v0.21.0

This is a big release, bringing new regal fix command, several features to the Regal language server, a new linter rule, and many improvements and fixes.

New command: regal fix

The regal fix command allows you to automatically fix some of the (style) issues reported by the Regal linter. This command is available in the CLI and can be run on a single file or a directory. The following linter rules are supported by the regal fix command:

• opa-fmt
• use-rego-v1
• use-assignment-operator
• no-whitespace-comment

More rules will be added in future releases.

The regal fix command respects the .regal/config.yaml file, and will only fix issues that aren't ignored by configuration.

New rule: unresolved-import

Category: imports

OPA does not resolve imports until runtime, and when it does, unresolved imports are simply undefined. The unresolved-import rule helps catch these issues early by flagging imports that can't be statically resolved by Regal. Since imports could refer to data documents or rules imported at runtime, this linter rule allows providing a list of of references that should be ignored by the linter.

For more information, see the docs on unresolved-import.

Language Server: Code Actions

Similarly to the regal fix command, code actions allows fixing some issues reported by Regal but directly from the editor. This release adds code actions to remediate the following linter rules:

• opa-fmt
• use-rego-v1
• use-assignment-operator
• no-whitespace-comment
• Navigate to documentation of any reported linter issue

Language Server: Go to Definition

Ctrl/cmd + clicking a reference in the editor now navigates to the definition of the reference, as Regal now implements the "go to definition" feature of the language server protocol.

Language Server: Formatting

The Regal language server now supports formatting Rego files using the opa fmt command. This can be triggered either by running the "Format document" command in your editor, or from where a opa-fmt linter violation is reported in the package.

Language Server: Document Symbols

Symbols — like packages, rules and functions, are now provided by Regal upon requests from an editor. This allows for a quick overview of the structure of a Rego file, and provides "breadcrumbs" to navigate the symbols of an open Rego document.

Language Server: Workspace Symbols

Similarly to document symbols, Regal now reports symbols from the entire workspace, allowing users to search and navigate to any top-level symbol (i.e. package, rule or function) in the workspace.

Language Server: Folding Ranges

Regal now provides folding ranges for Rego files in the workspace, allowing users to fold (i.e. expand or collapse) blocks of code, comments and imports in the editor.

Other improvements

• The language server now searches for the .regal/config.yaml file in directories above the workspace if not found before. This allows using a shared configuration file for multiple projects. Thanks @bdjgs for requesting this feature!
• Report not just the line but the exact position of use-assignment-operator violations
• The result of a hovering over a built-in function is now cached for faster rendering

Bugs fixed

• Fix bug where whitespace in directory names caused the language server to stop working. Thanks @frittsy for reporting this issue!

Documentation

• Fix wrong category of double-negative rule

Changelog

• de1ff4b: Code action for OPA fmt (#630) (@charlieegan3)
• 0f5b374: lsp: URI decode workspace URIs (#631) (@charlieegan3)
• 1255e7d: Refactor LSP logging (#632) (@charlieegan3)
• 128b5b4: Add quote from Jimmy Ray (#634) (@anderseknert)
• b5b6d56: Open docs code action (#635) (@charlieegan3)
• 5fbf293: Cache result of createHoverContent (#639) (@anderseknert)
• 37d87bf: rules: OPA fmt rule location fix (#633) (@charlieegan3)
• 6904ed9: Add code action for use-rego-v1 (#640) (@anderseknert)
• 8de5461: Implement textDocument/formatting (#641) (@anderseknert)
• 40ed03f: lsp: Accept but ignore cancelled requests (#642) (@charlieegan3)
• fe1dc3a: lsp: Enable formatting functionality (#643) (@charlieegan3)
• c31886e: lsp: Load config from parent dirs (#650) (@charlieegan3)
• ae359bf: Fix wrong category for double-negative rule (#652) (@anderseknert)
• 8e253b4: Calculate correct column of = in use-assignment-operator (#655) (@anderseknert)
• 63148df: Calculate column index from 1 in use-assignment-operator (#656) (@anderseknert)
• 8c9b76b: lsp: Increase test buffered channel size (#657) (@charlieegan3)
• dfd9ee2: fixer: Regal fix command (#653) (@charlieegan3)
• 3e0fcd2: Rule: unresolved-import (#658) (@anderseknert)
• c717dd6: lsp: fix flaky test (#660) (@charlieegan3)
• 5a8c5c1: lsp: refactor types (#662) (@charlieegan3)
• 8ae24da: lsp: Implement code actions for new fixes (#661) (@charlieegan3)
• c803b41: lsp: Support folding ranges (#663) (@anderseknert)
• 2a59305: lsp: handle textDocument/documentSymbol (#668) (@anderseknert)
• f108c69: lsp: Error handling fixes (#669) (@charlieegan3)
• f546004: lsp: handle textDocument/definition requests (#664) (@anderseknert)
• af1bdb8: Add LSP section to README (#674) (@anderseknert)
• 24c0b85: lsp: implement workspace/symbol (#673) (@anderseknert)

