What does this repo signal mean?

Microsoft published microsoft/regorus (Rust). This repository signal exposes tooling, eval, infrastructure, or model-adjacent work before it may appear in a launch post. High-signal details: repo microsoft/regorus · language Rust. onlylabs links this event to 1 captured evidence page and 6 related repo signals. It also maps to Safety and policy in the data-business radar.

Microsoft Repo: microsoft/regorus

Captured source

source ↗

GitHub/github.com/microsoft/regorus

microsoft/regorus repository metadata

Source ↗

published Feb 9, 2023seen 5dcaptured 8hhttp 200method plain

microsoft/regorus

Description: Regorus - A fast, lightweight Rego (OPA policy language) interpreter written in Rust.

Language: Rust

License: NOASSERTION

Stars: 317

Forks: 61

Open issues: 64

Created: 2023-02-09T18:46:41Z

Pushed: 2026-06-11T02:46:32Z

Default branch: main

Fork: no

Archived: no

README:

Regorus

Regorus is

*Rego*-*Rus(t)* - A fast, light-weight Rego

interpreter written in Rust.

*Rigorous* - A rigorous enforcer of well-defined Rego semantics.

Regorus is also

*cross-platform* - Written in platform-agnostic Rust.
*no_std compatible* - Regorus can be used in no_std environments too. Most of the builtins are supported.
*current* - We strive to keep Regorus up to date with latest OPA release. Regorus defaults to v1 of the Rego language.
*compliant* - Regorus is mostly compliant with the latest OPA release v1.2.0. See [OPA Conformance](#opa-conformance) for details. Note that while we behaviorally produce the same results, we don't yet support all the builtins.
*extensible* - Extend the Rego language by implementing custom stateful builtins in Rust.

See add_extension. Support for extensibility using other languages coming soon.

*polyglot* - In addition to Rust, Regorus can be used from *C*, *C++*, *C#*, *Golang*, *Java*, *Javascript*, *Python*, and *Ruby*.

This is made possible by the excellent FFI tools available in the Rust ecosystem. See [bindings](#bindings) for information on how to use Regorus from different languages.

To try out a *Javascript(WASM)* compiled version of Regorus from your browser, visit Regorus Playground.

Regorus is available as a library that can be easily integrated into your Rust projects. Here is an example of evaluating a simple Rego policy:

fn main() -> anyhow::Result {
// Create an engine for evaluating Rego policies.
let mut engine = regorus::Engine::new();

let policy = String::from(
r#"
package example

allow if {
## All actions are allowed for admins.
input.principal == "admin"
} else if {
## Check if action is allowed for given user.
input.action in data.allowed_actions[input.principal]
}
"#,
);

// Add policy to the engine.
engine.add_policy(String::from("policy.rego"), policy)?;

// Add data to engine.
engine.add_data(regorus::Value::from_json_str(
r#"{
"allowed_actions": {
"user1" : ["read", "write"],
"user2" : ["read"]
}}"#,
)?)?;

// Set input and evaluate whether user1 can write.
engine.set_input(regorus::Value::from_json_str(
r#"{
"principal": "user1",
"action": "write"
}"#,
)?);

let r = engine.eval_rule(String::from("data.example.allow"))?;
assert_eq!(r, regorus::Value::from(true));

// Set input and evaluate whether user2 can write.
engine.set_input(regorus::Value::from_json_str(
r#"{
"principal": "user2",
"action": "write"
}"#,
)?);

let r = engine.eval_rule(String::from("data.example.allow"))?;
assert_eq!(r, regorus::Value::Undefined);

Ok(())
}

Regorus is designed with Confidential Computing in mind. In Confidential Computing environments, it is important to be able to control exactly what is being run. Regorus allows enabling and disabling various components using cargo features. By default all features are enabled.

The default build of regorus example program is 6.3M:

$ cargo build -r --example regorus; strip target/release/examples/regorus; ls -lh target/release/examples/regorus
-rwxr-xr-x 1 anand staff 6.3M May 11 22:03 target/release/examples/regorus*

When all default features are disabled, the binary size drops down to 1.9M.

$ cargo build -r --example regorus --no-default-features; strip target/release/examples/regorus; ls -lh target/release/examples/regorus
-rwxr-xr-x 1 anand staff 1.9M May 11 22:04 target/release/examples/regorus*

Regorus passes the OPA v1.2.0 test-suite barring a few builtins. See [OPA Conformance](#opa-conformance) below.

Bindings

Regorus can be used from a variety of languages:

*C*: C binding is generated using cbindgen.

corrosion-rs can be used to seamlessly use Regorous in your CMake based projects. See bindings/c.

*C freestanding*: bindings/c_no_std shows how to use Regorus from C environments without a libc.
*C++*: C++ binding is generated using cbindgen.

corrosion-rs can be used to seamlessly use Regorous in your CMake based projects. See bindings/cpp.

*C#*: C# binding is generated using csbindgen. See bindings/csharp for an example of how to build and use Regorus in your C# projects.
*Golang*: The C bindings are exposed to Golang via CGo. See bindings/go for an example of how to build and use Regorus in your Go projects.
*Python*: Python bindings are generated using pyo3. Wheels are created using maturin. See bindings/python.
*Java*: Java bindings are developed using jni-rs.

See bindings/java.

*Javascript*: Regorus is compiled to WASM using wasmpack.

See bindings/wasm for an example of using Regorus from nodejs. To try out a *Javascript(WASM)* compiled version of Regorus from your browser, visit Regorus Playground.

*Ruby*: Ruby bindings are developed using magnus.

See…

Excerpt shown — open the source for the full document.