Rego Syntax Guide

package app.auth

import data.roles
import data.helpers as H

default allow = false

allow if {
  input.user == "admin"
} else if {
  input.action == "read"
}

default allow = false

allow(u, a) := true if {
  u == "admin"
} else if {
  a == "read"
}

# Set membership
my_ids[id] if {
  id := input.items[_].id
  id > 1000
}

# Object construction
user_roles[uid] := role if {
  role := data.roles[uid]
}

allowed_names := [n | u := input.users[_]; u.allowed; n := u.name]
project_ids   := {p | p := input.projects[_].id}
role_by_user  := { u.id: u.role | u := input.users[_] }

some i
not blocked[i]

every u in input.users { u.active }

x := input.value
x in [1,2,3]
count(input.items) >= 5

total := price * quantity + tax
ok if input.age >= 18 and not input.banned

v1 := input.user.name
v2 := data.groups["admins"].members
r  := helper.add(2,3)

allow with data.now as "2025-06-01T00:00:00Z"

a := [1,2,3]
o := {"x":1, "y":2}
s := {1,2,3}

n := 42
s := "hello"
t := true
z := null

some i in input.items
input.items[i].active

every u in input.users {
  u.age >= 18
}

deny if {
  not input.authenticated
}

"admin" in input.user.roles

n := count(input.items)
sum_ok := sum([1,2,3]) == 6
min_val := min([4,9,1])

array.slice([1,2,3,4], 1, 3)  # [2,3]

u := union({{1,2},{2,3}})

ks := object.keys({"a":1,"b":2})

ok := contains("hello world", "world")

cl := ceil(3.2)  # 4

ts := time.parse_rfc3339_ns("2024-01-01T00:00:00Z")

j := json.marshal({"x":1})

regex.match(`^\\d+$`, "12345")

semver.is_valid("1.2.3")

signer := newton.crypto.ecdsa_recover_signer(signature, message_hash)

signer := newton.crypto.ecdsa_recover_signer_personal(signature, message)

package auth

default allow = false

allow if {
    signer := newton.crypto.ecdsa_recover_signer(input.intent_signature, input.intent_hash)
    signer == input.from
}