feat: add disable requirements auto matching setting

app/cli/cmd/organization_update.go

@@ -26,6 +26,7 @@ func newOrganizationUpdateCmd() *cobra.Command {
 		blockOnPolicyViolation          bool
 		policiesAllowedHostnames        []string
 		preventImplicitWorkflowCreation bool
+		disableRequirementsAutoMatching bool
 	)
 
 	cmd := &cobra.Command{
@@ -45,6 +46,10 @@ func newOrganizationUpdateCmd() *cobra.Command {
 				opts.PreventImplicitWorkflowCreation = &preventImplicitWorkflowCreation
 			}
 
+			if cmd.Flags().Changed("disable-requirements-auto-matching") {
+				opts.DisableRequirementsAutoMatching = &disableRequirementsAutoMatching
+			}
+
 			_, err := action.NewOrgUpdate(ActionOpts).Run(cmd.Context(), orgName, opts)
 			if err != nil {
 				return err
@@ -62,5 +67,6 @@ func newOrganizationUpdateCmd() *cobra.Command {
 	cmd.Flags().BoolVar(&blockOnPolicyViolation, "block", false, "set the default policy violation blocking strategy")
 	cmd.Flags().StringSliceVar(&policiesAllowedHostnames, "policies-allowed-hostnames", []string{}, "set the allowed hostnames for the policy engine")
 	cmd.Flags().BoolVar(&preventImplicitWorkflowCreation, "prevent-implicit-workflow-creation", false, "prevent workflows and projects from being created implicitly during attestation init")
+	cmd.Flags().BoolVar(&disableRequirementsAutoMatching, "disable-requirements-auto-matching", false, "disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used")
 	return cmd
 }

app/cli/documentation/cli-reference.mdx

@@ -2763,6 +2763,7 @@ Options
 
 ```
 --block                                set the default policy violation blocking strategy
+--disable-requirements-auto-matching   disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used
 -h, --help                                 help for update
 --name string                          organization name
 --policies-allowed-hostnames strings   set the allowed hostnames for the policy engine

app/cli/pkg/action/org_update.go

@@ -33,6 +33,7 @@ type NewOrgUpdateOpts struct {
 	BlockOnPolicyViolation          *bool
 	PoliciesAllowedHostnames        *[]string
 	PreventImplicitWorkflowCreation *bool
+	DisableRequirementsAutoMatching *bool
 }
 
 func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdateOpts) (*OrgItem, error) {
@@ -42,6 +43,7 @@ func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdat
 		Name:                            name,
 		BlockOnPolicyViolation:          opts.BlockOnPolicyViolation,
 		PreventImplicitWorkflowCreation: opts.PreventImplicitWorkflowCreation,
+		DisableRequirementsAutoMatching: opts.DisableRequirementsAutoMatching,
 	}
 
 	if opts.PoliciesAllowedHostnames != nil {

app/controlplane/api/controlplane/v1/organization.proto

@@ -99,6 +99,9 @@ message OrganizationServiceUpdateRequest {
 
   // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles)
   optional bool restrict_contract_creation_to_org_admins = 6;
+
+  // disable_requirements_auto_matching disables automatic matching of policies to requirements
+  optional bool disable_requirements_auto_matching = 7;
 }
 
 message OrganizationServiceUpdateResponse {

app/controlplane/api/controlplane/v1/response_messages.proto

@@ -283,6 +283,8 @@ message OrgItem {
   bool prevent_implicit_workflow_creation = 7;
   // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles)
   bool restrict_contract_creation_to_org_admins = 8;
+  // disable_requirements_auto_matching disables automatic matching of policies to requirements
+  bool disable_requirements_auto_matching = 9;
 
   enum PolicyViolationBlockingStrategy {
     POLICY_VIOLATION_BLOCKING_STRATEGY_UNSPECIFIED = 0;