All posts
September 12, 20251 min read

I ran `git reset` and my Open Policy Agent rules vanished.

I ran git reset and my Open Policy Agent rules vanished. It wasn’t a bug. It was the wrong workflow. And it cost hours of rebuilding, re-testing, and digging through commit history just to bring security policies back in shape. If you’re managing OPA policies alongside your application code, a careless reset or rebase can mean losing the truth about how your services enforce decisions. Git is an essential tool for source control, but Open Policy Agent carries a different weight. These are live

Free White Paper

Open Policy Agent (OPA) + AWS Config Rules: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

I ran git reset and my Open Policy Agent rules vanished.

It wasn’t a bug. It was the wrong workflow. And it cost hours of rebuilding, re-testing, and digging through commit history just to bring security policies back in shape. If you’re managing OPA policies alongside your application code, a careless reset or rebase can mean losing the truth about how your services enforce decisions.

Git is an essential tool for source control, but Open Policy Agent carries a different weight. These are live rules that guard access, define behavior, and keep systems inside compliance. When policies live as code, they share the same risks as code—destructive resets, force pushes, and merges that trample changes. But unlike application bugs, broken policies can let the wrong request through, or block the right one at the wrong time.

Continue reading? Get the full guide.

Open Policy Agent (OPA) + AWS Config Rules: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

A full git reset --hard on the branch where OPA code lives wipes every local change. Without staging or commits, those rules are gone unless you can recover from stash or history. Even then, merge conflicts can create subtle errors in Rego that pass syntax checks but fail logic. That’s how inconsistent policies creep into production.

The safest way to guard against policy loss is to treat OPA repositories like critical infrastructure. Never reset without a safe branch checked out. Use atomic commits for each policy change. Review diffs using tools that show Rego-specific logic shifts, not just generic source changes. Automate tests for every policy rule and enforce continuous integration gates so that accidental rollbacks or erasures don't slip through.

Better still—move toward environments where policy updates can be previewed, tested, and safely rolled out without the danger of local git missteps. Systems that watch and apply policy changes in real time, with automatic versioning and rollback, turn the problem on its head. You stop worrying about loss and start focusing on clarity and correctness.

You can see that safety in minutes with hoop.dev. It makes OPA edits, updates, and rollbacks fast, visible, and safe—no matter what’s in your git history.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts