CtrlK
BlogDocsLog inGet started
Tessl Logo

nicholasjackson/golang-opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA) for writing and enforcing policies across cloud-native stacks, featuring data-driven rules, comprehensions, and 200+ built-in functions for infrastructure, security, and compliance automation.

Overall
score

97%

Overview
Eval results
Files

Evaluation results

96%

-2%

Task: Basic Policy with Test-Driven Development

Criteria
Without context
With context

Test file exists with correct suffix

100%

80%

Test package naming convention

100%

100%

Default deny

100%

100%

Allow rule for approved categories

100%

100%

import rego.v1

100%

100%

Test for allow case

100%

100%

Test for deny case

100%

100%

Tests pass

80%

80%

99%

Task: Role-Based Access Control Policy

Criteria
Without context
With context

Correct package name

100%

100%

Default deny

100%

100%

Data-driven role-permission lookup

100%

100%

user_has_role helper rule

100%

100%

Allow rule uses helper rules

100%

100%

Test package naming convention

100%

100%

Tests for authorized users

100%

100%

Tests for unauthorized users

100%

100%

Tests pass

80%

80%

100%

Task: Kubernetes Admission Control Policy

Criteria
Without context
With context

Correct package name

100%

100%

Multi-value deny rule

100%

100%

Approved registry check

100%

100%

Non-root check

100%

100%

Resource limits check

100%

100%

Test for compliant pod

100%

100%

Tests for non-compliant pods

100%

100%

Tests use with keyword

100%

100%

100%

Task: HTTP API Authorization Policy

Criteria
Without context
With context

No top-level input import

100%

100%

Default deny

100%

100%

Public health endpoint

100%

100%

Data-driven role lookup

100%

100%

Helper rule for permitted methods

100%

100%

Test for public endpoint

100%

100%

Tests for authorized users

100%

100%

Tests for unauthorized users

100%

100%

88%

-4%

Task: Data Validation Policy

Criteria
Without context
With context

Multi-value violations rule

46%

100%

Name required check

100%

100%

Email regex check

100%

100%

Age range check

100%

100%

Role enum check

100%

100%

Test for valid payload

100%

40%

Tests for each violation

100%

40%

100%

Task: Terraform Plan Validation Policy

Criteria
Without context
With context

Input normalization with object.get

100%

100%

Multi-value deny rule

100%

100%

Checks create and update actions

100%

100%

Does not check delete actions

100%

100%

S3 encryption check

100%

100%

Environment tag check

100%

100%

Mock plan in tests

100%

100%

HCP Terraform input test

100%

100%

Install with Tessl CLI

npx tessl i nicholasjackson/golang-opa-rego-language
Evaluated
Agent
Claude Code

Table of Contents

Task: Basic Policy with Test-Driven DevelopmentTask: Role-Based Access Control PolicyTask: Kubernetes Admission Control PolicyTask: HTTP API Authorization PolicyTask: Data Validation PolicyTask: Terraform Plan Validation Policy