v0.20.1

This release fixes a panic encountered in the language server when Regal traverses a directory it cannot read while walking the workspace.

Thanks @frittsy for reporting the issue!

Changelog

• e16ffba: fix: avoid panic in walkdir traversal (#628) (@anderseknert)

v0.20.0

This release adds various improvements to the functionality of the language server as well as also including a number of housekeeping updates and fixes.

Language Server: Hover support for built-in function definitions

The language server protocol supports requesting information about the tokens under the cursor. This release implements support for such requests when users are hovering over Rego's built-in functions. Clicking the link in the tooltip heading will take you to the OPA docs for that built-in.

Language Server: Inlay Hints

Inlay Hint requests are also supported from this release. Inlay hints are allow named function arguments to be shown as users edit function calls.

Improvements

• Running the language server with --verbose will now show the full request response logs.
• File ignore config is now also supported by the language server.
• Unresolved imports are not flagged as part of prefer-package-imports

Updates

• This release updates OPA to v0.63.0, see the OPA changelog for more detail.
• Go SARIF has also been updated to 2.3.1

Changelog

• 3568183: docs: Add note about nvim-lspconfig (#604) (@charlieegan3)
• 9a670bf: build(deps): bump github.com/owenrumney/go-sarif/v2 from 2.3.0 to 2.3.1 (#606) (@dependabot[bot])
• 45705ca: Don't flag unresolved imports in prefer-package-imports (#607) (@anderseknert)
• 1f2b72f: docs: use 4 spaces for indentation in circular-imports docs (#612) (@anderseknert)
• 9200ad1: Publish binaries from build workflow (#610) (@anderseknert)
• 3f0c1bc: OPA v0.63.0 (#614) (@anderseknert)
• b5de824: lsp: textDocument/hover implementation (#617) (@anderseknert)
• 155d8f5: lsp: Missing built-in data is not a hard error (#619) (@charlieegan3)
• 9081abf: lsp: Support file ignore config (#620) (@charlieegan3)
• 4d7cbe1: lsp: add inlay hint support (#621) (@anderseknert)
• 6df97b3: lsp: Make verbose logging configurable (#623) (@charlieegan3)

v0.19.0

This release adds several new options for setting configuration options for rules in groups, allowing users to keep a static configuration across updates, or to ignore certainly classes of rules. v0.19.0 also includes a number of fixes to both linter rules and the language server integration, making for an even better experience when using Regal from VS Code or other LSP clients.

New default rule configuration option

The rules section in the Regal configuration file may now include a default attribute either at the top level, or in any specific category. This allows enabling/disabling entire categories of rules, or to avoid Regal to "break" CI/CD builds on updates if new rules are introduced. While it's arguably good to have new problems surfaced, we recognize that some organizations value stability first, and may opt for more controlled upgrades.

