Compliance cannot be a PDF document sitting on a SharePoint drive. It must be executable code. Pre-Flight Checks embed the Open Policy Agent (OPA) directly into the orchestration layer, turning governance into gates.

OPA runs in-memory within the Orchestrator. Policies are written in Rego and evaluated against every artifact before execution.

If the policy fails, the pipeline halts. No exceptions. No override buttons.

Policies validate both the Artifact (the code diff) and the Intent (the execution flags):

• Artifact Validation: "Does this code diff contain high-entropy secrets?"
• Intent Validation: "Is this Terraform plan attempting to destroy a production database?"

This dual-layer validation catches issues that traditional linters miss.

Cabin Crew ships with built-in policies for common compliance requirements:

• No Secrets: Detects API keys, tokens, and credentials in code
• Cost Control: Rejects infrastructure plans exceeding budget thresholds
• PII Detection: Flags potential GDPR violations in data schemas
• Jira Linking: Requires ticket IDs for all code changes
• Approval Gates: Enforces human review for destructive operations

Extend with custom Rego policies for your specific requirements.

When a policy fails, the Orchestrator can allow the AI Agent to self-correct:

1. Policy fails with a specific error message
2. Orchestrator feeds the failure reason back to the AI Engine
3. Engine generates a revised artifact
4. Policy re-evaluates (up to max-revisions attempts)

This creates a learning loop where AI agents improve through policy feedback, rather than failing outright.