Diff two Rego policies
rego_policy_diffCompare two Rego policies by running the same query on both and highlighting differences in results. Identify changed paths to verify refactoring correctness or pinpoint policy divergence.
Instructions
Evaluate the same query against two policies (or two versions of the same policy) and compare the results. Both evaluations run in parallel. Returns equal: true/false, the raw result from each side, and changedPaths -- the dot/bracket paths that differ. Useful for verifying that a refactor preserves behavior, or understanding exactly where two policies diverge. Each side takes either inline source (sourceA/sourceB) or a file/directory path (pathA/pathB). The same input and query are used for both evaluations.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| input | No | Inline input document (JSON). Mutually exclusive with inputPath. | |
| pathA | No | File or directory path for policy A. Must be inside an allowed root. Mutually exclusive with sourceA. | |
| pathB | No | File or directory path for policy B. Must be inside an allowed root. Mutually exclusive with sourceB. | |
| query | Yes | The query to evaluate against both policies, e.g. "data.example.allow". | |
| sourceA | No | Inline Rego source for policy A. Mutually exclusive with pathA. | |
| sourceB | No | Inline Rego source for policy B. Mutually exclusive with pathB. | |
| dataPaths | No | Additional data or policy paths loaded for both evaluations. Each must be inside an allowed root. | |
| inputPath | No | Path to a JSON input file. Must be inside an allowed root. Mutually exclusive with input. |