Status: Planned

Policies — How it would work

Problem & goals

  • Enforce guardrails before apply with clear feedback loops and auditability.

User journeys

  • Define policy packs; attach to prefixes/units.
  • On apply, evaluate policies; block or allow with rationale.
  • Review policy outcomes in CLI/UI; override with audit (role-limited).

High-level design

  • Policy engine abstraction (OPA/Sentinel-like); pluggable implementations.
  • Inputs: plan JSON, metadata, RBAC context; outputs: pass/fail, reasons.
  • Storage: policy definitions and results tracked alongside the system unit or dedicated state files.

Shapes (provisional)

  • API: CRUD policies; evaluate on run submission; results summarized on run object.
  • CLI: taco policy pack ...; taco run apply surfaces failures inline.

Open questions

  • Policy language choice(s) and bundle distribution.
  • Exception handling and scoped overrides.
Note: Subject to change; no timelines implied.