Protobuf Rules Gen

This is an experimental protoc plugin that generates Firebase Rules for Cloud Firestore based on Google's Protocol Buffer format. This allows you to easily validate your data in a platform independent manner.
Alternatives To Protobuf Rules Gen
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
5 months ago77apache-2.0Kotlin
The Google I/O Android App
React Native Firebase10,85143796 days ago184September 17, 202266otherJavaScript
🔥 A well-tested feature-rich modular Firebase implementation for React Native. Supports both iOS & Android platforms for all Firebase services.
6 days ago6August 23, 202054otherTypeScript
Low-code backend platform. Manage database on spreadsheet-like UI and build cloud functions workflows in JS/TS, all in your browser.
Flutter Tutorials4,612
a month ago50mitDart
The repo contains the source code for all the tutorials on the FilledStacks Youtube channel.
Firebase Js Sdk4,471
2 days ago589otherTypeScript
Firebase Javascript SDK
React Firebase Starter4,45725 months ago25July 22, 2016135mitJavaScript
Boilerplate (seed) project for creating web apps with React.js, GraphQL.js and Relay
Wild Workouts Go Ddd Example4,047
a month ago28mitGo
Go DDD example application. Complete project to show how to apply DDD, Clean Architecture, and CQRS by practical refactoring.
Vuefire3,538149625 days ago47December 07, 202035mitTypeScript
🔥 Firebase bindings for Vue.js
Reactfire3,30888285 months ago165August 19, 202270mitTypeScript
Hooks, Context Providers, and Components that make it easy to interact with Firebase.
React Redux Firebase2,543795264 months ago165November 23, 2021173mitJavaScript
Redux bindings for Firebase. Includes React Hooks and Higher Order Components.
Alternatives To Protobuf Rules Gen
Select To Compare

Alternative Project Comparisons

Firebase Rules Protobuf Validation

Build Status

Quick Note

This is an experimental plugin for Security Rules, which means you should always validate these by hand before you decide to deploy these to a production environment.


Status: Experimental

This repository is maintained by Googlers but is not a supported Firebase product. Issues here are answered by maintainers and other community members on GitHub on a best-effort basis.


This is an experimental protoc plugin that generates Firebase Rules for Cloud Firestore based on Google's Protocol Buffer format.

This allows you to easily validate your data in a platform independent manner.

Here is a quick example:

syntax = "proto2";
package tutorial;

message Person {
  required string name = 1;
  optional string email = 2;

  enum PhoneType {
    MOBILE = 0;
    HOME = 1;
    WORK = 2;
  message PhoneNumber {
    optional string number = 1;
    optional PhoneType type = 2;

  optional PhoneNumber phone = 3;

This plugin generates the following Firebase Rules function that can be used to validate your incoming data.

// @@[email protected]@
function isPersonMessage(resource) {
  return resource.keys().hasAll(['name']) &&
          (resource.keys().hasOnly(['name','phone','email'])) &&
          (( is string)) &&
          ((!resource.keys().hasAny(['email'])) || ( is string)) &&
          ((!resource.keys().hasAny(['phone'])) || (isPerson_PhoneNumberMessage(;
function isPerson_PhoneNumberMessage(resource) {
  return resource.keys().hasAll([]) &&
          (resource.keys().hasOnly(['type','number'])) &&
          ((!resource.keys().hasAny(['number'])) || (resource.number is string)) &&
          ((!resource.keys().hasAny(['type'])) || (isPerson_PhoneTypeEnum(resource.type)));
function isPerson_PhoneTypeEnum(resource) {
  return resource == 0 ||
          resource == 1 ||
          resource == 2;
// @@[email protected]@

// Start your rules (these don't get generated!)
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read: if request.auth.uid == userId;
      allow write: if isPersonMessage( &&
                      request.auth.uid == userId;


To use this protoc plugin once you have your protocol buffers defined, follow these steps:

  1. Make sure to install the latest version of protoc
  2. Download the latest release from GitHub
  3. Either put the plugin binary on your $PATH or use the --plugin=protoc-gen-firebase_rules=./path/to/protoc-gen-firebase_rules option
  4. Invoke the protoc tool using the --firebase_rules_out=./directory flag to output your firestore.rules file with generated functions
  5. If you're importing "firebase_rules_options.proto" like the below example the --proto_path=./directory flag will need to be added to include the directory of the firebase_rules_options.proto file along with the protobuf files from the src directory of the Google Protobuf repo. An more indepth discussion of this can be found in this issue.

