Policy-as-code is one of those things that everyone knows should be done, but in practice is rarely implemented. We believe this is caused by the combination of the following 2 factors: - OPA [1] and tools like cloud custodian [2] are cumbersome to set up, so writing even a single policy/ setting it up in your organisation takes a lot of effort. - Each policy project needs to start from scratch because policies aren't re-usable Infrabase checks your infra with an LLM instead of policies directly (currently a combination of gemini-2.5-pro-preview-05-06 and o4-mini). You can write your own policies as natural language [3] prompts to customize behaviour. This is still early: non-determinism and latency are open problems. But for most teams, “some guard-rails today” beats “perfect rego never”, and llm's are only getting better. We'd love your feedback on it! [1] OPA: https://github.com/open-policy-agent/opa [2] Cloud Custodian: https://github.com/cloud-custodian/cloud-custodian [3] Infrabase Rules Repo: https://github.com/diggerhq/infrabase-rules |