed ({path}): {e}"
+                raw_model = raw_model or {}
+
+        model = self._build_model_from_dict(
+            raw_model,
+            description=consultation_input or "Brownfield validation",
+            constraints=["brownfield-import"]
+        )
+
+        # Persist SoT snapshot even in read-only mode
+        self.sot_file.write_text(model.to_yaml())
+        logger.info(f"Saved imported source of truth to {self.sot_file}")
+
+        results: Dict[str, Any] = {
+            "mode": {
+                "source": source,
+                "simulation_only": simulation_only,
+                "read_only_validation": read_only_validation,
+                "import_summary": import_summary.get("note")
+            },
+            "intent": asdict(model.intent),
+            "questions": [],
+            "import_summary": import_summary
+        }
+
+        results["model"] = model.to_dict()
+        results["preflight"] = self.stage0_preflight(model)
+
+        diagrams = self.stage3_generate_diagram(model)
+        if topology:
+            diagrams["ascii"] = topology.get("ascii_diagram", diagrams.get("ascii"))
+            diagrams["mermaid"] = topology.get("mermaid_diagram", diagrams.get("mermaid"))
+            diagrams["summary"] = topology.get("summary", diagrams.get("summary"))
+        results["diagrams"] = diagrams
+
+        bom = self.stage4_generate_bom(model)
+        results["bom"] = asdict(bom)
+        results["shopping_list"] = bom.to_shopping_list()
+        guide = self.stage5_generate_setup_guide(model, bom)
+        results["setup_guide"] = guide.to_markdown()
+
+        # Deployment is skipped unless explicitly requested and validation passed
+        if (not simulation_only) and results["preflight"].get("ready_to_deploy") and (not read_only_validation):
+            results["deployment"] = self.stage6_autonomous_deploy(
+                model=model,
+                credentials=None,
+                dry_run=False
+            )
+        else:
+            results["deployment_status"] = "skipped"
+            results["deployment_reason"] = "simulation_only" if simulation_only else "read_only_validation"
+
+        results["observability"] = self.stage7_observability(model)
+        results["validation"] = self.stage8_validation(
+            model,
+            apply_remediation=not read_only_validation
+        )
+
+        return results
+    
     def stage0_preflight(self, model: NetworkModel) -> Dict[str, Any]:
         """
         Stage 0: Pre-flight validation (BEFORE deployment)
@@ -1099,7 +1351,7 @@ Be specific and practical. Use RFC1918 addressing. Consider scalability and secu
         
         return results
     
-    def stage8_validation(self, model: NetworkModel) -> Dict[str, Any]:
+    def stage8_validation(self, model: NetworkModel, apply_remediation: bool = True) -> Dict[str, Any]:
         """
         Stage 8: Validate actual state matches intended state
         Continuous reconciliation with automatic remediation
@@ -1111,7 +1363,8 @@ Be specific and practical. Use RFC1918 addressing. Consider scalability and secu
         results = {
             'status': 'completed',
             'validation_passed': False,
-            'checks_performed': []
+            'checks_performed': [],
+            'read_only': not apply_remediation
         }
         
         # Run drift detection
@@ -1133,7 +1386,7 @@ Be specific and practical. Use RFC1918 addressing. Consider scalability and secu
         results['compliance_report'] = compliance
         
         # Apply auto-remediation if enabled
-        if drift_results.get('remediation_plan'):
+        if apply_remediation and drift_results.get('remediation_plan'):
             logger.info("Applying automatic remediation for approved fixes...")
             
             remediation_results = self.suzieq.apply_remediation(
@@ -1144,6 +1397,13 @@ Be specific and practical. Use RFC1918 addressing. Consider scalability and secu
             
             logger.info(f"Remediation: {remediation_results['applied']} applied, "
                        f"{remediation_results['skipped']} require approval")
+        elif drift_results.get('remediation_plan'):
+            # Document skipped remediation when running in read-only mode
+            results['remediation'] = {
+                'applied': 0,
+                'skipped': len(drift_results['remediation_plan']),
+                'reason': 'read-only validation mode'
+            }
         
         if results['validation_passed']:
             logger.info("✓ Validation PASSED - network state matches SoT")

agent/topology_diagram.py

@@ -71,39 +71,59 @@ def generate_mermaid_diagram(topology: Dict) -> str:
         return "graph TD\n  A[No Topology Data]"
     
     lines = []
-    lines.append("graph TD")
+    lines.append("flowchart TD")
+    lines.append("  classDef started stroke:#16a34a,stroke-width:2px;")
+    lines.append("  classDef stopped stroke:#e11d48,stroke-width:2px;")
+    lines.append("  classDef planned stroke:#0ea5e9,stroke-dasharray: 4 2;")
     
