docs/projects/regal/index.md
import Intro from '@site/src/components/projects/regal/Intro';
<!-- markdownlint-disable MD025 -->Regal is a linter and language server for Rego, making your Rego magnificent, and you the ruler of rules!
With its extensive set of linter rules, documentation and editor integrations, Regal is the perfect companion for policy development, whether you're an experienced Rego developer or just starting out.
<!-- markdownlint-disable MD033 --><Intro image={require('./assets/regal-banner.png').default}/>
<!-- markdownlint-disable MD041 -->I really like that at each release of Regal I learn something new! Of all the linters I'm exposed to, Regal is probably the most instructive one.
— Leonardo Taccari, NetBSD
Reviewing the Regal rules documentation. Pure gold.
— Dima Korolev, Miro
Such an awesome project!
— Shawn McGuire, Atlassian
I am really impressed with Regal. It has helped me write more expressive and deterministic Rego.
— Jimmy Ray, Boeing
See the adopters file for more Regal users.
<!-- markdownlint-disable MD041 MD033 -->This section explains how you can install and run Regal on your own machine.
<Tabs queryString="current-os"> <TabItem value="macos" label="macOS" default> <Tabs> <TabItem value="brew" label="Homebrew" default> Regal binaries can be installed on macOS using Homebrew. The formula can be reviewed on [brew.sh](https://formulae.brew.sh/formula/regal). This method supports both ARM64 and AMD64 architectures. ```shell brew install regal ``` </TabItem> <TabItem value="mise" label="mise"> If you are using [mise](https://mise.jdx.dev), the polyglot tool version manager, you can install Regal using: ```shell mise use -g regal@latest ``` </TabItem> </Tabs>Manual Download
It's also possible to download the Regal binary directly:
<Tabs> <TabItem value="arm64" label="arm64 (Apple Silicon)" default> ```shell curl -L -o regal https://github.com/open-policy-agent/regal/releases/latest/download/regal_Darwin_arm64 ``` </TabItem> <TabItem value="amd64" label="amd64 (Older Intel Macs)"> ```shell curl -L -o regal https://github.com/open-policy-agent/regal/releases/latest/download/regal_Darwin_x86_64 ``` </TabItem> </Tabs>After downloading the Regal binary, you must ensure it's executable:
chmod 755 ./regal
It's also recommended to move the Regal binary into a directory in your
PATH so you can run Regal commands in different directories.
You can verify the installation by running:
regal version
You can verify the installation by running:
regal version
:::info Community Package Repositories There are a number of community-maintained package repositories that provide Regal binaries for Linux/Unix.
See the Packaging section of the Adopters page for a complete list of available package managers.
These packages are maintained by their respective communities and may not always have the latest Regal version available. :::
</TabItem> <TabItem value="windows" label="Windows"> Download the Windows binary using PowerShell:Invoke-WebRequest -Uri "https://github.com/open-policy-agent/regal/releases/latest/download/regal_Windows_x86_64.exe" -OutFile "regal.exe"
Or using curl (if available):
curl -L -o regal.exe https://github.com/open-policy-agent/regal/releases/latest/download/regal_Windows_x86_64.exe
Add the Regal binary to your PATH by creating a Tools directory for it:
mkdir C:\Tools\Regal
move regal.exe C:\Tools\Regal\
Now we can add this to our PATH:
Control Panel → System → Advanced system settings → Environment Variables
Edit the Path variable → Add: C:\Tools\Regal
Alternatively, run:
[Environment]::SetEnvironmentVariable("Path", "$env:Path;C:\Tools\Regal", "User")
You can verify the installation by running:
regal version
You can verify the installation by running:
docker run --rm ghcr.io/open-policy-agent/regal:latest version
See all available binaries on the
GitHub releases page.
Checksums for all binaries are available in the download path by appending
.sha256 to the binary filename.
For example, verify the macOS arm64 binary checksum:
BINARY_NAME=regal_Darwin_arm64
curl -L -O https://github.com/open-policy-agent/regal/releases/latest/download/$BINARY_NAME
curl -L -O https://github.com/open-policy-agent/regal/releases/latest/download/$BINARY_NAME.sha256
shasum -c $BINARY_NAME.sha256
First, author some Rego!
package authz
default allow = false
allow if {
isEmployee
"developer" in input.user.roles
}
isEmployee if regex.match("@acmecorp\\.com$", input.user.email)
Next, run regal lint pointed at one or more files or directories to have them linted.
regal lint policy/
Rule: non-raw-regex-pattern
Description: Use raw strings for regex patterns
Category: idiomatic
Location: policy/authz.rego:12:27
Text: isEmployee if regex.match("@acmecorp\\.com$", input.user.email)
Documentation: https://www.openpolicyagent.org/projects/regal/rules/idiomatic/non-raw-regex-pattern
Rule: use-assignment-operator
Description: Prefer := over = for assignment
Category: style
Location: policy/authz.rego:5:1
Text: default allow = false
Documentation: https://www.openpolicyagent.org/projects/regal/rules/style/use-assignment-operator
Rule: prefer-snake-case
Description: Prefer snake_case for names
Category: style
Location: policy/authz.rego:12:1
Text: isEmployee if regex.match("@acmecorp\\.com$", input.user.email)
Documentation: https://www.openpolicyagent.org/projects/regal/rules/style/prefer-snake-case
1 file linted. 3 violations found.
Note If you're running Regal on an existing policy library, you may want to disable the
stylecategory initially, as it will likely generate a lot of violations. You can do this by passing the--disable-category styleflag toregal lint.
Linting from the command line is a great way to get started with Regal, and even for some experienced developers the preferred way to work with the linter. However, not only is Regal a linter, but a full-fledged development companion for Rego development!
Integrating Regal in your favorite editor means you'll get immediate feedback from the linter as you work on your policies. More than that, it'll unlock a whole new set of features that leverage Regal's language server, like context-aware completion suggestions, informative tooltips on hover, or go-to-definition.
Elevate your policy development experience with Regal in VS Code, Neovim, Zed, Helix and more on our Editor Support page!
To learn more about the features provided by the Regal language server, see the Language Server page.
To ensure Regal's rules are enforced consistently in your project or organization, we've made it easy to run Regal as part of your builds. See the docs on Using Regal in your build pipeline to learn more about how to set up Regal to lint your policies on every commit or pull request.
<!-- markdownlint-disable MD041 -->Now that you're up and running with Regal, take a look around some of our documentation to get a feel for the different features and capabilities of Regal.
Contributing contains information about how to hack on Regal itself.
Regal is currently in beta. End-users should not expect any drastic changes, but any API may change without notice. If you want to embed Regal in another project or product, please reach out!
<!-- markdownlint-disable MD041 -->The current Roadmap items are all related to the preparation for Regal 1.0:
If there's something you'd like to have added to the roadmap, either open an issue, or reach out in the community Slack!