Agentic Operations

Itential FlowAI

FlowAI is the agentic layer of the Itential Platform. Build, run, and govern FlowAgents that reason through goals and act on real infrastructure – with the same governance applied to every action.

Request a Demo Watch a Demo

The Agentic Layer

Build FlowAgents That Reason, Act, & Stay Governed

FlowAI is how infrastructure teams put AI agents to work on real infrastructure, safely and at enterprise scale, on a platform you already trust. Every agent reasons through real conditions, acts through the Itential Platform’s governed execution layer, and operates within the autonomy thresholds you set at build time.

From Intent to Impact: Building Production Network Agents in Minutes

Tools

Every workflow, automation, API, and gateway service on the platform is registered as a callable agent tool. Structured inputs, defined outputs, governed execution. Agents act through tools, never directly.

Skills

Repeatable task expertise encoded as structured agent instructions. Define how a network engineer would handle a vulnerability response, an OS upgrade, or a config drift, and the agents follow that expertise, not improvised reasoning.

Context

Agents reason over live infrastructure state and scoped data, not stale documentation or untyped prompts. Real device inventory. Real config state. Real ticket history. Reasoning grounded in what’s actually true right now.

Governance

Three layers of control: who can build agents, what tools each agent can call, and who can execute them. Configured at build time. Enforced by the platform at runtime. Agents cannot self-escalate.

FlowAgent Builder

Build FlowAgents With Scoped Authority From Day One

FlowAgent Builder is where agents are created and governed before they ever run. Define the agent’s purpose, reasoning style, and exact tool scope: which workflows, automations, APIs, and gateway services it can discover and invoke. Set autonomy thresholds and human-in-the-loop approval requirements per operation type. Nothing outside the defined scope is discoverable or callable at runtime. By the time an agent reaches production, control is already locked in.

How to Build FlowAgents

Role & Reasoning Style

Define the agent’s persona, goal orientation, and reasoning approach. Configured at build time, enforced at runtime.

No Open Access, Defined Scope Only

Every agent gets an explicit set of callable tools. Nothing outside that scope is visible or invocable by the agent.

Human in the Loop

Configure approval requirements per operation type and blast-radius threshold. Agents propose. Humans approve above defined risk levels.

FlowAgents

Agents That Reason Through Goals & Execute Through Governed Tools

FlowAgents run a ReAct reasoning loop: observe current infrastructure state, reason through the goal, select the right tool, act, observe the result, and reason again. Every action routes through the platform’s governed execution engine, calling workflows, automations, APIs, and gateway services as structured tools. No direct infrastructure access, no open-ended execution. An idea that used to take six weeks to spec, build, and ship now takes an afternoon.

Explore Agent Types

ReAct Reasoning Loop

Agents observe, reason, act through governed tools, and observe outcomes. Adapting without leaving defined operational boundaries.

Everything as Callable Tools

Every published workflow, automation, API, and gateway service is registered in the agent’s tool library: structured inputs, defined outputs, governed execution.

No Direct Infrastructure Access

Agents never touch infrastructure directly. Every action passes through the execution engine, RBAC enforced, audit trail generated automatically.

When you’re operating infrastructure at Lumen’s scale, the question was never whether AI could help – it was whether we could trust it in production and Itential’s FlowAI answered that. Our teams were building production-ready agents in minutes, within the same governance and access controls we already rely on. As we build the next digital backbone for AI, this is the next evolution in our journey with Itential and it’s redefining how we operate networks at scale.

Greg Freeman

Vice President, Network and Customer Transformation, Lumen

MCP Connectivity

Connect Any AI System & Govern Every Action

FlowAI connects the Itential Platform to the broader AI ecosystem, inbound and outbound. Every API already integrated with Itential is an agent tool, no new MCP server required to get started. When MCP fits, the Itential MCP Server enables external LLMs (Claude, ChatGPT, Gemini) to call platform workflows as governed tools. The FlowMCP Gateway enables agents to invoke external MCP tools (NetBox, Selector, Forward Networks) for intelligence enrichment during execution. Both directions enforce schema validation, RBAC, and full audit trails.

Explore Itential MCP

Itential MCP Server

External LLMs connect via open-source MCP. Any compatible model can discover and call platform workflows as structured, governed tools.

Bring Your Own LLM

Connect any LLM you already use: Claude, ChatGPT, Gemini, or your own custom model. Every reasoning request flows through the same governed execution layer.

FlowMCP Gateway

Agents call external MCP tools (NetBox, Selector, any MCP-compatible service) for intelligence enrichment before or during governed execution.

Agent Governance

Agent Control Set at Build Time, Enforced at Runtime

Three distinct layers of control: who can build agents, what those agents can access, and who can execute them. Each layer is configured at build time and enforced by the platform at runtime. Agents cannot self-escalate beyond what was defined when they were built.

How to Govern Agent Sprawl

icon showing a checkmark on lines of text or code

Builder Access

Who can build agents and with which tools is scoped per role. A DDI engineer sees DDI adapters and endpoints. A network engineer sees theirs. Not every builder gets every capability.

Agent Permissions

Once built, an agent’s toolset is fixed. Only the workflows, automations, APIs, and gateway services explicitly defined at creation are discoverable or callable. An agent built to read can’t be prompted into deleting.

Execution Control

Who can trigger an agent, from where, and under what conditions is governed separately. Human-in-the-loop checkpoints can be inserted at any stage before irreversible actions, with full attribution logged on every request.

How it Works

How a FlowAgent Goes From Idea to Action

Define the agent’s purpose and tool scope. Ground it in live infrastructure context. Let it reason through goals. Route every action through the platform’s execution engine. Audit every step. Five stages, one engine, the same enforcement at every layer.

