Skip to main content

Synopsis

kosli evaluate input [flags]
Evaluate a local JSON input against a Rego policy. Read JSON from a file or stdin and evaluate it against a Rego policy. The input file should contain the raw JSON object your policy expects — not the wrapper produced by --show-input. Use jq '.input' to extract the policy input from a --show-input --output json capture. The policy must use package policy and define an allow rule. An optional violations rule (a set of strings) can provide human-readable denial reasons. The command exits with code 0 when allowed and code 1 when denied. When --input-file is omitted, JSON is read from stdin. Use --params to pass configuration data to the policy as data.params. This accepts inline JSON or a file reference (@file.json).

Flags

FlagDescription
-h, —helphelp for input
-i, —input-file string[optional] Path to a JSON input file. Reads from stdin if omitted.
-o, —output string[defaulted] The format of the output. Valid formats are: [table, json]. (default “table”)
—params string[optional] Policy parameters as inline JSON or @file.json. Available in policies as data.params.
-p, —policy stringPath to a Rego policy file to evaluate against the input.
—show-input[optional] Include the policy input data in the output.

Flags inherited from parent commands

FlagDescription
-a, —api-token stringThe Kosli API token.
-c, —config-file string[optional] The Kosli config file path. (default “kosli”)
—debug[optional] Print debug logs to stdout. A boolean flag docs (default false)
-H, —host string[defaulted] The Kosli endpoint. (default “https://app.kosli.com”)
—http-proxy string[optional] The HTTP proxy URL including protocol and port number. e.g. ‘http://proxy-server-ip:proxy-port
-r, —max-api-retries int[defaulted] How many times should API calls be retried when the API host is not reachable. (default 3)
—org stringThe Kosli organization.

Examples Use Cases

These examples all assume that the flags --api-token, --org, --host, (and --flow, --trail when required), are set/provided. 
kosli evaluate trail TRAIL --flow FLOW 
	--policy allow-all.rego 
	--show-input --output json | jq '.input' > trail-data.json


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--show-input 
	--output json


cat trail-data.json | kosli evaluate input 
	--policy policy.rego


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--params '{"threshold": 3}'


kosli evaluate input 
	--input-file trail-data.json 
	--policy policy.rego 
	--params @params.json
Last modified on April 9, 2026