I noticed this today: open-policy-agent/opa#2598

And while it could potentially be done in OPA, this seems like an excellent use-case for Regal. The example rules mentioned in the ticket:

• App repos should not be able to modify the system package except for the system/log/mask decision
• App policy packages must be namespaced under package acmecorp.<app_name>
• App API authorization policies must include a default allow = false rule (any other value is not allowed for the default allow rule)

All seem like they would be quite easy to add as optional, configurable rules. If we want to leave it outside of Regal core, I could see how we could provide these type of rules in an external bundle... but having them packaged would be convenient.

The custom category is now in place, and new rules will make this even easier to do even without writing custom rules (i.e. by providing just configuration). Closing this as completed. If there are common organizational requirements we learn about, let's create issues for those.