> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt
> Use this file to discover all available pages before exploring further.
# Builtin functions for Rego policies
In addition to the [Rego builtin functions](https://www.openpolicyagent.org/docs/policy-reference/builtins), Chainloop's Rego engine has been enhanced with additional functions that can be used to interact with Chainloop APIs and features.
All API calls to Chainloop services will use the same authentication context configured in the CLI (by using `chainloop auth login` or `CHAINLOOP_TOKEN`).
This is the list of APIs supported currently:
#### chainloop.discover
Calls Chainloop's Discover API. It's the same as `chainloop discover --digest sha256:foobar`
**Usage**: `chainloop.discover(digest, kind)`
**Arguments**:
* `digest` (string): artifact digest in the form of `sha256:foobar`
* `kind` (string, optional): optional filter by [kind](/concepts/material-types) to disambiguate
**Returns**: same payload as [`chainloop discover`](/command-line-reference/cli-ee-reference#chainloop-discover) CLI call. A JSON with the artifact metadata and the list of referenced artifacts. Example:
```json theme={"dark"}
{
"digest": "sha256:79261a7ebb2955f1c54c092bee6ee0e16ad6d096ed51f599412a50b356b247c9",
"kind": "CONTAINER_IMAGE",
"downloadable": false,
"public": true,
"createdAt": "2025-11-19T10:37:45.937172Z",
"references": [
{
"digest": "sha256:5319f1abba10ae602a92c0e4b5bfd6e59e6dcadaae68c57f0b55cc7ff96d7e57",
"kind": "ATTESTATION",
// ... other metadata
},
{
"digest": "sha256:d0d10a109a55c16118c622daefd276a5641be81bb024e1f30eedbef3eb9b9c49",
"kind": "ATTESTATION",
// ... other metadata
},
{
"digest": "sha256:ad71aa55f6016aa83a1418bdb1337a889f1df47173ec640813911f0cbb00d3b1",
"kind": "ATTESTATION",
// ... other metadata
}
]
}
```
#### chainloop.evidence
Lists evidence stored in the platform by querying the Evidence service (see **[API Reference](/api-reference/overview) - EvidenceService/List**). Use this to retrieve evidence metadata across projects and workflows for compliance validation.
This feature is only available on Chainloop's platform [paid plans](https://chainloop.dev/pricing).
**Usage**: `chainloop.evidence(filters)`
**Arguments**:
* `filters` (object): filter object with optional fields:
* `project_name` (string, optional): name of the project to filter by
* `project_version_name` (string, optional): name of the project version to filter by
* `kind` (array of strings, optional): array of [material types](/concepts/material-types) to filter by (e.g., `["SBOM_CYCLONEDX_JSON", "HELM_CHART"]`)
* `workflow_name` (array of strings, optional): array of workflow names to filter by
* `search` (string, optional): search term to filter evidence by name or subject name
* `latest` (boolean, optional): if true, only the latest evidence for each kind and name is returned
* `hide_attestation` (boolean, optional): if true, excludes attestation evidence from the results
* `product_id` (string, optional): ID of the product to filter evidence by
* `product_version_id` (string, optional): ID of the product version to filter evidence by
* `limit` (number, optional): maximum number of results to return per page
**Returns**: object with evidence data. Example:
```json theme={"dark"}
{
"results": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "my-helm-chart",
"digest": "sha256:abc123...",
"kind": "HELM_CHART",
"subject_name": "myapp",
"subject_version": "1.0.0",
"annotations": {
"key": "value"
},
"organization_id": "660e8400-e29b-41d4-a716-446655440000",
"organization_name": "My Org",
"workflow_id": "770e8400-e29b-41d4-a716-446655440000",
"workflow_name": "build-pipeline",
"workflow_run_id": "880e8400-e29b-41d4-a716-446655440000",
"project_id": "990e8400-e29b-41d4-a716-446655440000",
"project_name": "my-project",
"project_version_id": "aa0e8400-e29b-41d4-a716-446655440000"
}
]
```
**Example usage**:
```rego theme={"dark"}
violations contains msg if {
ev := chainloop.evidence({
"project_name": input.args.project_name,
"kind": ["HELM_CHART"],
})
count(evidences.results) == 0
msg := sprintf("No HELM_CHART found for project '%s'", [input.args.project_name])
}
```
#### chainloop.project\_compliance
Retrieves project-level compliance data (see **[API Reference](/api-reference/overview) - ComplianceService/Get project-level compliance evaluation**) for all requirements. Use this to check compliance status for a project version.
