What is CrowdControl

CrowdControl is a dependency-free policy language for evaluating rules against structured data. It is intentionally less powerful than CEL, Cedar, or Rego — the design goal is that a security engineer who has never seen a .cc file before can read a policy and understand it in under 30 seconds.

The one-sentence pitch

Write forbid/warn/permit rules, hand them a JSON document, get back a list of which rules fired and why.

forbid "no-draft-production" {
  pr.draft == true
  project.workspace == "production"
  message "draft PRs cannot target production"
}

That's the whole language in one example. No entities. No principals. No action/resource/context model. No logic programming. Just rules against a document.

What it's for

CrowdControl is the right shape when the question you're answering is "is this structured document acceptable?". Common cases:

  • Gating Terraform plans in CI ("no more than 5 destroys without platform team approval")
  • Reviewing GitHub PRs ("infra file changes require infra team")
  • Checking Kubernetes manifests ("no :latest tags in production")
  • Linting config files ("every service must have a owner field")
  • Enforcing change review policies ("drafts can't target production")

What it's not

CrowdControl is not the right shape when:

  • You need entity-based authorization with users, groups, and relationships → use CEDAR, SpiceDB, or OpenFGA.
  • You need a Turing-complete policy engine for arbitrary logic → use Rego / OPA.
  • You need machine-checked proofs about policy semantics → use CEDAR.

See the comparison page for the long version.

Design principles

  1. Readability above all. If a rule needs a two-paragraph comment to explain it, the language has failed.
  2. Zero runtime dependencies. The Go reference is pure stdlib. Every SDK uses only its host language's stdlib.
  3. No domain concepts baked in. CrowdControl evaluates a map[string]any. It has no built-in awareness of Terraform, GitHub, Kubernetes, or anything else. Flatten your data into a JSON doc and write rules against it.
  4. Bounded evaluation. Every rule terminates in time proportional to the input. No recursion, no user-defined functions, no infinite loops.
  5. Explain mode is a first-class feature. When a rule fires (or doesn't), you should be able to see exactly why, annotated with the resolved field values.

What you get

  • A small, readable DSL with a purpose-built grammar
  • A reference Go implementation (library + CLI + LSP)
  • Native SDKs for Python, TypeScript, Ruby, Kotlin, and PHP — all passing the same conformance suite
  • A VS Code extension with syntax highlighting and diagnostics
  • A static schema validator that catches typos and type mismatches before runtime
  • An explain mode that traces every condition in every rule