Built this as a narrow local validation layer, not a full autonomy stack or general policy platform.

The core loop is proposed action or telemetry in, local policy check, ALLOW/DENY out, replayable artifact written, then execution continues only if allowed.

  The current repo/demo is intentionally small and meant to make that loop inspectable. It shows one allowed event, one denied event, local artifact files created, and one artifact opened for inspection.

  The questions I’m most interested in are whether this makes sense as a separate layer, where it fits best in a real system, and where people would say “just keep this inside the app/service” or “why not use OPA?