Is it something like:

fail2ban-regex --out-action 'my-action[prm1="val1",...]' $log $filter

Or:

fail2ban-regex --out-tags $log $filter

Could you provide an example, just for better understanding, what do you mean with supply a function. E. g. something like the command-line you wish.

yes... your suggestion is quite insightful. For me, simple tags which is predefined in action.d could be okay. (specify tag or composite action on shell command line could be quite uncertain since it is bash-ish syntax. we need POSIX-like stuffs. e.g, "xyz", $'\n', blah blah)

Correct me if I am wrong here!

fail2ban-regex --out-action $log $filter $action_conf_file

Although it would be relative easy to implement for some script-actions (but no way for pythonic actions).
Just some tags are depended on the init-arguments specified in jail.conf resp. distribution-related config-files, etc.
The problem thereby - fail2ban-regex should consider all this (exactly the same manner as fail2ban-server, but it is not the server).

we need POSIX-like stuffs

The problem here - you'll then see the pre-substituted scripts only (with interpolated tags), but they are not executed in shell (because otherwise some complex scripts may cause ban or send mail, etc).
Thus the potential wrong shell syntax (like bashism's, invalid command syntax, etc) will be still not recognized.

fail2ban-regex --out-action $log $filter $action_conf_file

Exactly this syntax will be impossible, because it conflicts with 3rd optional argument, which is currently ignore-pattern (it could work as in my example above).

I see... those run-time dependency (or Python-script dependency) tag cannot be decided/finalized by fail2ban-regex moment without truly code execution. In that case, we make requirement simpler, as your suggestion, we specify action (or tag) via shell command parameters, and/or dump tags mentioned in filter config file, which is supplied via shell command as well.

Again, correct me if I am thinking wrong.

Latest version (since d1b7e2b) partially implementing this RFE, so fail2ban-regex is able to dump the tags matched from log/journal.

Examples:

$ fail2ban-regex -r -o row './fail2ban/tests/files/testcase01.log' sshd
[u'failed.dns.ch',      1577789999.0,   {'dns': u'failed.dns.ch', 'users': set([u'kevin']), 'ip6': None, 'user': u'kevin', 'ip4': None, 'mlfid': u' [sshd] '}],
...
['87.142.124.10',       1577789999.0,   {'dns': None, 'users': set([u'kevin']), 'ip6': None, 'user': u'kevin', 'ip4': u'87.142.124.10', 'mlfid': u' [sshd] '}],

$ fail2ban-regex -r -o id './fail2ban/tests/files/testcase01.log' sshd | uniq -c
      3 failed.dns.ch
      3 193.168.0.128
      4 87.142.124.10

$ fail2ban-regex -r -o user './fail2ban/tests/files/testcase01.log' sshd | uniq
kevin

This facilities will be released with 0.10.5 (and 0.11).

#2909 (comment) illustrates some PoC extending fail2ban-regex with a command option.