This feature is only available on Chainloop's platform [paid plans](https://chainloop.dev/pricing).
**Usage**: `chainloop.project_compliance(filters)`
**Arguments**:
* `filters` (object): filter object with:
* `project_version_id` (string, required): UUID of the project version to check compliance for
* `framework_ids` (optional): array of framework IDs. If not provided, returns requirements from all frameworks associated with the project version
* `limit` (number, optional): maximum number of results to return per page
**Returns**: object with compliance evaluation data. Example:
```json theme={"dark"}
{
"evaluations": [
{
"requirement_id": "bb0e8400-e29b-41d4-a716-446655440000",
"requirement_version_id": "cc0e8400-e29b-41d4-a716-446655440000",
"requirement_revision": 1,
"name": "sbom-required",
"display_name": "SBOM Required",
"description": "All builds must generate an SBOM",
"project_version_id": "dd0e8400-e29b-41d4-a716-446655440000",
"framework_id": "ee0e8400-e29b-41d4-a716-446655440000",
"status": "fail",
"created_at": "2025-12-10T10:00:00Z"
}
]
}
```
**Example usage**:
```rego theme={"dark"}
violations contains msg if {
ev := chainloop.project_compliance({
"project_version_id": input.args.project_version_id,
})
some eval in ev.evaluations
eval.status == "fail"
msg := sprintf("Requirement '%s' is failing in project", [eval.name])
}
```
#### chainloop.evidence\_prompt
Evaluates evidence using AI-powered analysis. The function sends evidence content along with a prompt to an AI agent for evaluation, enabling automated compliance checks such as license analysis, vulnerability assessment, or custom validation logic.
This feature is only available on Chainloop's platform [paid plans](https://chainloop.dev/pricing).
**Usage**: `chainloop.evidence_prompt(evidence, prompt)`
**Arguments**:
* `evidence` (string): CAS digest (`sha256:...`) or raw evidence content to evaluate
* `prompt` (string): the prompt to be passed on to the AI agent for evaluation
**Returns**: response object with the AI evaluation result. Example:
```json theme={"dark"}
{
"skipped": false,
"violations": [
"License 'AGPL-3.0' found in component 'libfoo' is not approved"
]
}
```
When the AI analysis is skipped (e.g., if the feature is not enabled), `skipped` will be `true` and `violations` will be empty.
**Example usage**:
```rego theme={"dark"}
# Call the evidence_prompt built-in function
prompt_result := chainloop.evidence_prompt(material.hash, "Analyze this SBOM for non-OSS licenses")
# Return violations from AI analysis
violations contains violation if {
not prompt_result.skipped
some violation in prompt_result.violations
}
```
#### chainloop.download\_artifact
Downloads an artifact using the Chainloop CAS service. It allows to inject content into policy evaluation context. Note that binary content will be encoded as base64.
This feature is only available on Chainloop's platform [paid plans](https://chainloop.dev/pricing).
**Usage**: `chainloop.download_artifact(digest)`
**Arguments**:
* `digest` (string): CAS digest (`sha256:...`) of the artifact to download
**Returns**: raw artifact content.
**Example usage**:
```rego theme={"dark"}
sbom_content := chainloop.download_artifact(input.args.digest)
parsed := json.unmarshal(sbom_content)
# Return violations from SBOM content
violations contains msg if {
parsed.bomFormat != "CycloneDX"
msg := "Only CycloneDX format is supported"
}
```