Example, using a default configuration to ignore all rules except for those explicitly listed:

rules:
  default:
    level: ignore
  bugs:
    constant-condition:
      level: error
    deprecated-builtin:
      level: error
    duplicate-rule:
      level: error

Example, using a default configuration to enable all rules except for those in the style category:

rules:
  default:
    level: error
  style:
    level: ignore

To learn more about the new default option, and the precedence rules for the various ways to ignore rules, see the Regal docs.

Fixes

• Fix false positive in prefer-some-in-iteration in function args
• Fix false positive in several rules not counting imports in scope
• Many fixes and improvements related to the LSP integration — see the changelog below for details

Changelog

• 441ff78: Correct md link (#584) (@charlieegan3)
• 3889772: Bump github.com/open-policy-agent/opa from 0.62.0 to 0.62.1 (#586) (@dependabot[bot])
• e378276: Fix: prefer-some-in-iteration false positive iteration in fn args (#579) (@anderseknert)
• 9da1796: docs: make old rule draft (#588) (@charlieegan3)
• 9e9a30e: config: Support the defaulting of rules in config (#587) (@charlieegan3)
• fff72d9: Fix false positive in rules not counting imports in scope (#592) (@anderseknert)
• bef10f7: Add note about vscode support (#593) (@charlieegan3)
• eef7509: Update with-outside-test-context.md (#595) (@gusega)
• 10605cf: Bump leigholiver/commit-with-deploy-key from 1.0.3 to 1.0.4 (#596) (@dependabot[bot])
• 4fc779a: lsp: Make server messages compliant (#594) (@charlieegan3)
• ed1098e: Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#598) (@dependabot[bot])
• b229e5f: Add Linting Rego with... Rego! blog (#599) (@anderseknert)
• 2179066: Add support for editing Regal in VS Code (#600) (@anderseknert)
• 4f559f2: lsp: Handle case where a rego file is empty (#602) (@charlieegan3)

v0.18.0

Only a week after v0.17.0, this release comes a little earlier than planned as we found a few issues in the VS Code OPA extension integration that we wanted to address as soon as possible. Nothing serious, but having that extension provide a great Regal experience feels important enough for us to warrant an earlier v0.18.0 release. That's not all there is to this release though, as we have both a new linter rule as well as a bunch of fixes included here. Enjoy!

New rule: ignored-import

Category: imports

Use of explicit references (like data.user.roles) that could instead point to an existing import will now be flagged in order to ensure that the imports a user has declared aren't ignored later in the policy.

For more information, see the docs on ignored-import.

Improvements

• The external-reference rule is now much better at detecting external references in function bodies.
• The rule-shadows-builtin now flags shadowed namespaces (like http) and not just shadowing of the full name (like http.send)
• The use-in-operator rule now also takes = into account (previous only == would be checked for)
• The unused-return-value rule was renamed unassigned-return-value to better reflect what the issue is

Bugs Fixed

• The only-scalars config option in prefer-value-in-head rule wasn't working — now it does!
• Fix false positive in prefer-some-in-iteration

Changelog

• a2e8c46: Address external-reference missing cases (#570) (@anderseknert)
• 4455680: docs: update path where version is saved to (#571) (@charlieegan3)
• e012e10: Fix broken only-scalars config in prefer-value-in-head rule (#573) (@anderseknert)
• ded8df1: Fix: rule-shadows-builtin to flag shadowed namespaces (#576) (@anderseknert)
• 3f73ca5: Fix prefer-some-in-iteration false positive on contains check (#574) (@anderseknert)
• 55b8fa7: Fix: use-in-operator should include eq (=) in check (#575) (@anderseknert)
• 3205762: Rule: ignored-import (#577) (@anderseknert)
• 21a0dc4: Language server initialisation adjustments (#580) (@charlieegan3)
• c3d3fe0: Rename unused-return-value -> unassigned-return-value (#581) (@anderseknert)
• b1a6fbe: OPA v0.62.0 (#583) (@anderseknert)

v0.17.0

This is a fairly big release, adding 4 new linter rules and a whole bunch of improvements and fixes.

