v0.23.0

This release adds 3 new linter rules to Regal, greatly improved completion suggestions in the language server, and a number of other improvements and fixes.

New rule: leaked-internal-reference

Category: bugs

Following the recently added style guide recommendation to use underscore prefixes to denote internal rules and functions, this was the first rule to help enforce that convention. The leaked-internal-reference rule will flag any reference to a rule or function with an underscore prefix that is not defined in the same package:

package policy

import rego.v1

# this will be flagged, as `_allow` is considered internal to the `authz` package
allow if data.authz._allow

For more information, see the docs on leaked-internal-reference.

New rule: internal-entrypoint

Category: bugs

Rules annotated as entrypoints are public by definition and must not be prefixed with an underscore.

Avoid

package policy

import rego.v1

# METADATA
# entrypoint: true
_authorize if {
    # some conditions
}

Prefer

package policy

import rego.v1

# METADATA
# entrypoint: true
allow if _authorize

_authorize if {
    # some conditions
}

For more information, see the docs on internal-entrypoint.

New rule: ambiguous-scope

Category: idiomatic

The default scope for metadata annotating a rule is the rule scope, which applies to the individual rule statement only. This default is sensible for a rule defined only once, but is somewhat ambiguous for a rule defined incrementally, like the allow rule in the examples below. Was the intention really to annotate that single definition, or the rule as whole? Most likely the latter.

If only a single rule in a group of incremental rule definitions is annotated, it should have it's scope set explicitly to either document or rule. If all incremental definitions are annotated, explicit scope: rule is not required.

Avoid

# METADATA
# description: allow is true if the user is admin, or the requested resource is public
allow if user_is_admin

allow if public_resource

Prefer

# METADATA
# description: allow is true if the user is admin, or the requested resource is public
# scope: document
allow if user_is_admin

allow if public_resource

Or (scope rule implied, but all incremental definitions annotated)

# METADATA
# description: allow is true if the user is admin
allow if user_is_admin

# METADATA
# description: allow is true if the requested resource is public
allow if public_resource

Or (scope rule explicit)

# METADATA
# description: allow is true if the user is admin
# scope: rule
allow if user_is_admin

allow if public_resource

For more information, see the docs on ambiguous-scope.

For more information about the scope metadata attribute, see the OPA docs.

Language server: Greatly improved completion suggestions

Last release introduced a minimal implementation of code completion, which means that the language server supports providing completion suggestions while editing Rego in an editor that supports the Regal languge server, such as VS Code using the OPA VS Code extension.

This release provides greatly improved completion suggestions, including:

• References to packages, rules and functions (both imported and complete references)
• Keywords like import, default, contains, if
• Completions on input attributes based on those previously used
• Common rule names like allow and deny
• New package names based on directory structure
• Many more suggestions based on the context of the cursor position

Using completion suggestions now feels like a total game changer for productivity, and we really recommend trying it out!

Other improvements

• Bump OPA version to v0.65.0
• Improve LSP implementation to better handle different clients
• Don't show completion suggestions for internal references outside of their package
• Show different types of icons in completion suggestions based on what's suggested

Docs

• Update README to reflect current LSP features
• Add new documentation page for integrating Regal in build pipelines (thanks @Parsifal-M!)
• Fix typo in messy-rule documentation (thanks @Parsifal-M!)
• Add instructions for installing Regal via asdf (thanks @smorimoto for providing the plugin!)
• Rename development.md -> CONTRIBUTING.md to align with convention
• Add SECURITY.md doc under docs directory

Bugs fixed

• Fixed false positive when importing input or data in ignored-import
• Fix possible concurrent read of maps in completion provider
• Filter out ignored files in regal fix command (thanks @oren-zohar for reporting the issue!)

Breaking changes

These changes do not affect regular users of Regal, but possibly power users that have built their own custom rules relying on these helpers.

• Remove the regal.json_pretty built-in function. Users can now use json.marshal_with_options from OPA instead.
• Remove the ast.name function in favor of ast.ref_to_string

Thank you to all contributors, community members and users! 🎉

If you have any questions, would like to discuss the release, or talk about Regal in general, you'll find us in the Styra Community Slack!

Changelog

• 0de5d4f: Use Go 1.22 (#737) (@anderseknert)
• e21051b: docs: update the readme with the lsp features (#738) (@charlieegan3)
• 153f9a0: Better align with specification based on Zed client testing (#741) (@anderseknert)
• c9d0868: lsp: ensure completion items is not null (#740) (@charlieegan3)
• eb30185: lsp: Identify Zed editor client (#742) (@charlieegan3)
• 87efaf1: fixes typo in messy rule docs (#744) (@Parsifal-M)
• 7b60e7c: Build pipeline docs (Github/Gitlab) (#743) (@Parsifal-M)
• f0875e3: Fix false positive when importing input/data in ignored-import (#747) (@anderseknert)
• 10aa4b7: lsp: Add package/rule ref completions (#739) (@charlieegan3)
• e10ec82: Don't suggest completions for internal rules or functions (#754) (@anderseknert)
• 372185b: Use completion item kind table for completions icons (#756) (@anderseknert)
• 2275b89: Add completions for default and import keywords (#759) (@anderseknert)
• cf93614: lsp: Return copies of cache maps (#760) (@charlieegan3)
• cf030b4: cmd/fix: Filter files loaded for fixing (#762) (@charlieegan3)
• 285a12d: lsp/completions: Implement better package items (#763) (@charlieegan3)
• 48aa1db: lsp: Provide data ref completions in rules (#769) (@charlieegan3)
• 51bd977: lsp: completions for rule heads (#770) (@charlieegan3)
• 7ea6999: lsp: Show subpackage scope (#772) (@charlieegan3)
• e7a11ae: lsp: Rule head & input doc completion improvements (#773) (@charlieegan3)
• 51dd1f6: lsp: Enable common rule completions (#775) (@charlieegan3)
• 6c91202: OPA v0.65.0 (#777) (@anderseknert)
• 83ae84a: breaking: Remove regal.json_pretty built-in function (#785) (@anderseknert)
• 2c095e6: Rule: leaked-internal-reference (#782) (@anderseknert)
• 86c28d7: Rule: internal-entrypoint (#784) (@anderseknert)
• 96329cf: Add asdf instructions (#786) (@anderseknert)
• d1799ae: Add info on Zed extension (#787) (@anderseknert)
• df57e69: lsp: Show docs for diagnostics in Zed (#789) (@charlieegan3)
• 3886d9d: Rename development.md -> CONTRIBUTING.md (#788) (@anderseknert)
• b4eaad3: Add basic security disclosure doc (#790) (@anderseknert)
• fdda4b5: lsp: implement used refs completions (#794) (@charlieegan3)
• f9e8949: build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#796) (@dependabot[bot])
• 47c6247: Rule: ambiguous-scope (#795) (@anderseknert)
• fdc479f: Prepare for goreleaser 2.0.0 (#797) (@anderseknert)
• 5f6e238: Refactor: remove name function in favor of ref_to_string (#798) (@anderseknert)
• 89d3a7a: lsp/completions: Drop period from input new text (#799) (@charlieegan3)