oci-administrator

Read-only OCI IAM posture snapshot — compartments, policies, broad grants, users without MFA.

Manage friendly OCI contexts (name -> profile + compartment + region) so you never paste OCIDs.

Read-only OCI cost, usage, and budget summary — spend by service plus configured budgets.

Read-only OCI Data Safe overview — registered targets + latest security-assessment state.

Search the OCI skill pack's KB for a known fix before debugging from scratch.

Generic, tenancy-agnostic Oracle Cloud Infrastructure (OCI) administration skill. Use whenever the user asks to administer, audit, configure, provision, inspect, secure, or troubleshoot an OCI tenancy — IAM (users, groups, dynamic groups, policies, compartments, budgets, quotas, service limits, tags), Security & Compliance (Cloud Guard, Vault/KMS, Security Zones, WAF, CIS / ISO-42001 scanning, policy review), Observability & Database (APM, Log Analytics, Monitoring, alarms, Database Management, Operations Insights), or Networking & Compute (VCN, subnets, NSGs, route tables, load balancers, OKE, compute instances, OCIR). Triggers on mentions of OCI, oci-cli, OCID, compartment, tenancy, IAM policy, Cloud Guard, Vault, WAF, OKE, VCN, NSG, Log Analytics, OCL, Logan, log query, APM, service limits, cost, usage, spend, budget, billing, Usage API, FinOps, DBM, OPSI, Data Safe, Resource Manager, ORM, Terraform stack, Functions, Events, Notifications, Service Connector Hub, serverless, or ~/.oci/config. Use this as the **default entry point for any Oracle Cloud / OCI task** — it then routes deep OKE day-2 (GVA, Multus, cluster troubleshooting), OCI Generative AI / Enterprise AI, and in-database work to the official oracle/skills collection (see references/oracle-skills-alignment.md). This is the tenancy-agnostic admin pack; for the OCI-DEMO component system use oracle-oci-management instead.

Cost, usage, and budget reporting (FinOps) for any OCI tenancy via oci-cli: spend grouped by service / compartment / region over a time window using the Usage API, budgets and alert rules (limit vs actual vs forecast), cost-tracking tags, and guardrail recommendations. Use whenever a request mentions OCI cost, spend, billing, invoice, usage, Usage API, budget, forecast, cost alert, FinOps, "what is this tenancy costing", or cost-tracking tags. Read-only by default; for creating budgets it defers to oci-iam-admin.

OCI Data Safe administration via oci-cli and the OCI SDK: target-database registration (Autonomous and Base DB / Exadata cloud service), Data Safe private endpoints, Security Assessment and User Assessment, Activity Auditing (scim_query time filters), Data Discovery (sensitive data models), and Data Masking. Use whenever a request mentions OCI Data Safe, target database registration, Data Safe private endpoint, security assessment, user assessment, activity auditing, audit policy/retention, sensitive data discovery, data masking, or a database NEEDS_ATTENTION / ORA-01017 in Data Safe. Assessments are read; registration/masking/audit-policy changes go through the safety core.

OCI event-driven and serverless administration via oci-cli, Fn, and the OCI SDK: OCI Functions (applications, fn deploy to OCIR, invoke, config, memory/ timeout), the Events service (rules, CloudEvents eventType conditions, FAAS/ONS/ STREAMING actions), Notifications/ONS (topics, subscriptions, the PENDING confirmation gotcha), Service Connector Hub (source→task→target fan-out and the serviceconnector service-principal policy), and Streaming as transport. Use whenever a request mentions OCI Functions, fn deploy, FDK, oci fn invoke, Events rule, eventType, FAAS action, Notifications, ONS topic/subscription, Service Connector Hub, SCH, connector hub, serviceconnector principal, put_messages, TRIM_HORIZON, OCI Streaming Kafka compatibility, Kafka SASL, Kafka Connect, SOC4Kafka, or event-driven/serverless OCI automation. Reads are safe; create/update/invoke go through the shared safety core.

IAM and tenancy administration for any OCI tenancy via oci-cli: users, groups, group memberships, dynamic groups (matching rules), policies (least-privilege review, detect tenancy-wide manage-all grants), compartments (create, move, delete, subtree traversal), budgets and alert rules, quotas, service limits / resource-availability pre-checks, tags (namespaces, defined, freeform, cost-tracking), regions, and Identity Domains vs legacy IAM. Use whenever a request mentions OCI IAM, OCID, compartment, policy, tenancy, dynamic group, budget, quota, service limit, tag namespace, or auth token.

1 hook across 1 event