CtrlK
BlogDocsLog inGet started
Tessl Logo

nicholasjackson/opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.

99

1.19x

Quality

Pending

Does it follow best practices?

Impact

99%

1.19x

Average score across 31 eval scenarios

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

rubric.jsonevals/scenario-11/

{
  "context": "Evaluates whether the agent uses rego.metadata.rule() to access rule annotations at runtime and embeds the severity from custom metadata into the structured violation output.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "import rego.v1",
      "description": "The policy file includes `import rego.v1`",
      "max_score": 10
    },
    {
      "name": "METADATA block with custom.severity",
      "description": "The deny/violations rule has a `# METADATA` annotation block with a `custom: severity:` field",
      "max_score": 20
    },
    {
      "name": "Uses rego.metadata.rule() at runtime",
      "description": "The rule body calls `rego.metadata.rule()` (or `rego.metadata.chain()`) to read its own annotation at evaluation time",
      "max_score": 35
    },
    {
      "name": "Violation is a structured object with severity",
      "description": "The violation output is a structured object containing both a `message` field and a `severity` field populated from the runtime annotation (not hardcoded)",
      "max_score": 25
    },
    {
      "name": "Tests pass",
      "description": "All tests pass when running `opa test . -v`",
      "max_score": 10
    }
  ]
}

evals

scenario-11

rubric.json

task.md

README.md

rules.md

tile.json