You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Extend the policy system to support LLM-evaluated "soft policies" alongside existing OPA/Rego hard policies. Some rules are too semantic to express in Rego — soft policies let you express intent in natural language.
Configuration
.docstore/policy/no_breaking_changes.agent.yaml:
name: no_breaking_changesmodel: claude-haiku-4-5cache: on_diff_hash # cache result, invalidate on new commitsprompt: | Review this diff. Does it introduce any breaking changes to the public API (removed exports, changed signatures, removed fields)? Respond with JSON: {"allow": false, "reason": "..."} or {"allow": true}
Files ending in .agent.yaml are loaded alongside .rego files by the policy engine.
On evaluation, runs the LLM with the diff + relevant context from assembleMergeInput()
Parses {"allow": bool, "reason": string} response
Returns same PolicyResult shape as Rego policies
Result cached on diff hash to avoid redundant calls
Why
Rego can only express rules over structured data. Semantic rules — "no breaking API changes", "matches our style guide", "safe to deploy on Fridays" — require judgment that LLMs handle well but Rego cannot encode. Soft policies fill this gap while integrating seamlessly with the existing policy evaluation and merge flow.
Scope
Policy engine: detect and load .agent.yaml policy files
Overview
Extend the policy system to support LLM-evaluated "soft policies" alongside existing OPA/Rego hard policies. Some rules are too semantic to express in Rego — soft policies let you express intent in natural language.
Configuration
.docstore/policy/no_breaking_changes.agent.yaml:Files ending in
.agent.yamlare loaded alongside.regofiles by the policy engine.How it works
.agent.yamlfiles alongside.regofilesassembleMergeInput(){"allow": bool, "reason": string}responsePolicyResultshape as Rego policiesWhy
Rego can only express rules over structured data. Semantic rules — "no breaking API changes", "matches our style guide", "safe to deploy on Fridays" — require judgment that LLMs handle well but Rego cannot encode. Soft policies fill this gap while integrating seamlessly with the existing policy evaluation and merge flow.
Scope
.agent.yamlpolicy filesPolicyResultmapping(policy_name, diff_hash)BranchStatusResponsewith atype: "soft"marker