From 45df4d0d9b577fecee798d672695fe24ff57fb1b Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Tue, 15 Jul 2025 16:37:08 -0600
Subject: feat: migrate from Cedar to SpiceDB authorization system

This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.

Key changes:

- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization

This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.

Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
---
 Procfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Procfile')

diff --git a/Procfile b/Procfile
index 877b1455..2211deeb 100644
--- a/Procfile
+++ b/Procfile
@@ -1,3 +1,3 @@
-authzd: ./bin/authzd server --addr 127.0.0.1:50052
+authzd: ./bin/authzd
 envoy: ./bin/envoy -c ./etc/envoy/envoy.yaml --base-id 1 --log-level warn --component-log-level admin:warn,connection:warn,grpc:warn,http:warn,http2:warn,router:warn,upstream:warn
-spicedb: ./bin/spicedb serve --grpc-preshared-key "secret" --http-addr :8080 --grpc-addr :50051 --datastore-engine memory --log-level info --log-format json --telemetry-endpoint "" --skip-release-check
+spicedb: ./bin/spicedb serve --grpc-preshared-key "secret" --http-addr :8080 --grpc-addr :50051 --datastore-engine memory --log-level warn --log-format json --telemetry-endpoint "" --skip-release-check
-- 
cgit v1.2.3