February 18, 2026
Tiny language, big feelings
Show HN: CEL by Example
From 'why not OPA?' to 'do we need a new language?'
TLDR: CEL is a small rules language for checking data, shown with simple real-world examples. The crowd split fast: OPA fans aren’t budging, skeptics mocked the “not Turing-complete” pitch, and others asked if CEL could be a config language—making it a surprisingly spicy debate over how we write policies.
Show HN drops a guided tour of CEL—a tiny rules language used in Kubernetes, Google Cloud, and more—by filtering a sample user (“Alice”) with checks like age, email domain, roles, and timestamps. Neat, fast, safe… and immediately controversial. The top chorus: “Why switch if I’m comfy with OPA?” One skeptic, d4mi3n, said they hadn’t seen a reason to leave the Open Policy Agent world, turning the thread into an OPA vs CEL cage match.
Then came the hot philosophy takes. IshKebab torched the marketing line about CEL not being “Turing-complete,” calling it irrelevant and accusing the pitch of smuggling in “it won’t run forever” vibes. That sparked a mini seminar on why tiny domain languages exist at all. Meanwhile, hamandcheese wanted CEL to import files like Jsonnet, hoping it could be a general-purpose config tool; others reminded them CEL’s sweet spot is evaluating expressions, not building whole configs.
There were nerd daydreams too: bossyTeacher wished for CEL-like checks at compile time in languages like Scala or Swift, name-dropping Idris as a proof-of-concept for type-level wizardry. One commenter even claimed healthcare’s FHIR uses CEL-like path expressions—fuel for the “it’s everywhere” hype. In between, folks joked that Alice’s “admin:write” list looked like a permission-themed Starbucks order. Want rules? CEL delivers. Want drama? The comments deliver more
Key Points
- •CEL is an expression language that evaluates against values, Protobuf messages, or JSON objects.
- •It is described as fast, portable, and safe, with use in Kubernetes admission control, Google Cloud IAM, Firebase rules, Envoy Proxy routing, and Protovalidate constraints.
- •Examples show basic comparisons, string operations, and collection handling using in, exists, and filter.
- •CEL supports native time operations (timestamp subtraction and duration comparison) and logical/conditional operators.
- •CEL can transform data structures, building maps and mapping/filtering lists to produce derived outputs.