OCI Policy Analysisο
Analyze Oracle Cloud IAM policies and identity data.
π Full documentation:
π https://agregory999.github.io/oci-policy-analysis
For standalone MCP deployment on OCI Container Instances (OCIR image + instance principal), see:
For optional OAuth protection of remote MCP deployments with OCI Identity Domains, see:
Limited Mode (Web)ο
Overview doc: docs/source/limited_mode.md
Quick Start (Desktop App)ο
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
python -m oci_policy_analysis.main
Quick Start (Web App Only)ο
If you want web mode only (no desktop/Tk workflow):
python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[web]"
oci-policy-analysis-web --host 127.0.0.1 --port 8000
Then open: http://127.0.0.1:8000
Quick Start (Using Local Helper Scripts)ο
Build and run by mode:
./local-build.sh --mode web
./local-run.sh --mode web --host 127.0.0.1 --port 8000
Other supported modes:
desktopwebclimcpall(build script only)
Server / Nohup Example (Web)ο
nohup ./local-run.sh --mode web --host 0.0.0.0 --port 8080 > oci-policy-analysis-web.log 2>&1 &
Check process/logs:
ps -ef | grep oci-policy-analysis-web
tail -f oci-policy-analysis-web.log
Run the Web App via PyPI (no repo clone)ο
(Wonβt work until out of beta)
Install in a virtual environment and run the packaged web entrypoint:
python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install "oci-policy-analysis[web]"
oci-policy-analysis-web
For server usage, you can run with explicit bind options:
oci-policy-analysis-web --host 0.0.0.0 --port 8080
Example startup script (start-oci-policy-analysis-web.sh):
#!/usr/bin/env bash
set -euo pipefail
source /opt/oci-policy-analysis/.venv/bin/activate
exec oci-policy-analysis-web --host 0.0.0.0 --port 8080
Then make executable and run:
chmod +x start-oci-policy-analysis-web.sh
./start-oci-policy-analysis-web.sh
Or run a packaged release right from your desktop:
oci-policy-analysis.exe # Windows
oci-policy-analysis.app # macOS
For the executables, disable the OS Security for the application so it can run.
MAC: Settings -> Privacy & Security - Open Anyway
Windows: Double-click EXE -> More Info - Run Anyway

Contentsο
User Guide
- Overview
- Setup
- Desktop Setup
- Web Setup
- Choose Web Setup When
- Prerequisites
- Install (non-Tk web profile)
- Install via Local Build Scripts (non-Tk web-only)
- Start the Web Server
- Load Balancer Guidance
- First Browser Login: Runtime Access Key
- Permissions Required and Authentication
- Quick Post-Deploy Validation (Web)
- Troubleshooting (Web)
- Related Core-Only Setups
- MCP Deployment on OCI Container Instance
- MCP OAuth with OCI Identity Domains
- UI Application - Usage
- Architecture
- Simulation
- Related Permission Checks
- Recommendations Tab: Guided Policy Analytics & Remediation
- Tag-Based Policy Search
- MCP Server
- MCP and Policy Search Examples
- Result Detail Levels
- Principal Keys and Structured Fields
- Compartment Lookup
- Simple Statement Text Search
- Human Principal Search
- Service Principal Search
- Subject Text Search
- Resource Principal, Specific Resource
- Resource Principal, Compartment Scope
- Instance Principal, Dynamic Group Rule
- Instance Principal, Specific Instance
- Tag-Based Condition Search
- Condition Display Fields
- Search Set: Service Installation Validation
- History Search
- Data Operations
- MCP Call Logging
- OKE Workload Identity Querying
- Command-Line Interface (CLI)
- Web UI Styling Guide
- Limited Mode (Web)
- Logging and Troubleshooting