Skip to main content

rego_type_error: unsafe built-in function calls in expression: {name}

compilationrego_type_errorunsafe built-in function calls in expression: {name} (where name is the reference to a built-in function)


This error is only surfaced when a capabilities configuration has been provided to the OPA compiler (via opa eval or other commands). This is commonly used to restrict certain built-ins from being used in environments where it's not deemed safe to allow them to execute. The likely most well-known example is the Rego Playground, where the http.send function is disabled due to security concerns. If you're seeing this error elsewhere, it's likely that whoever configured the OPA instance for your system thought it would be a good idea to put certain restrictions in place.

How To Fix It

Check the capabilities configuration provided to OPA when executed, and the --capabilities flag in particular. If you're encountering this on the Rego Playground, simply run the policy on your own machine using e.g. opa eval or opa run instead.


For questions, discussions and announcements related to OPA, or Styra products, services and open source projects, please join the Styra Community on Slack.