Lock in launch-day pricing; join the waitlist before general availability.

Schema Reference

Complete syntax reference for the Infera Policy Language.

Keywords

Keyword Usage
type Declare an entity type
relation Declare a relation (direct or computed)
forbid Declare an explicit deny rule
this Reference direct tuples for this relation
from Computed userset — follow relationship, check relation on target
module Invoke a WASM module

Grammar

IPL uses a PEG grammar. Formal definition: engine/crates/core/src/ipl.pest.

Identifiers

Start with a letter (a-z, A-Z), followed by letters, digits, or underscores. Case-sensitive.

Type Definitions

type <identifier> {
    (relation <identifier> [= <expression>])*
    (forbid <identifier> [= <expression>])*
}

Expression Syntax

Ordered by precedence (lowest to highest):

Expression Syntax Description
Union a \| b OR — any branch grants access
Intersection a & b AND — all branches required
Exclusion a - b Set difference — a minus b
Parenthesized (expr) Grouping
Direct reference this Explicit tuples for this relation
Relation reference <name> Another relation on the same type
Computed userset <relation> from <relationship> Follow relationship, check relation on target
Related object <relationship>-><computed> Follow relationship, evaluate computed on target
WASM module module("<name>") Invoke sandboxed module

AST Nodes

Parser output types:

  • Schema { types: Vec<TypeDef> }
  • TypeDef { name, relations: Vec<RelationDef>, forbids: Vec<ForbidDef> }
  • RelationDef { name, expr: Option<RelationExpr> }None means direct-only
  • RelationExpr::Union(Vec<RelationExpr>)
  • RelationExpr::Intersection(Vec<RelationExpr>)
  • RelationExpr::Exclusion { base, subtract }
  • RelationExpr::This
  • RelationExpr::RelationRef { relation }
  • RelationExpr::ComputedUserset { relation, relationship }
  • RelationExpr::RelatedObjectUserset { relationship, computed }
  • RelationExpr::WasmModule { module_name }

Evaluation Semantics

Order of Evaluation

  1. Forbid rules evaluate first. Any match returns DENY immediately.
  2. Permit rules evaluate with short-circuit: union stops at first Allow, intersection stops at first Deny.
  3. Union and intersection branches evaluate concurrently across threads.

Query Cost Estimation

Expression Cost
Direct lookup (this) 1
Relation reference 5
WASM module 8
Tuple-to-userset 10

Cycle Detection

Circular relation references are rejected during validation. Runtime cycles terminate with an error.

Complete Example

type user {}

type team {
    relation member
    relation admin
}

type organization {
    relation admin
    relation member
    relation can_manage = admin
}

type folder {
    relation parent
    relation viewer
    relation editor
    relation can_view = viewer | editor | viewer from parent
    relation can_edit = editor
}

type document {
    relation parent
    relation viewer
    relation editor
    relation owner
    forbid suspended
    relation can_view = viewer | editor | owner | viewer from parent
    relation can_edit = editor | owner
    relation can_delete = owner
    relation can_share = owner & module("check_sharing_policy")
}
Edit on GitHub (opens in new tab)