Skip to main content

Custom policies

All built-in rules live in policy/ as standard Rego files. To add your own:

1. Write a rule

# my-policies/main/custom.rego
package main

import future.keywords.contains
import future.keywords.if

deny contains msg if {
    not input.processors.filter
    msg := "CUSTOM-001: filter processor is required by our platform team."
}

2. Run augur with `--policy`

augur --policy ./my-policies config.yaml

Custom policies are merged with the built-in rules — your rules run alongside every default check.

Rule conventions

deny contains msg — blocking rule, fails the run
warn contains msg — advisory rule, reported but non-blocking
Prefix message IDs with your own namespace (e.g. ACME-001) to avoid colliding with augur's OTEL-* IDs
Keep messages actionable: state what's wrong AND what to do about it

Testing your rules

Rego ships with a built-in test runner. Put tests next to your rules:

# my-policies/main/custom_test.rego
package main

test_custom_001_denies_missing_filter if {
    result := deny with input as {"processors": {}}
    count(result) == 1
}

Run them with:

opa test my-policies/

1. Write a rule
2. Run augur with --policy
Rule conventions
Testing your rules