Rather that dismiss this Proof-of-Concept as a “toy”, I think it’s useful to step back and ask whether all of those things (validation, authorization, authentication, auditing) require lots and lots of code to express, or if they could also fit into a single YAML file approach.