If you run into trouble feel free to check out our script or file an issue

Advanced Usage

syntax = "proto3";
package tutorial;

import "firebase_rules_options.proto";

option (google.firebase.rules.firebase_rules).full_package_names = true;

message Person {
  string name = 1;
  string email = 2 [(google.firebase.rules.firebase_rules_field).validate =

  enum PhoneType {
    option (google.firebase.rules.firebase_rules_enum).string_values = true;
    MOBILE = 0;
    HOME = 1;
    WORK = 2;

  message PhoneNumber {
    string number = 1;
    PhoneType type = 2;
    option (google.firebase.rules.firebase_rules_message).extra_properties =

  PhoneNumber phone = 3;

  // Currently, we can only check this is a list :(
  repeated string starred_websites = 4;

  // This message must have either a phone or an email.
  option (google.firebase.rules.firebase_rules_message).validate =
      "resource.keys().hasAny(['email', 'phone'])";

This would generate the following functions.

// @@[email protected]@
function istutorial_PersonMessage(resource) {
  return resource.keys().hasAll([]) &&
          (resource.keys().hasOnly(['starredWebsites','phone','email','name'])) &&
          ((!resource.keys().hasAny(['name'])) || ( is string)) &&
          ((!resource.keys().hasAny(['email'])) || ( is string && ('.*@domain\.com')))) &&
          ((!resource.keys().hasAny(['phone'])) || (istutorial_Person_PhoneNumberMessage( &&
          ((!resource.keys().hasAny(['starredWebsites'])) || (resource.starredWebsites is list)) &&
          (resource.keys().hasAny(['email', 'phone']));
function istutorial_Person_PhoneNumberMessage(resource) {
  return resource.keys().hasAll([]) &&
          ((!resource.keys().hasAny(['number'])) || (resource.number is string)) &&
          ((!resource.keys().hasAny(['type'])) || (istutorial_Person_PhoneTypeEnum(resource.type)));
function istutorial_Person_PhoneTypeEnum(resource) {
  return resource == 'MOBILE' ||
          resource == 'HOME' ||
          resource == 'WORK';
// @@[email protected]@

// Start your rules...

Standalone usage

  1. Install Bazel.

  2. Build with bazel build //...

  3. A sample invocation of the plugin, protoc-gen-firebase_rules, is available in This script can be run from the command line.

Using with bazel

It's easy to use protobuf_rules_gen if your project already uses Bazel.

  1. Add protobuf_rules_gen to your WORKSPACE:
proto_gen_firebase_rules_commit = "TODO"
    name = "proto_gen_firebase_rules",
    sha256 = "TODO",
    strip_prefix = "protobuf-rules-gen-" + proto_gen_firebase_rules_commit,
    url = "" + proto_gen_firebase_rules_commit + ".tar.gz",

load("@proto_gen_firebase_rules//bazel:repositories.bzl", "protobuf_rules_gen_repositories")
  1. Update your BUILD file:
load("@proto_gen_firebase_rules//bazel:defs.bzl", "firestore_rules_proto_library", "firestore_rules_binary")

There are three rules available:

  • firestore_rules_proto_library generates a .rules file from the protobuf schema
  • firestore_rules_binary combines multiple .rules files (e.g. the auto generated rules with your ACLs that use them)
  • firestore_rules_library wraps up one or more .rules files so that a firestore_rules_binary can depend on it.

See example/BUILD for an example of how to use these rules.


  1. Build the proto-gen-firebase_rules binary via bazel build //...

  2. Ensure all the tests pass via bazel test //...

  3. Build a binary for each platform (windows, linux, and darwin).

  4. Tag a GitHub release and attach each prebuilt binary to the release.


protobuf-rules-gen was initiated with ❤️️ by Tyler Rockwood.


This is not an official Google product (experimental or otherwise), it is just code that happens to be owned by Google.

Popular Firestore Projects
Popular Firebase Projects
Popular Data Storage Categories

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
C Plus Plus
Protocol Buffers