OCI Policy Analysis Main Entry Points
Top-level package for OCI Policy Analysis.
This package provides the main analysis, caching, and UI components.
User Interface application
The Tkinter UI can be launched directly by executing the module as a script.
The entrypoint is defined using the standard Python if __name__ == "__main__": pattern:
if __name__ == "__main__":
app = App()
app.mainloop()
You can run the UI directly:
python -m oci_policy_analysis.main
- class oci_policy_analysis.main.App(*args: Any, **kwargs: Any)[source]
Bases:
TkMain User Interface entry point for OCI Policy Analysis application. Inherits from tk.Tk (TKinter) to create the main application window. Tabbed interface with multiple tabs for different analysis features. Helper classes and Repositories for data management and AI integration.
- _import_cache_from_json(callback: dict | None = None)[source]
Imports cached policy analysis data from a JSON file selected by the user.
- Parameters:
callback (dict, optional) – A dictionary of callback functions for progress, error, and completion.
- _export_cache_to_json()[source]
Exports the current cached policy analysis data to a JSON file selected by the user.
- refresh_all_tabs_settings()[source]
Call apply_settings (context help and font) for all tabs that support it.
- apply_theme(*args)[source]
Apply the selected font size from settings to the application style. Not currently exposed in UI, but used at startup to set font size from saved settings.
TODO: Expand to full theme support if desired.
- Parameters:
*args – Optional arguments (not used).
- toggle_bottom()[source]
Toggle the visibility of the bottom output frame. Only available after AI is set up.
- load_tenancy_async(tenancy_id, recursive, instance_principal, named_profile=None, named_session=None, named_cache=None, load_all_users=True, callback=None)[source]
Asynchronously loads tenancy data, policies, and compartments. Requires parameters for authentication method, whether to load compartments recursively, and optional named profile/session/cache.
- Parameters:
tenancy_id (str) – The OCID of the tenancy to load.
recursive (bool) – Whether to load compartments recursively.
instance_principal (bool) – Whether to use instance principal authentication.
named_profile (str) – The named profile to use for authentication.
named_session (str) – The named session token if applicable.
named_cache (str) – The named cache file to load if applicable.
callback (dict, optional) – A dictionary of callback functions for progress, error, and completion
- load_compliance_output_async(dir_path: str, callback: dict | None = None, load_all_users: bool = True)[source]
Asynchronously loads policy, compartment, group, user, dynamic group, and domain data from compliance output .csv files. :param dir_path: The directory containing compliance output files as per spec. :type dir_path: str :param callback: Callbacks for progress, error, and complete. :type callback: dict, optional :param load_all_users: If False, skip loading users. Defaults to True. :type load_all_users: bool, optional
- ask_genai_async(prompt: str, additional_instruction: str = '', callback=None, test_call: bool = False)[source]
Asynchronously queries the GenAI model with the given prompt and additional instructions.
- set_bottom_output(content: str, test_call: bool = False)[source]
Display the given string content as plain text in the output_text widget.
Command Line Interface
The command line interface can be launched directly by executing the module as a script.
The entrypoint is defined using the standard Python if __name__ == "__main__": pattern:
if __name__ == "__main__":
app = App()
app.mainloop()
You can run the CLI directly:
python -m oci_policy_analysis.cli
Parameters can be passed to the CLI as arguments. Documented below.
- oci_policy_analysis.cli.main()[source]
Entry point for the OCI Policy and Dynamic Group Viewer CLI.
Parses command-line arguments to load, filter, display, or export OCI identity and policy information from Oracle Cloud Infrastructure (OCI) using cached or live data.
Parameters
- –verbosebool
Enable verbose logging.
- –app-logbool
Log output to app.log instead of console.
- –instance-principalbool
Use instance principal authentication.
- –get-cachesstr
List available caches for the given tenancy.
- –print-allbool
Print all policies and dynamic groups.
- –recursivebool
Recursively load policies across all compartments.
- –use-cachestr, optional
Load data from a specified combined cache file.
- –dont-save-cache-after-loadbool
Prevent saving a new combined cache after loading from OCI.
- –profilestr
OCI CLI profile to use (default
DEFAULT).- –filter-jsonstr, optional
A JSON filter expression for policies.
- –export-jsonstr, optional
Write collected data to a JSON file.
- Usage Examples:
To print all policies and dynamic groups using the ADMIN profile with verbose logging:
python -m oci_policy_analysis.cli --verbose --profile ADMIN --print-allTo list available caches for a tenancy named “example-tenancy”:
python -m oci_policy_analysis.cli --get-caches example-tenancyTo load data from a specific cache and export to JSON:
python -m oci_policy_analysis.cli --use-cache 2024-11-17T10-43-08+00-00To filter policies with a JSON expression:
python -m oci_policy_analysis.cli --filter-json '{"Subject": "group1", "Verb": "read"}'
- returns:
None. Provides console output and/or writes files as specified.
Standalone MCP Server
The standalone MCP server can be launched directly by executing the module as a script.
The entrypoint is defined using the standard Python if __name__ == "__main__": pattern:
if __name__ == "__main__":
main()
You can run the MCP server directly:
python -m oci_policy_analysis.mcp_server
Parameters can be passed to the MCP server as arguments as part of the command line. Examples:
To use STDIO and starting as a sub-process from Claude, you must edit the claude_desktop_config.json` file. Parameters such as loading from cache can be passed as arguments. The following config: * runs python from a virtual environment * runs the mcp_server.py module * uses the –use-cache argument with a specified cache name to load from cache * sets the MCP_STDIO_MODE environment variable to enable STDIO mode
{
"mcpServers": {
"oci-policy-stdio": {
"command": "/Users/agregory/oci-policy-analysis/.venv/bin/python",
"log_level": "debug",
"args": [
"/Users/agregory/oci-policy-analysis/src/oci_policy_analysis/mcp_server.py",
"--use-cache",
"mmytenancy_2025-10-29-16-52-22-UTC"
],
"env": {
"MCP_STDIO_MODE": "1"
},
"type": "stdio"
}
}
}
Another example to run the MCP server in normal STDIO mode from the command line, loading from the tenancy directly:
{
"mcpServers": {
"oci-policy-stdio": {
"command": "/Users/agregory/oci-policy-analysis/.venv/bin/python",
"log_level": "debug",
"args": [
"-m",
"oci_policy_analysis.mcp_server",
"--profile",
"DEFAULT"
],
"env": {
"MCP_STDIO_MODE": "1"
},
"type": "stdio"
}
}
}
Connecting to the MCP server from Claude Desktop directly to HTTP requires the use of mcp-proxy to bridge between Claude Desktop and the MCP server. This is separately documented in the mcp-proxy documentation.
Example configuration, if using the embedded MCP server running on localhost port 8765 with streamablehttp transport:
{
"mcpServers": {
"oci-policy-http": {
"command": "mcp-proxy",
"args": [
"http://127.0.0.1:8765/mcp",
"--transport",
"streamablehttp"
]
}
}
}