     # Create node definitions with icons based on type
     node_map = {}
     for i, node in enumerate(nodes):
         node_id = f"N{i}"
-        node_map[node['name']] = node_id
+        node_map[node.get('name', f'node-{i}')] = node_id
         node_type = node.get('node_type', 'unknown')
         
-        # Choose icon based on type
-        if node_type == 'qemu' or 'SW' in node['name']:
+        # Choose icon based on type/role
+        if node_type == 'qemu' or 'SW' in node.get('name', ''):
             icon = "🔀"  # Switch
-        elif node_type == 'vpcs' or 'PC' in node['name'] or 'POS' in node['name']:
+        elif node_type == 'vpcs' or 'PC' in node.get('name', '') or 'POS' in node.get('name', ''):
             icon = "💻"  # PC
         elif node_type == 'cloud':
             icon = "☁️"  # Cloud
+        elif 'fw' in node.get('name', '').lower():
+            icon = "🛡️"  # Firewall
         else:
             icon = "📦"
         
         status = node.get('status', 'unknown')
+        role_label = node.get('node_type', 'node')
+        label = f"{icon} {node.get('name', 'node')}<br/>{role_label}"
+        lines.append(f'  {node_id}["{label}"]')
         if status == "started":
-            lines.append(f'  {node_id}["{icon} {node["name"]}<br/>🟢 Running"]')
+            lines.append(f"  class {node_id} started;")
         elif status == "stopped":
-            lines.append(f'  {node_id}["{icon} {node["name"]}<br/>🔴 Stopped"]')
+            lines.append(f"  class {node_id} stopped;")
         else:
-            lines.append(f'  {node_id}["{icon} {node["name"]}"]')
+            lines.append(f"  class {node_id} planned;")
     
-    # Add links (simplified - just show connections exist)
-    # Note: GNS3 link format is complex, this is a simplified version
+    # Add links with lightweight styling
     if links:
         lines.append("\n  %% Network Links")
-        # For now, just note that links exist
-        lines.append(f"  %% {len(links)} links configured")
+        for idx, link in enumerate(links):
+            src = link.get('src') or link.get('source') or link.get('a_node')
+            dst = link.get('dst') or link.get('target') or link.get('z_node')
+            src_id = node_map.get(src)
+            dst_id = node_map.get(dst)
+            if not src_id or not dst_id:
+                continue
+            label = link.get('label') or link.get('status') or ""
+            edge = f"  {src_id} ---"
+            if label:
+                edge += f"|{label}| "
+            else:
+                edge += " "
+            edge += f"{dst_id}"
+            lines.append(edge)
     
     return "\n".join(lines)
 
@@ -164,4 +184,13 @@ def generate_topology_summary(topology: Dict) -> str:
             console_type = node.get('console_type', 'telnet')
             summary.append(f"- **{node['name']}**: {console_type}://localhost:{console}")
     
+    if links:
+        summary.append("")
+        summary.append("### Sample Links")
+        for link in links[:5]:
+            src = link.get('src') or link.get('source') or link.get('a_node') or '?'
+            dst = link.get('dst') or link.get('target') or link.get('z_node') or '?'
+            link_status = link.get('status', 'planned')
+            summary.append(f"- {src} ↔ {dst} ({link_status})")
+    
     return "\n".join(summary)

app.py

@@ -186,6 +186,14 @@ textarea, input, select {
 
 
 def build_ui():
+    # Preload available GNS3 projects for brownfield imports
+    try:
+        project_choices = [
+            p.get("name") for p in get_lab_projects() if isinstance(p, dict) and p.get("name")
+        ]
+    except Exception:
+        project_choices = []
+
     with gr.Blocks(
         title="Overgrowth – a living digital environment",
         css=VINE_CSS,
@@ -260,6 +268,8 @@ def build_ui():
         6. 🤖 **Autonomous Deploy** - AI configures devices (Ansible/Netmiko)
         7. 👁️ **Observability** - Monitoring, SNMP, topology discovery
         8. ✅ **Validation** - pytest-based network testing & compliance
+        
+        _Brownfield ready: import existing NetBox/GNS3/SoT data, run simulation-only, and keep validation read-only._
         """)
         
