eyeling 1.5.31 → 1.5.32

package/README.md

@@ -239,7 +239,7 @@ As soon as the premise is provable, `eyeling` exits with status code `2`.
 - **list**: `list:append` `list:first` `list:firstRest` `list:in` `list:iterate` `list:last` `list:length` `list:map` `list:member` `list:memberAt` `list:notMember` `list:remove` `list:rest` `list:reverse` `list:sort`
 - **log**: `log:collectAllIn` `log:equalTo` `log:forAllIn` `log:impliedBy` `log:implies` `log:notEqualTo` `log:notIncludes` `log:skolem` `log:uri`
 - **math**: `math:absoluteValue` `math:acos` `math:asin` `math:atan` `math:cos` `math:cosh` `math:degrees` `math:difference` `math:equalTo` `math:exponentiation` `math:greaterThan` `math:integerQuotient` `math:lessThan` `math:negation` `math:notEqualTo` `math:notGreaterThan` `math:notLessThan` `math:product` `math:quotient` `math:remainder` `math:rounded` `math:sin` `math:sinh` `math:sum` `math:tan` `math:tanh`
-- **string**: `string:concatenation` `string:contains` `string:containsIgnoringCase` `string:endsWith` `string:equalIgnoringCase` `string:format` `string:greaterThan` `string:lessThan` `string:matches` `string:notEqualIgnoringCase` `string:notGreaterThan` `string:notLessThan` `string:notMatches` `string:replace` `string:scrape` `string:startsWith`
+- **string**: `string:concatenation` `string:contains` `string:containsIgnoringCase` `string:endsWith` `string:equalIgnoringCase` `string:format` `string:greaterThan` `string:jsonPointer` `string:lessThan` `string:matches` `string:notEqualIgnoringCase` `string:notGreaterThan` `string:notLessThan` `string:notMatches` `string:replace` `string:scrape` `string:startsWith`
 - **time**: `time:localTime`
 
 ## License

package/examples/json-pointer.n3

@@ -0,0 +1,69 @@
+@prefix string: <http://www.w3.org/2000/10/swap/string#> .
+@prefix list:   <http://www.w3.org/2000/10/swap/list#> .
+@prefix log:    <http://www.w3.org/2000/10/swap/log#> .
+@prefix ex:     <http://example.org/> .
+
+ex:doc ex:json """{
+  "users": [
+    { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+    { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+  ],
+  "policy": { "allowedDomains": ["example.org", "example.com"] }
+}""" .
+
+# Sanity check: key contains "/" so JSON Pointer must use "~1"
+{
+  ex:doc ex:json ?J .
+  (?J "/users/0/profile~1name") string:jsonPointer "Ada Lovelace" .
+} => {
+  ex:checks ex:firstUserNameOk true .
+} .
+
+# Allowed users: email domain is in policy.allowedDomains
+{
+  ex:doc ex:json ?J .
+  (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+  (?J "/users")                string:jsonPointer ?Users .
+
+  ?Users list:iterate (?Idx ?UserJson) .
+  (?UserJson "/id")            string:jsonPointer ?Id .
+  (?UserJson "/email")         string:jsonPointer ?Email .
+  (?UserJson "/profile~1name") string:jsonPointer ?Name .
+
+  (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+  ?Allowed list:member ?EmailDomain .
+
+  ("urn:example:user:%s" ?Id) string:format ?UriStr .
+  ?User log:uri ?UriStr .
+} => {
+  ?User a ex:AllowedUser ;
+        ex:name ?Name ;
+        ex:email ?Email ;
+        ex:emailDomain ?EmailDomain ;
+        ex:userIndex ?Idx .
+} .
+
+# Blocked users: email domain is NOT in the allowlist
+{
+  ex:doc ex:json ?J .
+  (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+  (?J "/users")                string:jsonPointer ?Users .
+
+  ?Users list:iterate (?Idx ?UserJson) .
+  (?UserJson "/id")            string:jsonPointer ?Id .
+  (?UserJson "/email")         string:jsonPointer ?Email .
+  (?UserJson "/profile~1name") string:jsonPointer ?Name .
+
+  (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+  ?Allowed list:notMember ?EmailDomain .
+
+  ("urn:example:user:%s" ?Id) string:format ?UriStr .
+  ?User log:uri ?UriStr .
+} => {
+  ?User a ex:BlockedUser ;
+        ex:name ?Name ;
+        ex:email ?Email ;
+        ex:emailDomain ?EmailDomain ;
+        ex:userIndex ?Idx .
+} .
+

