Unit 1: Open Policy Agent (OPA) — Rego policy evaluation at SYN time

## Scope
Evaluate OPA Rego policies at connection time (SYN). Enterprises already write Rego policies for Kubernetes admission, Envoy, and Terraform — same language for Pilot.

## Deliverables
- OPA integration point at daemon SYN handler
- Policy input: source node (address, tags, networks), destination node, destination port
- Policy decision: allow/deny with reason
- Policy bundle loading from file or HTTP endpoint
- Hot-reload: policy changes take effect without daemon restart
- Example policies: backend→database on port 5432, frontend→API on 80/443, monitoring→anything on 9090

## Files
- `pkg/daemon/policy.go` — OPA evaluator
- `pkg/daemon/daemon.go` — SYN handler integration
- `tests/` — policy evaluation tests

## Priority: HIGH

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unit 1: Open Policy Agent (OPA) — Rego policy evaluation at SYN time #46

Scope

Deliverables

Files

Priority: HIGH

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unit 1: Open Policy Agent (OPA) — Rego policy evaluation at SYN time #46

Description

Scope

Deliverables

Files

Priority: HIGH

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions