Configuration review
Read bucket policies, ACLs, encryption, and public-access settings, then flag the risky combinations.
Tauri desktop app
A local desktop app that puts an agent to work on your S3-compatible storage — reviewing configuration, analyzing logs, and triaging errors, all read-only and on your machine.
Check prod-assets for public exposure
policy statement AllowPublicList → s3:ListBucket for *. Evidence: policy.json line 12.
Desktop agent app
Storage Agent Workbench is a local desktop app: point it at an S3-compatible account, and an agent runs read-only investigations — configuration review, log and inventory analysis, error triage, and cost profiling — with the evidence kept on your machine.
What it investigates
Read bucket policies, ACLs, encryption, and public-access settings, then flag the risky combinations.
Import access logs and inventory locally, then let DuckDB answer questions about usage and access.
Bring a failing request or error and the agent narrows it to a cause with the evidence attached.
See where storage and requests concentrate, so cleanup and tiering target the right prefixes.
How a session runs
Add read-only credentials for an S3-compatible account; they stay in the app on your machine.
Point it at inventory or access-log exports, or read live metadata — read-only, never writing back.
The agent plans an investigation, runs the analysis in DuckDB, and threads its findings in the session.
Every finding links back to the log rows or configuration it came from, so you can verify before acting.
FAQ
No. Credentials, imported evidence, and analysis stay local. The workbench is built to investigate without moving data out.
StorageOps gives an existing agent (Pi) storage skills; Storage Agent Workbench is a self-contained desktop app that runs the investigation on its own.
No. Investigations are read-only by design. It reads configuration, logs, and metadata and leaves the account untouched.
It is a Tauri desktop app for macOS, Windows, and Linux. The project is Apache-2.0.