yywing/cel-go — explained in plain English
Analysis updated 2026-07-14 · repo last pushed 2025-09-25
Build a custom access-control system where admins write rules like 'grant access if user email matches a pattern'.
Let users define alerting rules such as 'notify me if response time exceeds 500ms and endpoint starts with /api/'.
Validate configuration files against user-defined conditions without exposing the app to arbitrary code.
Evaluate feature flag conditions from config so non-developers can toggle features by writing simple expressions.
| yywing/cel-go | aasheeshlikepanner/vase | alexzielenski/controller-runtime | |
|---|---|---|---|
| Stars | — | 0 | — |
| Language | Go | Go | Go |
| Last pushed | 2025-09-25 | — | 2022-04-20 |
| Maintenance | Quiet | — | Dormant |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 3/5 | 4/5 | 4/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires familiarity with Go modules and an understanding of how to define the variable types and environment CEL evaluates against.
cel-go lets developers embed a safe, lightweight mini-language into their Go applications so end users or configuration files can express custom rules without giving them full programming power. Think of it as a way to let someone write a simple condition like "grant access if the user's email matches this pattern and the request is within business hours", without exposing the system to arbitrary code execution. At its core, a CEL program is a single expression, no loops, no functions that run forever. Developers define which variables are available (like a user object or a resource name), then compile and evaluate the expression against provided data. The syntax is deliberately similar to common languages like Java, Go, and TypeScript, so it looks familiar. One notable feature is "partial state" evaluation: if some data is missing, the expression can still produce a meaningful result or a simplified residual expression, which is useful in distributed systems where not all information is available at every layer. This is useful for teams building systems that need flexible, user-defined policies, access control rules, configuration validation, feature flag conditions, or request filtering. For example, a platform letting users define custom alerts ("notify me if response time exceeds 500ms and the endpoint starts with /api/") could use CEL to safely evaluate those rules. It's designed for situations where you want more power than a fixed set of checkboxes but less risk than letting people run JavaScript or Lua. The project makes a deliberate tradeoff: by keeping CEL non-Turing complete (no loops, no recursion), it avoids the security and performance costs of sandboxing a full language. Evaluation runs in time proportional to expression size, which makes it predictable. The README notes that JavaScript, Lua, and WASM are alternatives, but argues CEL is faster and simpler for this specific niche of lightweight expression evaluation.
A Go library that lets you embed a safe, lightweight expression language into your app so users or config files can define custom rules without full code execution.
Mainly Go. The stack also includes Go.
Quiet — no commits in 6-12 months (last push 2025-09-25).
No license information was provided in the explanation, so the licensing terms are unknown.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.