akua trace
Planned
Explain the evaluation path of a policy query. Useful for debugging "why did this rule deny?" or "why didn't this rule fire?"
akua trace <query> [flags]Passes through OPA's --explain with structured output.
Flags
| flag | description | |||
|---|---|---|---|---|
--input=<file> | input document for the query | |||
| `--depth=<notes\ | fails\ | full\ | debug>` | trace verbosity (default fails) |
--data=<dir> | policy bundle directory (default: current workspace) |
Example
$ akua trace 'data.akua.policies.production.deny' --input=./deploy/api.yamlEVAL data.akua.policies.production.deny
EVAL input.resource.kind == "Deployment" TRUE
EVAL not input.resource.metadata.labels["team"] TRUE
EVAL msg := "production Deployments must have a team label"
ALLOW deny[msg] evaluated to {"production Deployments must have a team label"}