package/examples/output/json-pointer.n3

@@ -0,0 +1,800 @@
+@prefix ex: <http://example.org/> .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   ex:checks ex:firstUserNameOk true .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users/0/profile~1name") string:jsonPointer "Ada Lovelace" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/users/0/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   } => {
+#     ex:checks ex:firstUserNameOk true .
+#   } .
+# with substitution (on rule variables):
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+ex:checks ex:firstUserNameOk true .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u1> a ex:AllowedUser .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (0 """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/id") string:jsonPointer "u1" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/email") string:jsonPointer "ada@example.org" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   ("ada@example.org" "@([^@]+)$") string:scrape "example.org" .
+#   ("example.org" "example.com") list:member "example.org" .
+#   ("urn:example:user:%s" "u1") string:format "urn:example:user:u1" .
+#   <urn:example:user:u1> log:uri "urn:example:user:u1" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ?Allowed list:member ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#   } => {
+#     ?User a ex:AllowedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "ada@example.org"
+#   ?EmailDomain = "example.org"
+#   ?Id = "u1"
+#   ?Idx = 0
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Ada Lovelace"
+#   ?UriStr = "urn:example:user:u1"
+#   ?User = <urn:example:user:u1>
+#   ?UserJson = """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u1> a ex:AllowedUser .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u1> ex:name "Ada Lovelace" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (0 """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/id") string:jsonPointer "u1" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/email") string:jsonPointer "ada@example.org" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   ("ada@example.org" "@([^@]+)$") string:scrape "example.org" .
+#   ("example.org" "example.com") list:member "example.org" .
+#   ("urn:example:user:%s" "u1") string:format "urn:example:user:u1" .
+#   <urn:example:user:u1> log:uri "urn:example:user:u1" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ?Allowed list:member ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#   } => {
+#     ?User a ex:AllowedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "ada@example.org"
+#   ?EmailDomain = "example.org"
+#   ?Id = "u1"
+#   ?Idx = 0
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Ada Lovelace"
+#   ?UriStr = "urn:example:user:u1"
+#   ?User = <urn:example:user:u1>
+#   ?UserJson = """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u1> ex:name "Ada Lovelace" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u1> ex:email "ada@example.org" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (0 """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/id") string:jsonPointer "u1" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/email") string:jsonPointer "ada@example.org" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   ("ada@example.org" "@([^@]+)$") string:scrape "example.org" .
+#   ("example.org" "example.com") list:member "example.org" .
+#   ("urn:example:user:%s" "u1") string:format "urn:example:user:u1" .
+#   <urn:example:user:u1> log:uri "urn:example:user:u1" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ?Allowed list:member ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#   } => {
+#     ?User a ex:AllowedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "ada@example.org"
+#   ?EmailDomain = "example.org"
+#   ?Id = "u1"
+#   ?Idx = 0
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Ada Lovelace"
+#   ?UriStr = "urn:example:user:u1"
+#   ?User = <urn:example:user:u1>
+#   ?UserJson = """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u1> ex:email "ada@example.org" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u1> ex:emailDomain "example.org" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (0 """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/id") string:jsonPointer "u1" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/email") string:jsonPointer "ada@example.org" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   ("ada@example.org" "@([^@]+)$") string:scrape "example.org" .
+#   ("example.org" "example.com") list:member "example.org" .
+#   ("urn:example:user:%s" "u1") string:format "urn:example:user:u1" .
+#   <urn:example:user:u1> log:uri "urn:example:user:u1" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ?Allowed list:member ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#   } => {