New rule: with-outside-test-context

Category: performance

This is the first rule in the new performance category, with more to follow in future releases. The with keyword is known to most as a way to mock values and functions in unit tests. While it's occasionally useful in other contexts, it comes with some major performance implications when used outside of tests. This new rule warns when with is encoutered outside the context of tests.

For more information, see the docs on with-outside-test-context.

New rule: circular-import

Category: imports

A circular import is when a package imports itself, either by directly importing itself, or indirectly by importing a which in turn imports a series of packages that eventually import the original package. As long as recursive rules definitions are avoided, circular imports are permitted in Rego. However, such import graphs are not advisable and a signal of poorly structured policy code.

For more information, see the docs on circular-import.

New rule: rule-name-repeats-package

Category: style

When rules are referenced outside the package in which they are defined, they will be referenced using the package path. For example, the allow rule in the example package, is available at data.example.allow. When rule names include all or part of their package paths, this creates repetition in such references. For example, authz_allow in a package authz is referenced with: data.authz.authz_allow. This repetition is undesirable as the reference is longer than needed, and harder to read.

For more information, see the docs on rule-name-repeats-package.

New rule: double negative

Category: style

While rules using double negatives — like not no_funds — occasionally make sense, it is often worth considering whether the rule could be rewritten without the negative. For example, not no_funds could be rewritten as funds or has_funds, or funds_available.

For more information, see the docs on double-negative.

Improvements

• The Regal language server now supports client shutdown messages
• The docs on how to ignore rules and files have been greatly improved. Thanks @bdumpp and @orenzohar for the suggestion!

Bugs Fixed

• Fix false positive in prefer-some-in-iteration rule when old-style iteration was used inside of arrays, sets and objects
• Fix false positive in prefer-some-in-iteration rule when old-style iteration was used inside of rule head key (i.e. contains)
• Fix false positive in external-reference rule when using = for assignment (although you shouldn't!)
• The Regal language server now correctly handles URIs and paths on Windows

Ecosystem

The setup-regal GitHub Action has been promoted to v1. This fixes the warning in pipelines about depending on an old Node version. Make sure to update your workflows!

Changelog

• f2d07d9: lsp: Support lsp client shutdown message (#539) (@charlieegan3)
• 5418cea: docs: add workflow to auto update docs (#541) (@charlieegan3)
• e98d1fc: Update permissions to allow running actions (#542) (@charlieegan3)
• f2d996a: Update docs with deploy key (#543) (@charlieegan3)
• daf2a16: docs: make path when updating version (#544) (@charlieegan3)
• 4007105: docs: correctly set version when updating (#545) (@charlieegan3)
• 46a84e7: docs: allow updating with workflow dispatch (#546) (@charlieegan3)
• cd2cd9f: docs: use pinned addon (#547) (@charlieegan3)
• 6bdebb6: docs: update action no longer needs local write (#549) (@charlieegan3)
• 7896c73: Use v1 of setup-regal (#551) (@anderseknert)
• 1c6d1ba: Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#552) (@dependabot[bot])
• 5dbc6d8: Fix golangci-lint violations (#554) (@anderseknert)
• ee878c0: Use filepath.WalkDir (#556) (@anderseknert)
• 7f9ddad: Rule: circular-import and rule-name-repeats-package (#558) (@charlieegan3)
• ee2cd46: rules: Add double negative rule (#557) (@charlieegan3)
• 22f6a10: Rule: with-outside-test-context (#555) (@anderseknert)
• 2bb5dd6: Docs: Make it obvious how to ignore rules and files (#562) (@anderseknert)
• 6ecc6af: Fix false positive in external-reference (#563) (@anderseknert)
• 4625e7a: Fix false positive in prefer-some-in-iteration (#564) (@anderseknert)
• f11eef4: prefer-some-iteration: fix false positive in rule head key (#565) (@anderseknert)
• ece9977: lsp: Correctly handle URIs and paths on Windows (#569) (@charlieegan3)

v0.16.0

This release adds 2 new linter rules and a language server protocol (LSP) implementation to Regal.

