Skip to content

Support embedded rego #3078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
simonbaird wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Support embedded rego #3078

simonbaird wants to merge 3 commits into from

Conversation

@simonbaird
Copy link
Member

@simonbaird simonbaird commented Jan 19, 2026

It's experimental and wip. Will demo and discuss.

@codecov
Copy link

codecov bot commented Jan 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 70.83333% with 7 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
internal/utils/helpers.go 72.72% 6 Missing ⚠️
internal/evaluator/conftest_evaluator.go 50.00% 1 Missing ⚠️
Flag Coverage Δ
acceptance 56.03% <70.83%> (+0.05%) ⬆️
generative 18.92% <0.00%> (-0.05%) ⬇️
integration 28.39% <4.16%> (-0.06%) ⬇️
unit 67.97% <70.83%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
internal/evaluator/conftest_evaluator.go 88.52% <50.00%> (-0.14%) ⬇️
internal/utils/helpers.go 84.26% <72.72%> (-3.80%) ⬇️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

simonbaird and others added 3 commits January 19, 2026 18:18
@simonbaird @claude
Add support for embedded rego
77f9a06 
The idea is that this provides a way to make common library
functions available to Conforma policies, without needing to fetch
them down as a policy source.

It's kind of experimental currently, but the initial motivation is
to avoid the awkwardness around the way we'd like to make
lib.result_helper availble to users writing their own policies.

If we like the idea, it should be simple enough to extend it to
whatever shared library we'd like to provide. There are pros and
cons with this idea so let's not commit to it fully just yet.

In this commit the only embedded rego is a simple "hello_world"
rule.

Co-Authored-By: Claude <noreply@anthropic.com>
@simonbaird @claude
Add ability to write embeded rego to disk
2e13cf6 
In the previous commit we focus on reading the embded rego files.
Here we're writing it out.

Introduces a reusable utility function that writes embedded rego files
to the filesystem, following the same directory structure pattern used
by external policy sources.

Also, call it to write the embedded rego to disk when preparing the
policy dir for the Conftest evaluator.

The function follows the uniqueDestination pattern where each policy
source gets its own subdirectory, with "embedded" acting as the
identifier for embedded rego files. We're assuming there's only one
embedded directory currently.

Co-Authored-By: Claude <noreply@anthropic.com>
@simonbaird @claude
Add acceptance tests for embedded rego
7103e0d 
This commit includes:
- features/embedded_rego.feature: Gherkin acceptance test scenario
- acceptance/examples/embedded_rego_test.rego: Test policy using ec_lib.hello_world
- acceptance/examples/embedded_rego_config.yaml: Policy configuration

The acceptance test verifies that:
- Embedded rego functions are available in policy evaluation
- The ec_lib.hello_world function works correctly
- Policies can import and use data.ec_lib namespace
- Output contains expected success messages

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size: XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@simonbaird