If you follow the suggested gitops flow, you have to have two policy files committed

[dlacosteGFM]

This one is fairly simple and isn't a "bug" but more of a "how best should the tool be utilized?"

If I use the gitops workflow as suggested:

• policy.hujson is committed
• acls/* is committed
  • tailscale-acl-combiner -allow acl -d acls -f policy-base.hujson -o policy-combined.hujson is the combine command
• I need to commit the combined file per the workflow
  • policy.hujson must exist without the contents of the acl directory due to the duplicates-on-merge situation
  • therefore I must commit policy-combined.hujson

I think this might be an acceptable tradeoff, but it sure is counter-intuitive: if a change needs to be made to policy.hujson (i.e. one of the fields which is not supported in a child file) then I need to not make that change to policy.hujson (which is the file which will actually be used for applying my change.)

I could make a stab at a documentation improvement PR if this sounds like the intended goal :)