on the dynamic decision part, one thing we were able to do in opa is to take in a full json object into rego and make allow/deny decision based on the json data. if we have similar flexibility in authzed with more standard scripts like a lua would be a nice to have...