CtrlK
BlogDocsLog inGet started
Tessl Logo

nicholasjackson/opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.

99

1.19x

Quality

Pending

Does it follow best practices?

Impact

99%

1.19x

Average score across 31 eval scenarios

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

rubric.jsonevals/scenario-13/

{
  "context": "Evaluates whether the agent applies the two cross-cutting Terraform IaC patterns that appear in every policy: using import rego.v1 (not import future.keywords) and normalizing input with tfplan := object.get(input, \"plan\", input) so the policy works with both raw Terraform and HCP Terraform/Enterprise input structures. These criteria are tested here and excluded from all other terraform IaC scenarios to avoid inflating their scores.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "import rego.v1",
      "description": "The policy uses `import rego.v1` (not `import future.keywords` or no import at all)",
      "max_score": 37
    },
    {
      "name": "object.get input normalization",
      "description": "The policy defines `tfplan := object.get(input, \"plan\", input)` as a package-level rule and uses `tfplan.resource_changes` throughout — never `input.resource_changes` directly. This ensures the policy works with both raw Terraform and HCP Terraform/Enterprise input structures.",
      "max_score": 38
    },
    {
      "name": "Tests pass",
      "description": "All tests pass when running `opa test . -v`",
      "max_score": 25
    }
  ]
}

evals

scenario-13

rubric.json

task.md

README.md

rules.md

tile.json