Verdict brings OPA to agents

The core idea is right: prompts should guide behavior, but policy needs to sit at the execution boundary if you actually care about safety, auditability, and repeatability.

• –Runtime interception is the real control point for agentic systems; once tools are in play, “please don’t do that” is not a security model.
• –Rego/OPA is a strong fit for teams that want versioned, reviewable policy-as-code instead of scattered hardcoded checks.
• –The `require changes` path is the most interesting part because it gives agents a chance to repair bad calls instead of just failing closed.
• –YAML-to-Rego lowers the barrier, but the product will be won or lost on policy ergonomics, debugging, and latency under real tool traffic.
• –For local and self-hosted agents, the sidecar/gateway pattern is compelling because it keeps the model flexible while making enforcement deterministic and inspectable.