Skip to main content

Documentation Index

Fetch the complete documentation index at: https://kosli-reference-docs-v2-17-6.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Synopsis

kosli evaluate input [flags]
[BETA] Evaluate a local JSON input against a Rego policy. Read JSON from a file or stdin and evaluate it against a Rego policy. The input file should contain the raw JSON object your policy expects — not the wrapper produced by --show-input. Use jq '.input' to extract the policy input from a --show-input --output json capture. The policy must use package policy and define an allow rule. An optional violations rule (a set of strings) can provide human-readable denial reasons. By default a deny exits with code 1. Pass --no-assert to print the verdict and exit 0 even on deny, when this command is feeding another tool as a policy decision point. When --input-file is omitted, JSON is read from stdin. Use --params to pass configuration data to the policy as data.params. This accepts inline JSON or a file reference (@file.json).

Flags

FlagDescription
—assert[optional] Exit with a non-zero status when the policy denies. This is the current default; pass —assert to lock it in across future releases.
-h, —helphelp for input
-i, —input-file string[optional] Path to a JSON input file. Reads from stdin if omitted.
—no-assert[optional] Print the result and always exit 0, even when the policy denies. Use when this command feeds another tool as a policy decision point.
-o, —output string[defaulted] The format of the output. Valid formats are: [table, json]. (default “table”)
—params string[optional] Policy parameters as inline JSON or @file.json. Available in policies as data.params.
-p, —policy stringPath to a Rego policy file to evaluate against the input.
—show-input[optional] Include the policy input data in the output.

Flags inherited from parent commands

FlagDescription
-a, —api-token stringThe Kosli API token.
-c, —config-file string[optional] The Kosli config file path. (default “kosli”)
—debug[optional] Print debug logs to stdout. A boolean flag docs (default false)
-H, —host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
—http-proxy http://proxy-server-ip:proxy-port[optional] The HTTP proxy URL including protocol and port number. e.g. http://proxy-server-ip:proxy-port
-r, —max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
—org stringThe Kosli organization.

Live Examples in different CI systems

View an example of the kosli evaluate input command in GitHub.In this YAML file

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
kosli evaluate trail TRAIL --flow FLOW 
	--policy allow-all.rego 
	--show-input --output json | jq '.input' > trail-data.json


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--show-input 
	--output json


cat trail-data.json | kosli evaluate input 
	--policy policy.rego


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--params '{"threshold": 3}'


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--params @params.json


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--no-assert
Last modified on May 7, 2026