MCPMarketplace.dev — Coming Soon. The central directory for production MCP servers. This server will be listed at launch.

Oracle OCI Context MCP Server

Production-ready, multi-tenant Model Context Protocol (MCP) server for Oracle Cloud Infrastructure. Gives AI agents (Claude, Cursor, VS Code, OCI GenAI) secure, natural-language access to any OCI tenancy — 69 tools across 22 services.

Part of the OkOCI Platform: MCP Context → Inference Gateway (NVIDiOCI) → Deployment CLI (OkOCI Deploy).

Quickstart — Local (Claude Desktop / Cursor / VS Code)

uvx oci-context-mcp --print-config

Prints the ready-to-paste mcpServers block:

{
  "mcpServers": {
    "oci": {
      "command": "uvx",
      "args": ["oci-context-mcp", "--transport", "stdio"],
      "env": {
        "OCI_COMPARTMENT_ID": "ocid1.compartment.oc1...",
        "OCI_REGION": "us-phoenix-1"
      }
    }
  }
}

Requires uv (brew install uv). Uses ~/.oci/config automatically.

Platform Vision

AI Agent (Claude, Cursor, OCI GenAI, LangChain)
    |
    v
MCP Server  [this repo]
    Context layer: reads OCI state across 22 services
    Gives the AI eyes on the infrastructure
    |
    v
NVIDiOCI Inference Gateway  [roadmap]
    Brain layer: NVIDIA NIM + Oracle GenAI routing
    Generates structured deployment plans
    |
    v
OkOCI Deploy CLI  [roadmap]
    Execution layer: provisions OCI resources
    Deploys websites, APIs, containers from AI-generated plans

One user account, one cross-tenancy IAM policy, spans all three layers.

ARCSEM Stack

Tool Inventory — 69 Tools, 22 Services

* tools support compartment_scope: single | recursive | tenancy

Docker Deployment

# Build ARM64 image (matches OCI free tier A1.Flex shape)
export OCIR_NAMESPACE=$(oci artifacts container configuration get-namespace \
  --compartment-id $OCI_COMPARTMENT_ID --query 'data.namespace' --raw-output)

./scripts/push_to_ocir.sh

# Deploy infrastructure
cd infra
cp terraform.tfvars.example terraform.tfvars  # fill in your values
terraform init
terraform apply

Terraform provisions the full ARCSEM stack in one apply:

• Container Instance (ARM64, private subnet)

• API Gateway (public HTTPS endpoint)

• NSG (port 8000 from API Gateway subnet only)

• Log Group + Monitoring alarm

Multi-Tenant SaaS (Roadmap)

The server is being extended to a multi-tenant hosted platform. Users connect their OCI tenancy via one cross-tenancy IAM policy — no API keys are ever stored.

Onboarding flow (coming):

1. User registers at okoci.dev (email + tenancy OCID)
2. System generates their tenant ID
3. User runs one IAM policy in their tenancy:
     Allow dynamic-group <okoci-dg-ocid> to read all-resources in tenancy
4. System probes and confirms access
5. User receives API key for the MCP endpoint

See docs/Main/ARCHITECTURE.md for the full SaaS architecture.

Connecting OCI Generative AI Agent

1. Push image to OCIR and run terraform apply

2. In OCI Console: Generative AI > Agents > Create agent

3. Add tool: Custom > Model Context Protocol

4. Set Remote MCP Server URL to terraform output mcp_server_url

5. Authentication: Instance Principal

Authentication

Instance Principal (OCI hosted — recommended): Automatic, keyless. The Container Instance assumes the dynamic group role.

Config file (local development): Falls back to ~/.oci/config automatically.

Environment Variables

Roadmap

Current — v2.5 (Single-Tenant)

• 69 tools across 22 OCI services

• STDIO transport — Claude Desktop, Cursor, VS Code

• HTTP transport — Docker, Container Instance

• ARCSEM stack — full Terraform IaC

• ARM64 Docker image — OCI free tier compatible

• API Gateway — public HTTPS, private CI

v3.0 — Multi-Tenant SaaS

• Per-request OCIAuthManager (cross-tenancy signer)

• Tenant registry (OCI Autonomous DB)

• API key service (issuance, rotation, revocation)

• Landing page + sign-up flow

• JWT auth policy on API Gateway

• Per-tenant rate limiting

• Usage dashboard

v3.5 — NVIDiOCI Inference Integration

• MCP tool: route_inference() — call NVIDiOCI gateway from MCP context

• OCI state snapshot passed to inference request

• NVIDIA NIM + Oracle GenAI routing

• Structured deploy plan output format

v4.0 — OkOCI Deploy CLI

• CLI consumes NVIDiOCI deploy plan JSON

• Provisions OCI resources via Terraform + OCI SDK

• Website, API, container deployment targets

• Rollback support

• Plugs into existing ARCSEM stack

F4 — Write Operations (parallel track)

• Write tools with confirmation + rollback

• start/stop compute instances

• create/delete buckets

• scale OKE node pools

Security

• Instance Principal auth — no credentials stored or transmitted

• Cross-tenancy IAM — user controls access, revokes by deleting one policy

• Private subnet — Container Instance has no public IP

• API Gateway — single public ingress, CORS locked to gateway hostname

• NSG — port 8000 accessible only from API Gateway subnet

• OCI Vault — secrets never in environment variables in production

• Telemetry — local JSONL only, no data leaves the host

Contributing

See CONTRIBUTING.md. For questions: denn.stewartjr@gmail.com

License

MIT

Disclaimer

This project is not affiliated with or endorsed by Oracle Corporation. "Oracle", "OCI", and "Oracle Cloud Infrastructure" are trademarks of Oracle Corporation. "NVIDIA" and "NIM" are trademarks of NVIDIA Corporation.