Explore the Platform

Define

Configure the agent’s purpose, reasoning style, and exact tool scope in FlowAgent Builder. Set autonomy thresholds before the agent ever runs.

Context

Connect the agent to live infrastructure context and relevant skills. Reasoning happens over real device state, real config, real ticket history.

Reason

The agent runs a ReAct loop: observe state, reason through the goal, select the right tool, and act. Adapting to conditions without leaving scope.

Execute

Every action routes through the platform’s governed execution engine. Workflows, automations, APIs, and gateway services run with RBAC and approval gates applied.

Visibility

Every reasoning step, tool call, and action is logged with full attribution. The complete execution trail is exportable.

FlowAI Use Cases

FlowAgents in Production

FlowAgents are running in production today across signal-driven response, ticket-driven change, scheduled lifecycle ops, and incident triage. Every action routes through the same execution layer, with the same RBAC, approval gates, and audit trail applied.

Self-Service Operations

FlowAgent for Network Device Health Checks, on Demand

A single FlowAgent runs platform, routing, interface, environmental, or security posture checks, depending on what the operator selects. The workflow renders the prompt dynamically at runtime, the agent reasons through device state, and the same governed engine executes the result. One agent definition. Five jobs. Zero agent sprawl.

Watch the Demo

Incident Triage

Triage ServiceNow Incidents With a FlowAgent

A ServiceNow incident is opened. A FlowAgent reads the incident context, queries live device state, runs the right diagnostic tools, and recommends a fix. Low-risk operations execute under governed automation. High-risk changes surface to the operator with full diagnostic chain attached. Mean-time-to-resolve collapses without trading away control.

Watch the Demo

Lifecycle Operations

Server Patch Readiness, Reasoned by a FlowAgent

A FlowAgent assesses patch readiness across the server estate, evaluates dependencies and maintenance windows, and triggers Ansible playbooks as callable tools. Pre-checks before, post-checks after, every action logged. Existing Ansible investments become tools an agent can reason over.

Watch the Demo

Get Started

Building Your First FlowAgent in Minutes

John Capobianco walks through building his first FlowAgent from scratch in the Itential Platform. Define the agent’s purpose. Select its tools. Set its autonomy thresholds. Run it against real infrastructure. A practical look at how a FlowAgent comes together.

Watch the Demo

Keep Learning

Dive Deeper into Itential FlowAI

Blogs

451 Research Validates FlowAI as the Foundation for Autonomous, Governed Infrastructure Operations

See FlowAI in Action

See how FlowAI gives agents the tools, context, and governed execution layer to take real infrastructure action, safely and at scale, with a full audit trail on every action.

Talk to an Expert

Frequently Asked Questions

–+

A workflow is deterministic, a defined sequence of steps with validation, approval gates, and rollback built in. It executes exactly as built, every time. A FlowAgent is the reasoning layer above workflows: it interprets a goal, queries infrastructure state, selects the right workflows as tools, and sequences them based on what it finds. Agents adapt. Workflows execute predictably. The agent reasons, the workflow executes.

–+

Every FlowAgent is configured in FlowAgent Builder before it runs. Define the agent’s purpose, reasoning style, and an explicit set of callable tools: workflows, automations, APIs, and MCP services. Nothing outside that set is visible or callable at runtime. Configure human-in-the-loop approval requirements per operation type and blast-radius threshold. Scope, autonomy, and enforcement are set at build time and applied by the platform at runtime.

–+

The agent observes current infrastructure state relevant to its goal, reasons through what action is required, selects a tool and acts, then observes the result and reasons again. This loop continues until the goal is achieved or human input is required. Every action routes through the platform’s execution engine with RBAC enforced and an audit trail generated, regardless of how many reasoning cycles ran before acting.

–+

External LLMs (Claude, ChatGPT, Gemini, or any custom model) connect via the Itential MCP Server, available as open-source. Any MCP-compatible system can call platform workflows as callable tools. The FlowMCP Gateway works in the other direction, letting agents call external MCP tools (NetBox, Selector, Forward Networks) for intelligence enrichment during execution.

–+

Both, and it’s configured per agent and per operation. FlowAgent Builder sets autonomy thresholds precisely: fully autonomous for low-risk operations below a defined blast-radius threshold, human-in-the-loop for operations requiring explicit approval, or human-on-the-loop for monitored execution without per-step approval. Settings are configured at build time and enforced at runtime. Agents cannot self-escalate autonomy beyond what was defined when they were built.

–+

LangChain and LangGraph build agent reasoning logic well, but leave the execution layer entirely to you. API wrappers, secrets management, RBAC, audit logging, rollback, approval gates: all custom code your team owns in production. FlowAI provides the execution layer those frameworks don’t. Agents reason in any framework and execute through Itential, with every action carrying pre/post validation, RBAC enforcement, and a complete audit trail without you having to build that infrastructure yourself.

–+

AI assistants like Microsoft Copilot surface recommendations. They don’t execute infrastructure changes. An assistant can suggest a remediation. It cannot validate pre-conditions across thousands of devices, execute changes via a governed workflow, confirm post-change state, and produce an immutable audit trail within defined approval thresholds. FlowAI closes that gap. Copilot and similar assistants connect to Itential via MCP: the assistant reasons, Itential executes. The insight and the action finally connect.

–+

Yes. Existing Ansible playbooks, Python scripts, and OpenTofu plans become callable tools that FlowAgents can reason over and invoke. Engineers keep building in the tools they already use. The platform handles execution, RBAC, audit logging, and rollback for every call, whether the trigger is an agent, a workflow, or a human.