+#     ?User a ex:AllowedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "ada@example.org"
+#   ?EmailDomain = "example.org"
+#   ?Id = "u1"
+#   ?Idx = 0
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Ada Lovelace"
+#   ?UriStr = "urn:example:user:u1"
+#   ?User = <urn:example:user:u1>
+#   ?UserJson = """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u1> ex:emailDomain "example.org" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u1> ex:userIndex 0 .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (0 """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/id") string:jsonPointer "u1" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/email") string:jsonPointer "ada@example.org" .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" "/profile~1name") string:jsonPointer "Ada Lovelace" .
+#   ("ada@example.org" "@([^@]+)$") string:scrape "example.org" .
+#   ("example.org" "example.com") list:member "example.org" .
+#   ("urn:example:user:%s" "u1") string:format "urn:example:user:u1" .
+#   <urn:example:user:u1> log:uri "urn:example:user:u1" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ?Allowed list:member ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#   } => {
+#     ?User a ex:AllowedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "ada@example.org"
+#   ?EmailDomain = "example.org"
+#   ?Id = "u1"
+#   ?Idx = 0
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Ada Lovelace"
+#   ?UriStr = "urn:example:user:u1"
+#   ?User = <urn:example:user:u1>
+#   ?UserJson = """{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u1> ex:userIndex 0 .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u2> a ex:BlockedUser .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (1 """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/id") string:jsonPointer "u2" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/email") string:jsonPointer "bob@evil.invalid" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/profile~1name") string:jsonPointer "Bob Mallory" .
+#   ("bob@evil.invalid" "@([^@]+)$") string:scrape "evil.invalid" .
+#   ("urn:example:user:%s" "u2") string:format "urn:example:user:u2" .
+#   <urn:example:user:u2> log:uri "urn:example:user:u2" .
+#   ("example.org" "example.com") list:notMember "evil.invalid" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#     ?Allowed list:notMember ?EmailDomain .
+#   } => {
+#     ?User a ex:BlockedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "bob@evil.invalid"
+#   ?EmailDomain = "evil.invalid"
+#   ?Id = "u2"
+#   ?Idx = 1
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Bob Mallory"
+#   ?UriStr = "urn:example:user:u2"
+#   ?User = <urn:example:user:u2>
+#   ?UserJson = """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u2> a ex:BlockedUser .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u2> ex:name "Bob Mallory" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (1 """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/id") string:jsonPointer "u2" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/email") string:jsonPointer "bob@evil.invalid" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/profile~1name") string:jsonPointer "Bob Mallory" .
+#   ("bob@evil.invalid" "@([^@]+)$") string:scrape "evil.invalid" .
+#   ("urn:example:user:%s" "u2") string:format "urn:example:user:u2" .
+#   <urn:example:user:u2> log:uri "urn:example:user:u2" .
+#   ("example.org" "example.com") list:notMember "evil.invalid" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#     ?Allowed list:notMember ?EmailDomain .
+#   } => {
+#     ?User a ex:BlockedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "bob@evil.invalid"
+#   ?EmailDomain = "evil.invalid"
+#   ?Id = "u2"
+#   ?Idx = 1
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Bob Mallory"
+#   ?UriStr = "urn:example:user:u2"
+#   ?User = <urn:example:user:u2>
+#   ?UserJson = """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u2> ex:name "Bob Mallory" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u2> ex:email "bob@evil.invalid" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (1 """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/id") string:jsonPointer "u2" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/email") string:jsonPointer "bob@evil.invalid" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/profile~1name") string:jsonPointer "Bob Mallory" .
+#   ("bob@evil.invalid" "@([^@]+)$") string:scrape "evil.invalid" .
+#   ("urn:example:user:%s" "u2") string:format "urn:example:user:u2" .
+#   <urn:example:user:u2> log:uri "urn:example:user:u2" .
