# Rego Inline Policies This page presents the API specifications between inline policies scripted in Rego for jobs in workflows, and the Shisho Cloud. ## API for `jobs[].decide.rego` Inline policies set in `jobs[].decide.rego` carry out the inspection and auditing roles within the "Data Acquisition → Inspection/Audit → Notification & Recording of Results" functionalities of a [workflow](/docs/g/concepts/workflow.md). ![](/docs/_md-assets/45d0c0b173-how-workflows-work.png) ### Package Name There are no restrictions. You can define any package name you desire. ```rego package arbitrary.name.could.be.specified ``` ### Inputs for Policy Execution Certain inputs are provided for the inline policy specified in `jobs[].decide.rego`. #### `input` The `input` variable carries the data retrieved by the GraphQL query detailed in `jobs[].decide.input.schema`. :::info Suppose the GraphQL query is like this: ```graphql query { github { organizations { login requiresTwoFactorAuthentication } } } ``` In this situation, an object like the following is stored in the `input` variable accessible within the inline policy: ```json { "github": { "organizations": [ { "login": "octcat", "requiresTwoFactorAuthentication": true }, { "login": "your-org-name", "requiresTwoFactorAuthentication": false } ] } } ``` You can access the above object in the inline policy like this: ```rego org := input.github.organizations[_] ``` ::: #### `data.shisho` The `data.shisho` variable contains the definitions in the [official Shisho Cloud Rego library](https://github.com/flatt-security/shisho-cloud-rego-libraries). :::info For example, if you wish to access the [package_known_vulnerability function in the shisho.decision.dependency package](https://github.com/flatt-security/shisho-cloud-rego-libraries/blob/ed057664c7f687432af8b16530a3aaf7617e841e/decision/dependency/package.gen.rego#L48), you can define your Rego policy like this: ```rego import data.shisho x := shisho.decision.dependency.package_known_vulnerability(...) ``` ::: ### Expected Policy Outputs #### `decisions` Variable Inline policies must store a List of _Decision_ structured data in `decisions`. Through this, the results of the policy's inspection/audit can be conveyed to Shisho Cloud. :::info Inside the [official Shisho Cloud Rego library](https://github.com/flatt-security/shisho-cloud-rego-libraries), you can use functions with the `description` of `"Emits a decision..."` to conveniently generate a `decision` with a specific `kind`. ::: ## API for `jobs[].notify.rego` ### Package Name There are no limitations. You can define any package name you desire. ### Inputs for Policy Execution #### `input.query` The data retrieved by the GraphQL query described in `jobs[].notify.input.schema` is stored. #### `input.organization_id` The ID of the organization executing the workflow is stored. #### `input.workflow_id` It stores the workflow's ID. #### `input.job_id` The ID of the job where the inline policy is prescribed is stored. #### `input.decisions` The `decisions` generated by the `decide` block of the job with the designated inline policy are stored. #### `input.running_state` The running state of the job that has the prescribed inline policy is stored. :::info Under [shisho.job](https://github.com/flatt-security/shisho-cloud-rego-libraries/blob/main/job/running_state.rego), the potential values that this variable can hold are defined as constants. ::: #### `input.exit_code` The exit status of the job that has the designated inline policy is stored. :::info Under [shisho.job](https://github.com/flatt-security/shisho-cloud-rego-libraries/blob/main/job/exit_code.rego), the potential values that this variable can hold are defined as constants. ::: #### `data.shisho` The `data.shisho` variable contains the definitions stored in the [official Shisho Cloud Rego library](https://github.com/flatt-security/shisho-cloud-rego-libraries). ### Expected Policy Outputs #### `notifications` Variable Inline policies should store a List of _Notification_ structured data in `notifications`. This mechanism allows the inline policy to instruct Shisho Cloud to send notifications. :::info You can easily create a _Notification_ object using the `shisho.notification.new()` function in the [official Shisho Cloud Rego library](https://github.com/flatt-security/shisho-cloud-rego-libraries). :::