Architecture

The system is designed as a hierarchical multi-agent ecosystem. It uses a central Supervisor (Liz) to orchestrate requests across multiple specialized AI Agents, each connected to one or more MCP (Model Context Protocol) servers.

Components

The Supervisor (Liz)

Liz is the entry point of the system and the orchestrator of the user experience. Rather than executing every technical task directly, Liz acts as an intelligent Router.

  • Analyzes the user’s prompt to determine the required domain (e.g., Security, Provisioning, or Fleet).

  • Consults the AIAgentConfig metadata to select the most appropriate specialized Agent for the task.

  • Tracks the user’s location in the Rancher UI and ensures relevant cluster, namespace, and resource metadata are passed to the downstream Agents to provide a "context-aware" response.

Specialized AI Agents (The "Crew")

The Specialized Agents are the workhorses of the system. Each agent is the orchestrator of its specific domain’s intelligence. It uses a Large Language Model (LLM) as its reasoning engine, while the agent itself provides the structure, coordination, and secure execution of actions.

  • LLM (Reasoning Engine):

    • Interprets user inputs expressed in natural language.

    • Performs the reasoning: breaks down complex requests into smaller steps.

    • Decides what should happen next (keep reasoning vs. take action).

    • Synthesizes outputs from tools into clear, human-readable responses.

  • Agent (Orchestrator):

    • Wraps the LLM with the ReAct (Reason + Act) pattern.

    • Decides when to let the LLM keep reasoning or when to act on its instructions.

    • Calls external tools (via the MCP Server) as directed by the LLM.

    • Ensures secure interactions by passing the user’s Rancher token to the MCP server for authentication and authorization.

MCP Server

The MCP Server acts as a secure, controlled gateway between the ReAct Agent and the Rancher and Kubernetes APIs. Its functions include:

  • Exposing Tools: It provides a set of well-defined, safe tools (API endpoints) that the ReAct Agent can call. These tools abstract away the complexity of direct Rancher/Kubernetes API interactions.

  • Interaction with Rancher: It translates tool calls from the agent into the appropriate API requests to the Rancher management server, retrieving or modifying resources as needed.

UI Extension

The UI Extension provides the user-facing chat interface within the Rancher dashboard. It is designed to be a seamless part of the Rancher experience and is responsible for:

  • User Input: It captures user queries and sends them to the ReAct Agent.

  • Displaying Responses: It receives responses from the ReAct Agent and presents them in a chat-like format.

How It Works (The Flow)

  1. User Request: The user submits a query through the UI Extension.

  2. Supervisor Routing: Liz identifies the intent and routes the query, along with the UI context, to the specialized Agent (for example, the Fleet Agent).

  3. LLM Reasoning: The specialized Agent’s LLM interprets the request, reasons about the problem, and proposes an action plan.

  4. Agent Acting: If the plan requires external operations, the agent calls the appropriate MCP Server tools using the user’s secure token.

  5. Response Formulation: The LLM takes the tool outputs and crafts a coherent, human-readable response.

  6. Final Response: Liz delivers the Agent’s synthesized answer back to the UI.

graph TD subgraph "A. User Interaction" User[User / DevOps] UI[UI Extension] end subgraph "B. Supervisor Layer" Liz{Liz Supervisor} end subgraph "C. Specialized Agents (ReAct)" RancherAgent(Rancher Agent) FleetAgent(Rancher Fleet Agent) ProvAgent(Rancher Provisioning Agent) AppCoAgent(SUSE Application Collection Agent) ObsAgent(SUSE Observability Agent) SecAgent(SUSE Security Agent) CustomAgent(Custom Agent) end subgraph "LLM Reasoning Layer (Applicable to all Agents)" direction LR LocalLLM[Local LLM] PublicLLM[Public LLM] end subgraph "D. Infrastructure Gateways" MCP1[Rancher MCP] MCP2[Application Collection MCP] MCP_Obs[Observability MCP] MCP_Sec[Security MCP] MCP4[Third-party MCP] end subgraph "E. Data & APIs" RancherAPI[(Rancher / K8s API)] AppCoAPI[(Application Collection API)] MetricsDB[(SUSE Observability / Metrics)] VulnDB[(Security / CVE Scans)] ExternalAPI[(External System)] end %% Flow User -- "1. Query" --> UI UI -- "2. Context + Intent" --> Liz Liz -- "3. Routes" --> RancherAgent Liz --> FleetAgent Liz --> ProvAgent Liz --> AppCoAgent Liz --> ObsAgent Liz --> SecAgent Liz --> CustomAgent %% Reasoning Loop Example RancherAgent -. "Reasoning Engine" .-> LocalLLM RancherAgent -. "Reasoning Engine" .-> PublicLLM %% Reason + Act connections RancherAgent -- "4" --> MCP1 FleetAgent -- "4" --> MCP1 ProvAgent -- "4" --> MCP1 AppCoAgent -- "4" --> MCP2 ObsAgent -- "4" --> MCP_Obs SecAgent -- "4" --> MCP_Sec CustomAgent -- "4" --> MCP4 %% API Connections MCP1 -- "5" --> RancherAPI MCP2 -- "5" --> AppCoAPI MCP_Obs -- "5" --> MetricsDB MCP_Sec -- "5" --> VulnDB MCP4 -- "5" --> ExternalAPI %% Style style Liz fill:#f9f,stroke:#333,stroke-width:2px style LocalLLM fill:#fff3cd,stroke:#ffc107,stroke-dasharray: 5 5 style PublicLLM fill:#fff3cd,stroke:#ffc107,stroke-dasharray: 5 5 style Note fill:#fff,stroke:none style RancherAgent fill:#d4edda,stroke:#28a745 style FleetAgent fill:#d4edda,stroke:#28a745 style ProvAgent fill:#d4edda,stroke:#28a745 style AppCoAgent fill:#d4edda,stroke:#28a745 style ObsAgent fill:#d4edda,stroke:#28a745 style SecAgent fill:#d4edda,stroke:#28a745 style MCP_Obs fill:#cce5ff,stroke:#007bff style MCP_Sec fill:#cce5ff,stroke:#007bff