+#   ("example.org" "example.com") list:notMember "evil.invalid" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#     ?Allowed list:notMember ?EmailDomain .
+#   } => {
+#     ?User a ex:BlockedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "bob@evil.invalid"
+#   ?EmailDomain = "evil.invalid"
+#   ?Id = "u2"
+#   ?Idx = 1
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Bob Mallory"
+#   ?UriStr = "urn:example:user:u2"
+#   ?User = <urn:example:user:u2>
+#   ?UserJson = """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u2> ex:email "bob@evil.invalid" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u2> ex:emailDomain "evil.invalid" .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (1 """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/id") string:jsonPointer "u2" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/email") string:jsonPointer "bob@evil.invalid" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/profile~1name") string:jsonPointer "Bob Mallory" .
+#   ("bob@evil.invalid" "@([^@]+)$") string:scrape "evil.invalid" .
+#   ("urn:example:user:%s" "u2") string:format "urn:example:user:u2" .
+#   <urn:example:user:u2> log:uri "urn:example:user:u2" .
+#   ("example.org" "example.com") list:notMember "evil.invalid" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#     ?Allowed list:notMember ?EmailDomain .
+#   } => {
+#     ?User a ex:BlockedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "bob@evil.invalid"
+#   ?EmailDomain = "evil.invalid"
+#   ?Id = "u2"
+#   ?Idx = 1
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Bob Mallory"
+#   ?UriStr = "urn:example:user:u2"
+#   ?User = <urn:example:user:u2>
+#   ?UserJson = """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u2> ex:emailDomain "evil.invalid" .
+
+# ----------------------------------------------------------------------
+# Proof for derived triple:
+#   <urn:example:user:u2> ex:userIndex 1 .
+# It holds because the following instance of the rule body is provable:
+#   ex:doc ex:json """{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/policy/allowedDomains") string:jsonPointer ("example.org" "example.com") .
+#   ("""{
+#     "users": [
+#       { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#       { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }""" "/users") string:jsonPointer ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") list:iterate (1 """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""") .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/id") string:jsonPointer "u2" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/email") string:jsonPointer "bob@evil.invalid" .
+#   ("""{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""" "/profile~1name") string:jsonPointer "Bob Mallory" .
+#   ("bob@evil.invalid" "@([^@]+)$") string:scrape "evil.invalid" .
+#   ("urn:example:user:%s" "u2") string:format "urn:example:user:u2" .
+#   <urn:example:user:u2> log:uri "urn:example:user:u2" .
+#   ("example.org" "example.com") list:notMember "evil.invalid" .
+# via the schematic forward rule:
+#   {
+#     ex:doc ex:json ?J .
+#     (?J "/policy/allowedDomains") string:jsonPointer ?Allowed .
+#     (?J "/users") string:jsonPointer ?Users .
+#     ?Users list:iterate (?Idx ?UserJson) .
+#     (?UserJson "/id") string:jsonPointer ?Id .
+#     (?UserJson "/email") string:jsonPointer ?Email .
+#     (?UserJson "/profile~1name") string:jsonPointer ?Name .
+#     (?Email "@([^@]+)$") string:scrape ?EmailDomain .
+#     ("urn:example:user:%s" ?Id) string:format ?UriStr .
+#     ?User log:uri ?UriStr .
+#     ?Allowed list:notMember ?EmailDomain .
+#   } => {
+#     ?User a ex:BlockedUser .
+#     ?User ex:name ?Name .
+#     ?User ex:email ?Email .
+#     ?User ex:emailDomain ?EmailDomain .
+#     ?User ex:userIndex ?Idx .
+#   } .
+# with substitution (on rule variables):
+#   ?Allowed = ("example.org" "example.com")
+#   ?Email = "bob@evil.invalid"
+#   ?EmailDomain = "evil.invalid"
+#   ?Id = "u2"
+#   ?Idx = 1
+#   ?J = """{
+#     "users": [
+#     { "id": "u1", "email": "ada@example.org",     "profile/name": "Ada Lovelace" },
+#     { "id": "u2", "email": "bob@evil.invalid",    "profile/name": "Bob Mallory" }
+#     ],
+#     "policy": { "allowedDomains": ["example.org", "example.com"] }
+#   }"""
+#   ?Name = "Bob Mallory"
+#   ?UriStr = "urn:example:user:u2"
+#   ?User = <urn:example:user:u2>
+#   ?UserJson = """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}"""
+#   ?Users = ("""{"id":"u1","email":"ada@example.org","profile/name":"Ada Lovelace"}""" """{"id":"u2","email":"bob@evil.invalid","profile/name":"Bob Mallory"}""")
+# Therefore the derived triple above is entailed by the rules and facts.
+# ----------------------------------------------------------------------
+
+<urn:example:user:u2> ex:userIndex 1 .
+

