OCPA is the system of record for AI tool risk. It inventories tools, agents, MCP servers, and NHIs; enforces decisions with OPA; and captures audit-ready evidence (ABOM, decisions, approvals, metrics, traces). The focus is AI security first, with a clear path to ingest adjacent security signals over time.

• Create a system of record for AI tool risk (inventory + decision ledger).
• Enforce policy and approvals for high-risk actions.
• Prove compliance with ABOM, policy baselines, and evidence packs.
• Expand later via integrations (SIEM, ITSM, GRC) without diluting the AI-security wedge.

• OPA policy gate for tool calls, registry mutations, and MCP usage.
• Unified risk ledger for tool calls, registry changes, MCP usage, and approvals.
• ABOM generation from config and registered tools/agents.
• Redaction by JSONPath-like paths and sensitive field names.
• Structured audit events (stdout/file/webhook).
• AI-security-first control plane with API-first integrations for Grafana/SIEM/ITSM.
• JWT/JWKS auth, RBAC (incl. NHI roles), agent blocklist, rate limiting.
• OpenTelemetry spans per tool call + Prometheus metrics.
• Dry-run mode + policy scenario harness for change control.
• Demo scripts, Docker Compose, and Helm chart for deployment.

• AI tool inventory and ownership tracking across teams.
• Policy enforcement and approvals for high-risk actions.
• MCP server allowlists and NHI governance.
• Audit-ready evidence packs for compliance and incident response.

1. SDK/API receives a tool call or registry/MCP mutation.
2. OPA evaluates policy with context (env, roles, ticket, approvals).
3. The call is allowed/denied and payloads are redacted.
4. Audit events, metrics, and traces are emitted into the system of record.

Requirements: Python 3.12+ (OpenSSL build recommended) and OPA. Docker is optional.

pip install -r requirements.txt
opa run --server --addr :8181 policies &
uvicorn example_app.api:app --host 0.0.0.0 --port 8000

Note: if you are running OPA v1.x, add --v0-compatible until policies are migrated to Rego v1 syntax.

Call a tool:

curl -X POST http://localhost:8000/invoke \
  -H "Content-Type: application/json" \
  -d '{"tool_id":"get_customer_profile","input":{"customer_id":"123"},"context":{"env":"dev"}}'

Open the web console: http://localhost:8000/ui (ledger/approvals/evidence require admin JWT).

Run policy scenarios:

python scripts/ocpa_cli.py run-policy-scenarios \
  --file observability/policy_scenarios.json \
  --opa-url http://localhost:8181

Run checks:

make lint
make test

• make demo runs OPA + approval stub + API in the background and waits for /health.
• Demo startup seeds deterministic audit events into /tmp/ocpa-audit.log (disable with OCPA_DEMO_SEED=false).
• If OPA isn't installed, the demo will download it automatically (requires curl or wget).
• make demo-calls runs the curated curl flow.
• make demo-stop stops the demo background processes (OPA + approval stub).
• make demo-seed re-seeds the demo audit log on demand.
• The demo shows: read-only allow (dev), high side-effect deny in prod without ticket, high side-effect allow in non-prod with ticket (approval stub enabled), registry create with admin JWT/role, MCP usage deny in prod without ticket.
• Inspect the audit ledger (stdout or /tmp/ocpa-audit.log) and generate an evidence pack.

• Tool calls: POST /invoke
• Health/metrics: GET /health, GET /metrics
• Registry: GET/POST /registry/tools, GET/POST /registry/agents (update/delete supported)
• MCP inventory: GET/POST /mcp/servers, POST /mcp/usage, GET /mcp/usage
• Web console: GET /ui (ledger/approvals/evidence via /ui/ledger, /ui/approvals, /ui/evidence-pack)
• Risk summary: GET /risk/summary (counts derived from audit events)
• OpenAPI spec: docs/openapi.json (YAML: docs/openapi.yaml, download via /ui/openapi, regenerate with make openapi)
• See docs/postman/README.md for setup and docs/postman/ocpa.postman_collection.json for ready-to-run requests.

See docs/configuration.md for the full list. Key env vars:

• OPA_URL, OCPA_ENV, OCPA_CONFIG_PATH, OCPA_ABOM_OUTPUT
• OCPA_JWT_SECRET, OCPA_JWKS_URL, OCPA_JWT_AUDIENCE, OCPA_JWT_ISSUER, OCPA_JWT_CLAIMS_MODE
• OCPA_ADMIN_ROLE, OCPA_ROLE_CLAIM, OCPA_REGISTRY_PATH
• OCPA_AUDIT_ENABLED, OCPA_AUDIT_SINKS, OCPA_AUDIT_WEBHOOK_URL
• OCPA_REQUIRE_APPROVAL, OCPA_APPROVAL_WEBHOOK
• OCPA_RATE_LIMIT_MAX, OCPA_RATE_LIMIT_WINDOW

• Tool policy (policies/tool_allow.rego): read-only allowed everywhere; high side-effect allowed only in non-prod with a ticket; redactions always returned.
• Registry policy (policies/registry_allow.rego): admin role required; prod mutations require ticket.
• MCP policy (policies/mcp_allow.rego): allowlist + scopes; prod requires ticket.

• Prometheus metrics at /metrics.
• OTEL spans for each tool call (ocpa.tool_call).
• Grafana/Loki/Tempo examples in observability/.

• Docker Compose: docker-compose up --build
• Helm chart: see charts/ocpa/README.md and charts/ocpa/values-prod.example.yaml.

• Docs index: docs/README.md
• Configuration reference: docs/configuration.md
• CISO brief: docs/ciso-brief.md
• First 30 minutes: docs/first-30-minutes.md
• IR cheat sheet: docs/ir-cheatsheet.md
• Product brief: docs/product-brief.md
• 90-day roadmap: docs/roadmap-90d.md
• Runbook: docs/runbook.md
• Release checklist: docs/release-checklist.md
• Threat model: docs/threat-model.md
• Postman collection: docs/postman/README.md

See CONTRIBUTING.md and CODE_OF_CONDUCT.md.

See SECURITY.md.

Apache-2.0 in LICENSE.