New rule: duplicate-rule

Category: bugs

The new duplicate-rule linter rule flags any rules with duplicated code found in a policy. Duplicate rules are almost certainly a mistake, perhaps from copy-pasting code, and should simply be fixed (or likely, removed).

For more information, see the docs on duplicate-rule.

New rule: use-rego-v1

Category: imports

OPA v0.59.0 introduced a new import named rego.v1. When import rego.v1 is used in a policy, OPA will ensure the policy is compliant with the upcoming OPA 1.0 release. This include enforcing the use of the if and contains keywords, that no deprecated built-ins are used, and more. To learn more about OPA 1.0 and the rego.v1 import, see the OPA docs.

As rego.v1 replaces the future.keywords imports, the Regal rules around those imports are automatically disabled when use-rego-v1 is in use. If you wish to target a version of OPA before rego.v1, use the capabilities feature of the Regal configuration file.

Avoid

package policy

# before OPA v0.59.0, this was best practice
import future.keywords.contains
import future.keywords.if

report contains item if {
    # ...
}

Prefer

package policy

# with OPA v0.59.0 and later, use this instead
import rego.v1

report contains item if {
    # ...
}

For more information, see the docs on use-rego-v1.

New feature: Regal language server

The Language Server Protocol (LSP) provides a way for editors to integrate support for various programming languages using a common protocol. Using an LSP server implementation rather than one built specifically for a single editor allows the same code to be used across all editors with LSP support. v0.16.0 brings a language server mode to Regal, allowing diagnostics (i.e. linting) of Rego to be performed continuously in a workspace rather than as a one-off CLI operation. This is the first step towards bringing Regal into editors like VS Code, and having linting of Rego natively supported as you work with your policies. Expect to see more in this space soon!

Huge thanks to @charlieegan3 for this outstanding contribution!

Changelog

• 071463b: Rule: duplicate-rule (#530) (@anderseknert)
• 7a7a3db: docs: fix typo in code examples (#531) (@charlieegan3)
• 5699af8: ci: enable unused-parameters and unused-receivers in revive linter (#534) (@srenatus)
• ba28678: Regal Language Server (#532) (@charlieegan3)
• ea79b04: OPA v0.61.0 (#536) (@anderseknert)
• c911cb8: docs: fix broken link to ast.rego (#537) (@sspaink)
• bc27c76: Rule: use-rego-v1 (#538) (@anderseknert)

v0.15.0

This release brings 2 new linter rules, and a few improvements and fixes.

New rule: deprecated-builtin

Category: bugs

Calling deprecated built-in functions should always be avoided, and replacing them is usually trivial. Refer to the OPA docs on strict mode for more details on which built-in functions counts as deprecated.

For more information, see the docs on deprecated-builtin.

New rule: default-over-not

Category: style

Avoid

package policy

import future.keywords.if

username := input.user.name

username := "anonymous" if not input.user.name

Prefer

package policy

default username := "anonymous"

username := input.user.name

While both forms are valid, using the default keyword to assign a constant value in the fallback case better
communicates intent, avoids negation where it isn't needed, and requires less instructions to evaluate. Note that this
rule only covers simple cases where one rule assigns the "happy" path, and another rule assigns on the same condition
negated. This is by design, as using not and negation may very well be the right choice for more complex cases!

For more information, see the docs on default-over-not.

Other improvements

• Ignore directives can now be placed anywhere in a comment, and not just at the start of one. Thanks @nevumx for requesting this!

Bugs fixed

• SARIF output format: omit region for violations with whole file as location. Thanks @travbale for reporting this!
• SARIF output format: fix incorrect level of notice and use none instead. Thanks @travbale for reporting this!

Community

• The Minder project was added as an adopter. Thanks @JAORMX for this!