         with gr.Row(elem_classes=["og-main-row"]):
@@ -274,6 +284,33 @@ def build_ui():
                     ),
                     lines=10,
                 )
+                mode_choice = gr.Dropdown(
+                    label="Pipeline Mode",
+                    choices=[
+                        "Design new (greenfield)",
+                        "Import from NetBox",
+                        "Import from GNS3",
+                        "Load existing SoT file"
+                    ],
+                    value="Design new (greenfield)"
+                )
+                gns3_project_input = gr.Dropdown(
+                    label="GNS3 project (brownfield)",
+                    choices=project_choices or ["overgrowth"],
+                    value=project_choices[0] if project_choices else "overgrowth"
+                )
+                sot_path_input = gr.Textbox(
+                    label="Existing SoT path",
+                    value="infra/network_model.yaml"
+                )
+                simulation_only = gr.Checkbox(
+                    label="Simulation-only (skip deployment)",
+                    value=True
+                )
+                read_only_validation = gr.Checkbox(
+                    label="Read-only validation (no remediation)",
+                    value=True
+                )
                 run_pipeline_btn = gr.Button("🚀 Run Full Pipeline", variant="primary", size="lg")
 
             with gr.Column(scale=2, elem_classes=["og-panel", "og-tabs"]):
@@ -294,7 +331,7 @@ def build_ui():
                         diagram_output = gr.HTML(label="Network Diagram")
 
         # Pipeline handler
-        def run_pipeline(user_input):
+        def run_pipeline(user_input, mode_choice, gns3_project, sot_path, simulation_only_flag, read_only_flag):
             """Execute the full automation pipeline"""
             from agent.pipeline_engine import OvergrowthPipeline
             from agent.llm_client import LLMClient
@@ -306,7 +343,24 @@ def build_ui():
                 llm_env = LLMClient.env_status()
                 
                 # Run the pipeline (this will generate API calls that get tracked)
-                results = pipeline.run_full_pipeline(user_input)
+                mode_map = {
+                    "Design new (greenfield)": None,
+                    "Import from NetBox": "netbox",
+                    "Import from GNS3": "gns3",
+                    "Load existing SoT file": "file",
+                }
+                chosen_source = mode_map.get(mode_choice)
+                if chosen_source:
+                    results = pipeline.run_brownfield_pipeline(
+                        consultation_input=user_input,
+                        source=chosen_source,
+                        project_name=gns3_project,
+                        sot_path=sot_path,
+                        simulation_only=simulation_only_flag,
+                        read_only_validation=read_only_flag,
+                    )
+                else:
+                    results = pipeline.run_full_pipeline(user_input)
 
                 # If the pipeline stopped early for clarifications, show questions and exit
                 if results.get("needs_more_input"):
@@ -338,7 +392,19 @@ def build_ui():
                 status += f"- Blaxel key: {llm_env.get('blaxel_key', 'missing')}\n"
                 status += f"- SambaNova key: {llm_env.get('sambanova_key', 'missing')}\n"
                 status += f"- Nebius key: {llm_env.get('nebius_key', 'missing')}\n"
-                status += f"- HuggingFace key: {llm_env.get('huggingface_key', 'missing')}\n\n"
+                status += f"- HuggingFace key: {llm_env.get('huggingface_key', 'missing')}\n"
+                status += f"- Modal key: {llm_env.get('modal_key', 'missing')}\n\n"
+                
+                mode_info = results.get("mode")
+                if mode_info:
+                    status += "### 🌳 Pipeline Mode\n"
+                    status += f"- Brownfield source: **{mode_info.get('source', 'greenfield')}**\n"
+                    status += f"- Simulation-only: {'Yes' if mode_info.get('simulation_only') else 'No'}\n"
+                    status += f"- Read-only validation: {'Yes' if mode_info.get('read_only_validation') else 'No'}\n"
+                    import_note = results.get("import_summary", {}).get("note") if isinstance(results.get("import_summary"), dict) else None
+                    if import_note:
+                        status += f"- Import notes: {import_note}\n"
+                    status += "\n"
                 if stats.errors:
                     from agent.api_monitor import monitor as api_monitor_instance
                     recent_errors = api_monitor_instance.get_recent_errors(limit=3)
@@ -390,6 +456,15 @@ def build_ui():
                             status += f"- ⚠️  {warning}\n"
                         status += "\n"
                 
