explaingit

google/cel-spec

3,798StarlarkAudience · developerComplexity · 4/5Setup · hard

TLDR

The formal specification for Google's Common Expression Language, a tiny, safe expression language used to write security rules and conditions that can be evaluated consistently across different apps and languages.

Mindmap

mindmap
  root((cel-spec))
    What it is
      Language specification
      Expression evaluator
      Not a full language
    Key Properties
      Always terminates
      Cannot modify data
      Safe for user input
    Tech Stack
      Starlark
      Protocol Buffers
      Binary format
    Use Cases
      Security policies
      API conditions
      Firebase rules
    Audience
      Platform engineers
      Language implementers
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Embed CEL into your platform so users can write custom security rules or conditions without being able to run arbitrary code.

USE CASE 2

Write API policy conditions in CEL that evaluate identically across Go, Java, and C++ services.

USE CASE 3

Use CEL expressions for Firebase-style security rules that decide who can read or write data.

USE CASE 4

Implement the CEL specification in a new programming language using the protocol buffer definitions as the shared format.

Tech stack

StarlarkProtocol Buffers

Getting it running

Difficulty · hard Time to first run · 1h+

This is a specification repo, you need a separate language-specific CEL implementation library to actually run expressions.

License information is not mentioned in the explanation.

In plain English

The Common Expression Language, or CEL, is a small language specification created by Google for evaluating expressions in a safe and consistent way across different applications and programming languages. It is not a full programming language. It is designed specifically for writing conditions and simple logic that can be embedded inside other software systems. The main use cases are security policies and protocol definitions, where different tools or services need to evaluate the same expression and agree on the result. CEL expressions look similar to conditions you might write in C, Java, or JavaScript, such as checking whether an account balance is high enough, but they run in a controlled environment with defined boundaries. A few properties set CEL apart from running arbitrary code. It always finishes in a predictable amount of time, it cannot modify data, and it is not capable of general-purpose computation. These constraints are intentional: they make CEL safe to run in situations where you cannot trust arbitrary user-submitted code, and they allow implementations to run much faster than sandboxed general-purpose languages. CEL is built to be embedded into other applications. The software that hosts CEL can supply its own functions and data types, extending what expressions can reference without changing the core language itself. Google uses it in products like Firebase security rules and across various API policy systems. This repository contains the formal specification for the language and the binary format used to represent compiled expressions, along with protocol buffer definitions for sharing those expressions across services. Multiple language implementations exist separately.

Copy-paste prompts

Prompt 1
I want to add user-defined conditions to my API gateway using CEL. What does a basic CEL expression look like, and how do I embed a CEL evaluator in a Go service?
Prompt 2
Show me how to write a CEL expression that checks whether a request has a valid role claim and a non-expired timestamp.
Prompt 3
I'm implementing a policy engine and want to use CEL for the rule language. What does the CEL spec say about how custom functions and types are added by the host application?
Prompt 4
How does CEL guarantee that an expression always finishes in bounded time, and what kinds of operations are intentionally excluded to enforce that?
Open on GitHub → Explain another repo

← google on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.