Changelog

• 8ab2d0b: bundle: update all_refs to get more refs (#512) (@charlieegan3)
• 9dab794: [ast]: Improve all_refs performance (#518) (@charlieegan3)
• d8d91ff: SARIF: Omit region if no row/column provided (#515) (@anderseknert)
• f2b39f6: Bump actions/setup-go from 4 to 5 (#519) (@dependabot[bot])
• fe2ae49: docs: Add new community rules section (#520) (@charlieegan3)
• 4f7d745: Bump github/codeql-action from 2 to 3 (#522) (@dependabot[bot])
• 1db0b08: Add Minder to list of open source projects that have adopted regal (#523) (@JAORMX)
• d7783b0: Add Stacklok to the list of companies that have adopted Regal (#524) (@JAORMX)
• dad9809: Rule: default-over-not (#521) (@anderseknert)
• ef3386a: Rule: deprecated-builtin (#525) (@anderseknert)
• 47f6cc2: OPA v0.60.0 (#526) (@anderseknert)
• 7d3fdd3: Allow ignore directive anywhere in comment (#529) (@anderseknert)
• f80597e: Fix OPA badge: v0.60.0 (@anderseknert)

v0.14.0

This release brings 2 new linter rules, a new output format, and many improvements and fixes.

New rule: boolean-assignment

Category: idiomatic

Assigning the result of a boolean expression is often redundant, and the expression is better placed in the rule body, following an if. This also makes for a more readable rule.

# Instead of this
more_than_one_member := count(input.members) > 1

# Prefer this
more_than_one_member if count(input.members) > 1

For more information, see the docs on boolean-assignment.

New rule: redundant-existence-check

Category: bugs

Checking whether a reference is defined immediately before it's used isn't needed, as an undefined value will have evaluation fail either way:

# Instead of this
employee if {
    input.user.email
    endswith(input.user.email, "@acmecorp.com")
}

# Prefer this
employee if {
    endswith(input.user.email, "@acmecorp.com")
}

For more information, see the docs on redundant-existence-check.

New SARIF output format

SARIF is a standardized output format used and supported by many tools working with static analysis and code quality. Use --format sarif to have regal lint generate standard SARIF output, which can then be consumed by a number of tools.

Bugs fixed

• Fix false positive in the unused-return-value rule, which could be triggered when a function was called in an argument provided to the print built-in
• Fix false positive in prefer-package-imports that would only be triggered when linting custom rules

Other improvements

• The prefer-some-in-iteration rule will by default no longer flag iteration where a sub-attribute is used, like input[_].item
• The use-in-operator rule has been extended to include more types of items, leading to better discovery of locations where in should be used
• Remove replace directive in go.mod that made hard to integrate Regal as a library. Thanks, @jamietanna!
• The project now uses markdownlint to ensure consistent formatting of its documentation
• The Go API now allows reading custom rules from an fs.FS filesystem
• OPA dependency bumped to latest v0.59.0
• Use matrix to build and test Regal in CI for all supported operating systems

Documentation

• The README now includes a section covering the opa check --strict command, and how it relates to Regal
• A new page featuring editor integrations has been added to the docs. Thanks, @eshepelyuk!
• A new page featuring Regal adopters has been added

Changelog

• e71ff0a: Docs: supported editors page (#483) (@eshepelyuk)
• 7138206: Add section on `opa check --strict' (#484) (@anderseknert)
• daf0b02: docs: minor readme updates (#485) (@charlieegan3)
• a7f0819: docs: Extend note in readme (#487) (@charlieegan3)
• 60668b9: Fix: false positive with print and unused-return-value (#486) (@anderseknert)
• f70e631: Rule: boolean-assignment (#488) (@anderseknert)
• ef28546: Replace replace directive with direct version pinning (#491) (@jamietanna)
• f073c74: prefer-some-in-iteration: except subattribute iteration (#489) (@anderseknert)
• 98afac8: Add markdownlint for linting docs (#493) (@anderseknert)
• a34e172: build: Add matrix PR build (#495) (@charlieegan3)
• 265ad54: Rule: redundant-existence-check (@anderseknert)
• 5d2d836: go.mod: switch back to 1.20 (#500) (@srenatus)
• 843699b: Revert change to do.rq (@charlieegan3)
• d48656a: use-in-operator: extend check to include static refs (#499) (@anderseknert)
• 032b038: prefer-package-imports: except data.regal imports in custom rules (#498) (@anderseknert)
• b067d04: pkg/version: remove spurious whitespace from String() (#502) (@srenatus)
• f7dca35: linter: Add WithCustomRulesFromFS SDK option (#503) (@charlieegan3)
• 58c5e2e: function-arg-return: fix docs typo (#504) (@srenatus)
• 4d5fc01: Add adopters file (#506) (@anderseknert)
• cb08880: Add Rego Playground as integrator (#508) (@anderseknert)
• 6876cfc: Add SARIF output format (#507) (@anderseknert)
• b9342d4: OPA v0.59.0 (#511) (@anderseknert)

