1. 8

  2. 2

    I think those policy statements should go in a configuration file

    1. 3

      They technically are in a config file, that file just happens to be procedural JavaScript in an isolated context instead of a declarative language. It’s completely isolated from the rest of the application.

      1. 1

        I too prefer things like this as (analysable) static configuration, but I guess so long as the config-as-js is simply run and its output recorded, rather than it being kept alive while the app runs and messing with it at run-time, it should be fine?