package/eyeling.js

@@ -39,6 +39,9 @@ const SKOLEM_NS = "https://eyereasoner.github.io/.well-known/genid/";
 // of the subject term in log:skolem to a Skolem IRI.
 const skolemCache = new Map();
 
+// Cache for string:jsonPointer: jsonText -> { parsed: any|null, ptrCache: Map<string, Term|null> }
+const jsonPointerCache = new Map();
+
 // Controls whether human-readable proof comments are printed.
 let proofCommentsEnabled = true;
 
@@ -1819,6 +1822,195 @@ function makeStringLiteral(str) {
   return new Literal(JSON.stringify(str));
 }
 
+function termToJsStringDecoded(t) {
+  // Like termToJsString, but for short literals it *also* interprets escapes
+  // (\" \n \uXXXX …) by attempting JSON.parse on the quoted lexical form.
+  if (!(t instanceof Literal)) return null;
+  const [lex, _dt] = literalParts(t.value);
+
+  // Long strings: """ ... """ are taken verbatim.
+  if (lex.length >= 6 && lex.startsWith('"""') && lex.endsWith('"""')) {
+    return lex.slice(3, -3);
+  }
+
+  // Short strings: try to decode escapes (this makes "{\"a\":1}" usable too).
+  if (lex.length >= 2 && lex[0] === '"' && lex[lex.length - 1] === '"') {
+    try { return JSON.parse(lex); } catch (e) { /* fall through */ }
+    return stripQuotes(lex);
+  }
+
+  return stripQuotes(lex);
+}
+
+function _jsonPointerUnescape(seg) {
+  // RFC6901: ~1 -> '/', ~0 -> '~'
+  // Any other '~' escape is invalid.
+  let out = "";
+  for (let i = 0; i < seg.length; i++) {
+    const c = seg[i];
+    if (c !== "~") { out += c; continue; }
+    if (i + 1 >= seg.length) return null;
+    const n = seg[i + 1];
+    if (n === "0") out += "~";
+    else if (n === "1") out += "/";
+    else return null;
+    i++;
+  }
+  return out;
+}
+
+function _jsonToTerm(v) {
+  if (v === null) return makeStringLiteral("null");
+  if (typeof v === "string") return makeStringLiteral(v);
+  if (typeof v === "number") return new Literal(String(v));
+  if (typeof v === "boolean") return new Literal(v ? "true" : "false");
+  if (Array.isArray(v)) return new ListTerm(v.map(_jsonToTerm));
+  if (typeof v === "object") return makeStringLiteral(JSON.stringify(v));
+  return null;
+}
+
+function _jsonPointerLookup(jsonText, pointer) {
+  // Support URI fragment form "#/a/b" (percent-decoded) as well.
+  let ptr = pointer;
+  if (ptr.startsWith("#")) {
+    try { ptr = decodeURIComponent(ptr.slice(1)); } catch (e) { return null; }
+  }
+
+  // Cache per JSON document
+  let entry = jsonPointerCache.get(jsonText);
+  if (!entry) {
+    let parsed = null;
+    try { parsed = JSON.parse(jsonText); } catch (e) { parsed = null; }
+    entry = { parsed, ptrCache: new Map() };
+    jsonPointerCache.set(jsonText, entry);
+  }
+  if (entry.parsed === null) return null;
+
+  // Cache per pointer within this doc
+  if (entry.ptrCache.has(ptr)) return entry.ptrCache.get(ptr);
+
+  let cur = entry.parsed;
+
+  if (ptr === "") {
+    const t = _jsonToTerm(cur);
+    entry.ptrCache.set(ptr, t);
+    return t;
+  }
+  if (!ptr.startsWith("/")) { entry.ptrCache.set(ptr, null); return null; }
+
+  const parts = ptr.split("/").slice(1);
+  for (const raw of parts) {
+    const seg = _jsonPointerUnescape(raw);
+    if (seg === null) { entry.ptrCache.set(ptr, null); return null; }
+
+    if (Array.isArray(cur)) {
+      // JSON Pointer uses array indices as decimal strings
+      if (!/^(0|[1-9]\d*)$/.test(seg)) { entry.ptrCache.set(ptr, null); return null; }
+      const idx = Number(seg);
+      if (!Number.isFinite(idx) || idx < 0 || idx >= cur.length) { entry.ptrCache.set(ptr, null); return null; }
+      cur = cur[idx];
+      continue;
+    }
+
+    if (cur !== null && typeof cur === "object") {
+      if (!Object.prototype.hasOwnProperty.call(cur, seg)) { entry.ptrCache.set(ptr, null); return null; }
+      cur = cur[seg];
+      continue;
+    }
+
+    entry.ptrCache.set(ptr, null);
+    return null;
+  }
+
+  const out = _jsonToTerm(cur);