+                status += "### Validation Findings\n"
+                status += f"- Errors: {len(preflight.get('errors', []))}\n"
+                status += f"- Warnings: {len(preflight.get('warnings', []))}\n"
+                status += f"- Info: {len(preflight.get('info', []))}\n"
+                if preflight.get('batfish_analysis'):
+                    bf = preflight['batfish_analysis']
+                    status += f"- Batfish: {'mock' if bf.get('mock_mode') else 'analysis ran'} | Loops: {len(bf.get('routing_loops', []))} | Undefined refs: {len(bf.get('undefined_references', []))}\n"
+                status += "\n"
+                
                 # Completed stages
                 status += "### Completed Stages:\n"
                 status += "0. " + ("✅" if ready_to_deploy else "❌") + " Pre-flight Validation\n"
@@ -398,11 +473,17 @@ def build_ui():
                 status += "3. ✅ Diagrams - Visualizations created\n"
                 status += "4. ✅ Bill of Materials - Shopping list ready\n"
                 status += "5. ✅ Setup Guide - Deployment instructions generated\n"
-                
+                sim_only = results.get("mode", {}).get("simulation_only")
+                ro_mode = results.get("mode", {}).get("read_only_validation")
                 if ready_to_deploy:
-                    status += "6. ⏳ Autonomous Deploy - Ready for execution\n"
-                    status += "7. ⏳ Observability - Ready for setup\n"
-                    status += "8. ⏳ Validation - Ready for verification\n\n"
+                    if sim_only or ro_mode:
+                        status += "6. 🧪 Autonomous Deploy - Skipped (simulation/read-only)\n"
+                        status += "7. 👁️ Observability - Snapshot only\n"
+                        status += "8. ✅ Validation - Read-only checks complete\n\n"
+                    else:
+                        status += "6. ⏳ Autonomous Deploy - Ready for execution\n"
+                        status += "7. ⏳ Observability - Ready for setup\n"
+                        status += "8. ⏳ Validation - Ready for verification\n\n"
                 else:
                     status += "6. 🚫 Autonomous Deploy - BLOCKED (fix validation errors)\n"
                     status += "7. 🚫 Observability - BLOCKED\n"
@@ -473,7 +554,7 @@ def build_ui():
         # Event Handlers
         run_pipeline_btn.click(
             fn=run_pipeline,
-            inputs=[pipeline_input],
+            inputs=[pipeline_input, mode_choice, gns3_project_input, sot_path_input, simulation_only, read_only_validation],
             outputs=[pipeline_status, sot_output, bom_output, setup_output, diagram_output, api_stats, api_activity],
         )
 

debug_network.py

@@ -1,9 +1,15 @@
 # debug_network.py
 import os, socket, requests
+from urllib.parse import urlsplit
 
 def debug_connectivity():
     print("DEBUG: OPENAI_API_KEY present:", bool(os.getenv("OPENAI_API_KEY")))
     print("DEBUG: ANTHROPIC_API_KEY present:", bool(os.getenv("ANTHROPIC_API_KEY")))
+    print("DEBUG: BLAXEL key present:", bool(os.getenv("BLAXEL_MCP_1ST_BDAY")))
+    print("DEBUG: SAMBA_NOVA key present:", bool(os.getenv("SAMBA_NOVA_MCP_1ST_BDAY")))
+    print("DEBUG: NEBIUS key present:", bool(os.getenv("NEBIUS_MCP_1ST_BDAY")))
+    print("DEBUG: HUGGING_FACE key present:", bool(os.getenv("HUGGING_FACE_MCP_1ST_BDAY")))
+    print("DEBUG: MODAL key present:", bool(os.getenv("MODAL_API_KEY") or os.getenv("MODAL_TOKEN")))
 
     for host in ["api.openai.com", "api.anthropic.com"]:
         try:
@@ -12,6 +18,23 @@ def debug_connectivity():
         except Exception as e:
             print(f"DEBUG: DNS FAILED for {host}: {e}")
 
+    # Probe sponsor endpoints if configured
+    def _check_host_from_url(env_var):
+        base = os.getenv(env_var)
+        if not base:
+            return
+        host = urlsplit(base).hostname
+        if not host:
+            return
+        try:
+            ip = socket.gethostbyname(host)
+            print(f"DEBUG: DNS for {env_var} ({host}) -> {ip}")
+        except Exception as e:
+            print(f"DEBUG: DNS FAILED for {env_var} ({host}): {e}")
+
+    for env_var in ["BLAXEL_BASE_URL", "SAMBA_NOVA_BASE_URL", "NEBIUS_BASE_URL", "HUGGINGFACE_MODEL", "MODAL_BASE_URL"]:
+        _check_host_from_url(env_var)
+
     try:
         r = requests.get("https://api.openai.com/v1/models", timeout=5)
         print("DEBUG: OpenAI /v1/models status:", r.status_code)