Given the RoA badge has already rolled out and eligibility is being applied inconsistently, my 2c would be this:
- If it’s a Forge app make it RoA-eligible regardless of egress. This aligns Atlassian’s short-term incentive goal of pushing developers to migrate their Connect apps.
- Proxy and log all egress in an admin dashboard. Allow developers to add metadata directly in the fetch request to specify what/why that data egress does and whether it can be blocked or not by admins.
That provides admins with data flow transparency which they can verify in a sandbox. And it allows the developer to clearly explain what/why there is data egress, while preventing any functionally necessary egress from being blocked by admins.
Then replace RoA badge with something else once everyone has migrated.