+  entry.ptrCache.set(ptr, out);
+  return out;
+}
+
+function jsonPointerUnescape(seg) {
+  // RFC6901: ~1 -> '/', ~0 -> '~'
+  let out = "";
+  for (let i = 0; i < seg.length; i++) {
+    const c = seg[i];
+    if (c !== "~") { out += c; continue; }
+    if (i + 1 >= seg.length) return null;
+    const n = seg[i + 1];
+    if (n === "0") out += "~";
+    else if (n === "1") out += "/";
+    else return null;
+    i++;
+  }
+  return out;
+}
+
+function jsonToTerm(v) {
+  if (v === null) return makeStringLiteral("null");
+  if (typeof v === "string") return makeStringLiteral(v);
+  if (typeof v === "number") return new Literal(String(v));
+  if (typeof v === "boolean") return new Literal(v ? "true" : "false");
+  if (Array.isArray(v)) return new ListTerm(v.map(jsonToTerm));
+
+  if (v && typeof v === "object") {
+    // IMPORTANT: long literal so it can be parsed again via termToJsString()
+    // without needing escape decoding.
+    const raw = JSON.stringify(v);
+    return new Literal('"""' + raw + '"""');
+  }
+  return null;
+}
+
+function jsonPointerLookup(jsonText, pointer) {
+  let ptr = pointer;
+
+  // Support URI fragment form "#/a/b"
+  if (ptr.startsWith("#")) {
+    try { ptr = decodeURIComponent(ptr.slice(1)); } catch { return null; }
+  }
+
+  let entry = jsonPointerCache.get(jsonText);
+  if (!entry) {
+    let parsed = null;
+    try { parsed = JSON.parse(jsonText); } catch { parsed = null; }
+    entry = { parsed, ptrCache: new Map() };
+    jsonPointerCache.set(jsonText, entry);
+  }
+  if (entry.parsed === null) return null;
+
+  if (entry.ptrCache.has(ptr)) return entry.ptrCache.get(ptr);
+
+  let cur = entry.parsed;
+
+  if (ptr === "") {
+    const t = jsonToTerm(cur);
+    entry.ptrCache.set(ptr, t);
+    return t;
+  }
+  if (!ptr.startsWith("/")) { entry.ptrCache.set(ptr, null); return null; }
+
+  const parts = ptr.split("/").slice(1);
+  for (const raw of parts) {
+    const seg = jsonPointerUnescape(raw);
+    if (seg === null) { entry.ptrCache.set(ptr, null); return null; }
+
+    if (Array.isArray(cur)) {
+      if (!/^(0|[1-9]\d*)$/.test(seg)) { entry.ptrCache.set(ptr, null); return null; }
+      const idx = Number(seg);
+      if (idx < 0 || idx >= cur.length) { entry.ptrCache.set(ptr, null); return null; }
+      cur = cur[idx];
+    } else if (cur !== null && typeof cur === "object") {
+      if (!Object.prototype.hasOwnProperty.call(cur, seg)) { entry.ptrCache.set(ptr, null); return null; }
+      cur = cur[seg];
+    } else {
+      entry.ptrCache.set(ptr, null);
+      return null;
+    }
+  }
+
+  const out = jsonToTerm(cur);
+  entry.ptrCache.set(ptr, out);
+  return out;
+}
+
 // Tiny subset of sprintf: supports only %s and %%.
 // Good enough for most N3 string:format use cases that just splice strings.
 function simpleStringFormat(fmt, args) {
@@ -3370,6 +3562,21 @@ function evalBuiltin(goal, subst, facts, backRules, depth, varGen) {
     return s2 !== null ? [s2] : [];
   }
 
+  // string:jsonPointer
+  // Schema: ( $jsonText $pointer ) string:jsonPointer $value
+  if (g.p instanceof Iri && g.p.value === STRING_NS + "jsonPointer") {
+    if (!(g.s instanceof ListTerm) || g.s.elems.length !== 2) return [];
+    const jsonText = termToJsString(g.s.elems[0]);
+    const ptr = termToJsString(g.s.elems[1]);
+    if (jsonText === null || ptr === null) return [];
+
+    const valTerm = jsonPointerLookup(jsonText, ptr);
+    if (valTerm === null) return [];
+
+    const s2 = unifyTerm(g.o, valTerm, subst);
+    return s2 !== null ? [s2] : [];
+  }
+
   // string:greaterThan
   if (g.p instanceof Iri && g.p.value === STRING_NS + "greaterThan") {
     const sStr = termToJsString(g.s);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "eyeling",
-  "version": "1.5.31",
+  "version": "1.5.32",
   "description": "A minimal Notation3 (N3) reasoner in JavaScript.",
   "main": "./index.js",
   "keywords": [