OCI Policy Analysis

Analyze Oracle Cloud IAM policies and identity data.

📘 Full documentation:
👉 https://agregory999.github.io/oci-policy-analysis

Limited Mode (Web)

• Overview doc: docs/source/limited_mode.md

Quick Start (Desktop App)

python3 -m venv .venv
source .venv/bin/activate
pip install -e .
python -m oci_policy_analysis.main

Quick Start (Web App Only)

If you want web mode only (no desktop/Tk workflow):

python3 -m venv .venv
source .venv/bin/activate
pip install -e ".[web]"
oci-policy-analysis-web --host 127.0.0.1 --port 8000

Then open: http://127.0.0.1:8000

Quick Start (Using Local Helper Scripts)

Build and run by mode:

./local-build.sh --mode web
./local-run.sh --mode web --host 127.0.0.1 --port 8000

Other supported modes:

• desktop

• web

• cli

• mcp

• all (build script only)

Server / Nohup Example (Web)

nohup ./local-run.sh --mode web --host 0.0.0.0 --port 8080 > oci-policy-analysis-web.log 2>&1 &

Check process/logs:

ps -ef | grep oci-policy-analysis-web
tail -f oci-policy-analysis-web.log

Run the Web App via PyPI (no repo clone)

(Won’t work until out of beta)

Install in a virtual environment and run the packaged web entrypoint:

python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install "oci-policy-analysis[web]"
oci-policy-analysis-web

For server usage, you can run with explicit bind options:

oci-policy-analysis-web --host 0.0.0.0 --port 8080

Example startup script (start-oci-policy-analysis-web.sh):

#!/usr/bin/env bash
set -euo pipefail

source /opt/oci-policy-analysis/.venv/bin/activate
exec oci-policy-analysis-web --host 0.0.0.0 --port 8080

Then make executable and run:

chmod +x start-oci-policy-analysis-web.sh
./start-oci-policy-analysis-web.sh

Or run a packaged release right from your desktop:

oci-policy-analysis.exe   # Windows
oci-policy-analysis.app   # macOS

For the executables, disable the OS Security for the application so it can run.

• MAC: Settings -> Privacy & Security - Open Anyway

• Windows: Double-click EXE -> More Info - Run Anyway

Contents

User Guide

• Overview
  • Core Capabilities
  • Advanced Capabilities
  • Feature Availability Matrix (by Startup Mode)
  • Run Modes (Architecture-at-a-Glance)
• Setup
  • Server-first pip installs (no git clone)
• Desktop Setup
  • Choose Desktop Setup When
  • Installation Options
  • Helper Scripts (optional)
  • Permissions & Authentication
  • Troubleshooting (Desktop)
  • Related Core-Only Setups
• Web Setup
  • Choose Web Setup When
  • Prerequisites
  • Install (non-Tk web profile)
  • Install via Local Build Scripts (non-Tk web-only)
  • Start the Web Server
  • Load Balancer Guidance
  • First Browser Login: Runtime Access Key
  • Permissions Required and Authentication
  • Quick Post-Deploy Validation (Web)
  • Troubleshooting (Web)
  • Related Core-Only Setups
• UI Application - Usage
  • Getting Started
  • Starting the UI
  • Working with Tabs in the Application
• Architecture
  • Data Model
  • Layers
  • Policy Parsing
  • Caching
  • Settings
  • Logging
  • Feature/Tab Architecture & Context File Reference
  • Core Runtime Architecture (4 Consumer Paths)
• Simulation
  • Table of Contents
  • Introduction
  • Components of a Simulation
  • Loading and Editing Where-Clause Variables
  • Deny Statements
  • Running the Simulation
  • Interpreting Results
  • Simulation History
  • Best Practices & Advanced Usage
  • Related Features & See Also
• Recommendations Tab: Guided Policy Analytics & Remediation
  • How Does It Work?
  • Navigating the Recommendations Tab
  • Usage Tips & Workflow Suggestions
  • Further Reading: AI Context & Detailed Architecture
• MCP Server
  • MCP Architectures
  • Running MCP from OCI Policy Analysis
  • Core-Only Install for MCP (No Web/Desktop Extras)
  • Setup for MCP Locally or on a Server
  • Secure Deployment on OCI (Outline Steps)
  • Available MCP Tools
  • 💡 Usage Tips
• Command-Line Interface (CLI)
  • CLI Usage
  • Install Profiles (Core vs Web/Desktop)
  • CLI Options
  • Usage Examples
  • Generating a Cache for Secure MCP Server Use
• Web UI Styling Guide
  • Goals
  • CSS documentation conventions
  • HTML documentation conventions
  • Naming conventions
  • Reuse-first rules
  • Context help pattern
  • Recommended checklist for new pages
• Limited Mode (Web)
  • What Limited Mode Enables
  • Roles
  • Scope Model
  • Authentication and Session Behavior
  • What Limited Users Can Access
  • What Limited Users Cannot Access
  • Backend Enforcement (Important)
  • Admin Usage: Managing Limited Profiles
  • Verification and Testing Notes
• Logging and Troubleshooting
  • 1. Global Logging by Component
  • 2. JSON Debugger Tab
  • 3. Troubleshooting Topics
  • Further Reading

API Reference

• OCI Policy Analysis Main Entry Points
  • User Interface application
  • Command Line Interface
  • Standalone MCP Server
• OCI Policy Analysis UI
  • SettingsTab
  • PoliciesTab
  • DynamicGroupsTab
  • UsersTab
  • ReportTab
  • ConsoleTab
  • PolicyRecommendationsTab
  • McpTab
  • ResourcePrincipalsTab
  • MaintenanceTab
  • DataTable
  • CheckboxTable
• OCI Policy Analysis Data and Logic
  • Policy Repository
  • Reference Data Repository
  • GenAI Integration
  • Policy Intelligence & Analytics
  • Simulation Engine
• Recommendation Strategies
• OCI Policy Analysis Common Components
  • Data Models
  • Display Helper Functions
  • Cache Manager
  • Global Logger

Other

• AI & Project Context Reference
• macOS & PyInstaller: Additional Notes for Tkinter Context Menus