2 files changed, 42 insertions, 42 deletions

diff --git a/Makefile b/Makefile
index 6eb1ec31..701b2422 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,7 @@ setup:
 	mise install
 	mise exec go -- go install github.com/xlgmokha/minit@latest
 	mise exec rust -- rustup component add clippy rustfmt
+	mise exec rust -- cargo install --locked cedar-policy-cli
 
 # Cargo targets
 build:
@@ -29,9 +30,12 @@ clean:
 
 fmt:
 	@cargo fmt
+	@cedar format --policies etc/authzd/policy0.cedar --write
 
 lint:
 	@cargo clippy
+	@cedar check-parse --policies etc/authzd/policy0.cedar
+	@cedar format --policies etc/authzd/policy0.cedar --check
 
 doc:
 	@cargo doc --open
diff --git a/etc/authzd/policy0.cedar b/etc/authzd/policy0.cedar
index e67f0db5..9410eced 100644
--- a/etc/authzd/policy0.cedar
+++ b/etc/authzd/policy0.cedar
@@ -1,46 +1,42 @@
-permit(principal, action == Action::"check", resource)
-when {
-  context has bearer_token &&
-    context.bearer_token == "valid-token"
-};
+permit (
+  principal,
+  action == Action::"check",
+  resource
+)
+when { context has bearer_token && context.bearer_token == "valid-token" };
 
-permit(principal, action, resource)
-when {
-  context has path && context has method && context.method == "GET" && (
-    context.path like "*.css" ||
-    context.path like "*.js" ||
-    context.path like "*.ico" ||
-    context.path like "*.png" ||
-    context.path like "*.jpg" ||
-    context.path like "*.jpeg" ||
-    context.path like "*.gif" ||
-    context.path like "*.bmp" ||
-    context.path like "*.html"
-  )
+permit (principal, action, resource)
+when
+{
+  context has path &&
+  context has method &&
+  context.method == "GET" &&
+  (context.path like "*.css" ||
+   context.path like "*.js" ||
+   context.path like "*.ico" ||
+   context.path like "*.png" ||
+   context.path like "*.jpg" ||
+   context.path like "*.jpeg" ||
+   context.path like "*.gif" ||
+   context.path like "*.bmp" ||
+   context.path like "*.html")
 };
 
-permit(principal, action, resource)
-when {
-  context has host && context has method && context has path && (
-    (
-      context.host == "sparkle.runway.gitlab.net" ||
-      context.host == "sparkle.staging.runway.gitlab.net" ||
-      context.host like "localhost:*"
-    ) && (
-      (
-        context.method == "GET" && (
-          context.path == "/" ||
-          context.path == "/callback" ||
-          context.path == "/dashboard/nav" ||
-          context.path == "/health" ||
-          context.path == "/signout" ||
-          context.path == "/sparkles"
-        )
-      ) || (
-        context.method == "POST" && (
-          context.path == "/sparkles/restore"
-        )
-      )
-    )
-  )
+permit (principal, action, resource)
+when
+{
+  context has host &&
+  context has method &&
+  context has path &&
+  ((context.host == "sparkle.runway.gitlab.net" ||
+    context.host == "sparkle.staging.runway.gitlab.net" ||
+    context.host like "localhost:*") &&
+   ((context.method == "GET" &&
+     (context.path == "/" ||
+      context.path == "/callback" ||
+      context.path == "/dashboard/nav" ||
+      context.path == "/health" ||
+      context.path == "/signout" ||
+      context.path == "/sparkles")) ||
+    (context.method == "POST" && (context.path == "/sparkles/restore"))))
 };