v0.13.0

This release brings 3 new linter rules, several performance improvements, and many fixes and tweaks to existing rules.

New rules: use-if and use-contains

Category: idiomatic

The if and contains keywords are considered idiomatic in modern Rego, as they help both with readability as well as to remove some ambiguities from earlier versions of the language. In fact, both of the keywords will be made mandatory in the upcoming OPA 1.0 release. There's no need to wait for that though! The use-if and use-contains rules helps you get ahead of the curve and enforce the use of these keywords today.

For more information, see the docs on use-if and use-contains.

Thanks @tsandall for suggesting these rules!

New rule: if-empty-object

Category: bugs

With the introduction of the if keyword, an empty pair of curly braces ({}) is no longer considered a rule body, but an empty object. While previous versions of Rego would treat an empty body as an error, allow if {} would be result in allow assigned to true, as an empty object is a "truthy" value. This is likely a mistake, and the if-empty-object rule will help you find and fix it.

For more information, see the docs on if-empty-object

Performance improvements

While Regal will scan most policy repositories in under a second, repos with thousands of policies are necessarily more demanding. This release brings many performance improvements, which should improve the experience working with Regal even for largest Rego repos. These improvements include:

• More efficient use of the walk built-in in linter rules
• Remove the file attribute from AST nodes, resulting in less nodes to traverse
• Parsing of input files now done concurrently
• Various smaller optimizations in many linter rules

Other improvements

• The compact output format now prints a prettier compact table

Bugs fixed

• Fix false positive in unnecessary-some rule
• Error out if --config-file is explictly provided but non-existent (thanks @mcguiresm!)
• detached-metadata: allow detached annotaton for document scope (thanks @hans-d for reporting!)
• line-length: use 120 character fallback if no limit found in config

Changelog

• eef06e5: Refactor: collect rules to run only once (#454) (@anderseknert)
• bb207cf: Optimization: less use of walk (#455) (@anderseknert)
• 6727c3a: e2e: fix custom caps assertions (#456) (@srenatus)
• 2a9dff6: No more "file" in locations! (#458) (@anderseknert)
• 21d0405: Fix false positive in unnecessary-some (#460) (@anderseknert)
• d634dfa: Error out if config-file is explictly provided but non-existent (#463) (@mcguiresm)
• 0598111: Various micro-optimizations (#467) (@anderseknert)
• a0b1df9: Concurrent parse in InputFromPaths (#464) (@anderseknert)
• fe6f14e: Rule: if-empty-body (#461) (@anderseknert)
• be7ed72: detached-metadata: allow detached if document scope (#469) (@anderseknert)
• b36f696: Use 120 characters as max line length if not configured (#473) (@anderseknert)
• 660dc30: Rule: use-if and use-contains (#470) (@anderseknert)
• 459bcc8: InputFromPaths: return if err != nil (@anderseknert)
• 5b3855f: Use import rego.v1 (#471) (@anderseknert)
• c8c7487: Use capabilities from v0.58.0 (#475) (@anderseknert)
• 93295d1: release: Create draft releases (#478) (@charlieegan3)
• 920b9e3: Do not truncate location in pretty reporter (#477) (@anderseknert)
• 227e454: Remove uitable dependency (#480) (@anderseknert)