oci-administrator

Read-only OCI IAM posture snapshot — compartments, policies, broad grants, users without MFA.

Manage friendly OCI contexts (name -> profile + compartment + region) so you never paste OCIDs.

Read-only OCI cost, usage, and budget summary — spend by service plus configured budgets.

Read-only OCI Data Safe overview — registered targets + latest security-assessment state.

Search the OCI skill pack's KB for a known fix before debugging from scratch.

Cost, usage, and budget reporting (FinOps) for any OCI tenancy via oci-cli: spend grouped by service / compartment / region over a time window using the Usage API, budgets and alert rules (limit vs actual vs forecast), cost-tracking tags, and guardrail recommendations. Use whenever a request mentions OCI cost, spend, billing, invoice, usage, Usage API, budget, forecast, cost alert, FinOps, "what is this tenancy costing", or cost-tracking tags. Read-only by default; for creating budgets it defers to oci-iam-admin.

OCI security and compliance operations for administrators: Cloud Guard targets, detector/responder recipes and problems; Vault/KMS key and secret create, read (base64-decode), rotation and the oci-vault:// env-resolver; Security Zones; WAF web-app-firewall policies with SQLi/XSS/rate-limit BLOCK rules attached to a load balancer; Audit event queries; CIS / ISO-42001 / sovereignty / NIS2 compliance scanning; IAM least-privilege policy review; and secrets redaction. Trigger for oci-cli, Cloud Guard, Vault, KMS, WAF, Security Zones, Audit, CIS, compliance, or secret-handling tasks in an OCI tenancy.

OCI Data Safe administration via oci-cli and the OCI SDK: target-database registration (Autonomous and Base DB / Exadata cloud service), Data Safe private endpoints, Security Assessment and User Assessment, Activity Auditing (scim_query time filters), Data Discovery (sensitive data models), and Data Masking. Use whenever a request mentions OCI Data Safe, target database registration, Data Safe private endpoint, security assessment, user assessment, activity auditing, audit policy/retention, sensitive data discovery, data masking, or a database NEEDS_ATTENTION / ORA-01017 in Data Safe. Assessments are read; registration/masking/audit-policy changes go through the safety core.

Generic, tenancy-agnostic Oracle Cloud Infrastructure (OCI) administration skill. Use whenever the user asks to administer, audit, configure, provision, inspect, secure, or troubleshoot an OCI tenancy — IAM (users, groups, dynamic groups, policies, compartments, budgets, quotas, service limits, tags), Security & Compliance (Cloud Guard, Vault/KMS, Security Zones, WAF, CIS / ISO-42001 scanning, policy review), Observability & Database (APM, Log Analytics, Monitoring, alarms, Database Management, Operations Insights), or Networking & Compute (VCN, subnets, NSGs, route tables, load balancers, OKE, compute instances, OCIR). Triggers on mentions of OCI, oci-cli, OCID, compartment, tenancy, IAM policy, Cloud Guard, Vault, WAF, OKE, VCN, NSG, Log Analytics, OCL, Logan, log query, APM, service limits, cost, usage, spend, budget, billing, Usage API, FinOps, DBM, OPSI, Data Safe, Resource Manager, ORM, Terraform stack, Functions, Events, Notifications, Service Connector Hub, serverless, or ~/.oci/config. Use this as the **default entry point for OCI infrastructure / control-plane tasks** — it then routes deep OKE day-2 (GVA, Multus, cluster troubleshooting), OCI Generative AI / Enterprise AI, and in-database work to the official oracle/skills collection (see references/oracle-skills-alignment.md). This is the tenancy-agnostic admin pack; for the OCI-DEMO component system use oracle-oci-management instead.

Oracle Autonomous Database lifecycle and application connectivity via oci-cli and python-oracledb. Use when the user manages an ADB/ADW/ATP instance (start/stop/restart, scale ECPU/storage, enable auto-scaling), works with its wallet (generate-wallet, rotate wallet, mTLS vs TLS, TNS_ADMIN), tunes the access-control IP allowlist, clones or restores it, or connects an application (DSN service levels _high/_medium/_low/_tp, connection pooling, SQLAlchemy `oracle+oracledb://`, Alembic migrations, private-endpoint DSNs). Triggers: generate ADB wallet, rotate wallet, start/stop/scale Autonomous Database, whitelisted-ips / ACL, connect to ADB, TNS_ADMIN, oracledb thin/thick, SQLAlchemy Oracle URL, Alembic upgrade on Oracle, ORDS, run/execute SQL on ADB, SQLcl, blocking sessions, wait events, top SQL, SQL plan, DBMS_XPLAN. Mentions Autonomous Database, ADB, ADW, ATP, wallet, cwallet.sso, ewallet, DSN, oracledb, cx_Oracle, SQLcl, V$SESSION, in-DB diagnostics.

1 hook across 1 event