1. What is the nature and description of the request?
   Currently, OPA-based policy validation in Ansible Automation Platform 2.5 occurs centrally at job launch time on the control plane. The customer requests the ability to enforce OPA policies directly on execution nodes instead of only at the control plane level. This enhancement would allow instance groups to directly query an OPA server for pre-execution policy checks, enabling enforcement closer to the actual execution of automation.
2. Why does the customer need this? (List the business requirements here)
   The customer is a financial institution operating in a highly regulated environment. They need strict policy enforcement mechanisms to ensure compliance with internal and external regulations. By enabling execution-node-level policy enforcement, they can:
   - Achieve compliance more effectively by enforcing policies closer to execution.

• Scale policy-as-code across multiple infrastructure sectors (networking, servers, cloud, Windows, etc.).
• Allow sector-specific teams to define and manage their own policies while still adhering to centrally defined organizational policies.
• Improve overall governance, security, and compliance posture across their automation environment.

3. How would you like to achieve this? (List the functional requirements here)

• Extend OPA integration so that execution nodes (not just the control plane) can query OPA servers for pre-execution checks.
• Allow both centrally defined policies (set by the AAP administrators) and locally managed policies (defined by individual teams responsible for specific execution node groups) to coexist.
• Provide configuration options for binding execution nodes or instance groups to specific OPA policy servers.
• Ensure policy enforcement is triggered as close as possible to execution, rather than only at job scheduling time.