cel 0.5.0 has been released.
cel is a pure Ruby implementation of Google Common Expression Language,
GitHub - google/cel-spec: Common Expression Language -- specification and binary representation.
The Common Expression Language (CEL) implements common semantics for
expression evaluation, enabling different applications to more easily
interoperate.
require "cel"
# set the environment
env = Cel::Environment.new(name: :string, group: :string)
# parse
ast = env.compile('name.startsWith("/groups/" + group)')
# check
prg = env.program(ast)
# evaluate
prg.evaluate(name: Cel::String.new("/groups/acme.co/documents/secret-stuff
"),
group: Cel::String.new("acme.co")) #=> true
# or do it all in one go
env.evaluate('name.startsWith("/groups/" + group)',
name: Cel::String.new("/groups/acme.co/documents/secret-stuff"),
group: Cel::String.new("acme.co")
)
Here are the updates since the last release:
## [0.5.0] - 2025-12-11
### Features
#### Custom extensions
A new `:extensions` kwarg is added to `Cel::Environment.new` which allows
adding custom extensions, in a similar manner as what the standard
extensions (like `math` or `string`) are done:
module Ext
# defines a random function which takes no arguments and returns 42
end
Cel::Environment.new.evaluate("ext.random()") #=> raises error
Cel::Environment.new(extensions: { ext: Ext }).evaluate("ext.random()")
#=> 42
### Backwards Compatibility
The ractor safety introduced in 0.4.1 has been relaxed in order to allow
extensions of core classes by custom extensions, And you'll need to
explicitly call `Cel.freeze` before using `cel` inside ractors.
This is a direct consequence of how extensions patch `cel` core classes.
ATTENTION: Changes may be introduced in the way core classes are patched
by extensions, towards making `cel` ractor-safe by default. If you rely on
custom extensions, do follow the migration instructions in
subsequent releases.
### Bugfixes
Fixed checker type inference when using nexted expressions (like when
using the `bind` extensions to evaluate cel sub-expressions).
## [0.4.1] - 2025-11-25
### Improvements
* Literal class can now mark which methods are CEL directives, the
remainder being lib private helpers.
* `cel` is now ractor compatible.
* Documentation on how to support abstract types has been added.
### Security
A remote execution attack vector has been fixed, which allowed executing
arbitrary Ruby code within a CEL expression when calling functions on a
variable declared as a CEL map. Example:
env = Cel::Environment.new(declarations: { webhook: :map })
env.evaluate("webhook.payload.send('eval', 'File.write(\"test.txt\",
\"Hello, world!\")')", webhook: { payload: {} })