cel/celv2: Add path to context, add is_platform_binary/team_id to target (#99)

russellhancox · web-flow · commit fa0ad3f19cd1 · 2026-03-16T23:20:46.000-04:00
diff --git a/cel/v1.proto b/cel/v1.proto
@@ -66,7 +66,12 @@ message ExecutionContext {
   string cwd = 5;
 
   // Provided by cel v2
-  reserved 6;
+  reserved 6, 7;
+
+  // The path that the executable was run from. This will be the
+  // full resolved path.
+  // Using this field will prevent the result from being cached.
+  string path = 8;
 }
 
 // The fields in this message are provided to the CEL program and are static,
@@ -93,4 +98,10 @@ message ExecutableFile {
 
   // Provided by cel v2
   reserved 4;
+
+  // Whether or not this executable is a platform binary.
+  bool is_platform_binary = 5;
+
+  // The team ID of the binary, if it is validly signed.
+  string team_id = 6;
 }
diff --git a/celv2/v2.proto b/celv2/v2.proto
@@ -78,6 +78,11 @@ message ExecutionContext {
   // The file descriptors associated with this process.
   // Using this field will prevent the result from being cached.
   repeated FileDescriptor fds = 7;
+
+  // The path that the executable was run from. This will be the
+  // full resolved path.
+  // Using this field will prevent the result from being cached.
+  string path = 8;
 }
 
 // The fields in this message are provided to the CEL program and are static,
@@ -107,6 +112,12 @@ message ExecutableFile {
   // either a boolean or a JSON object so when comparing boolean values be sure
   // to use boolean strings "true" or "false".
   map<string, string> entitlements = 4;
+
+  // Whether or not this executable is a platform binary.
+  bool is_platform_binary = 5;
+
+  // The team ID of the binary, if it is validly signed.
+  string team_id = 6;
 }
 
 message Ancestor {
