docs: reframe as Policy as Code (PaC); add Cedar scoping memo

[boorad]

Summary

Reframes zift's user-facing copy from "Rego for OPA" to "Policy as Code (PaC)" — Rego/OPA today, with Cedar planned — and adds docs/CEDAR_SUPPORT.md, a scoping memo for the additive Phase A work that would let Cedar coexist with Rego as peer backends.

No code or behavior changes. Implementation, module names, MCP tool names, schema fields, and rule templates are all unchanged. The framing now signals that Rego is the current backend, not the only one we plan to support.

Tracks #27.

Changes

• Reframe README.md, CLAUDE.md, docs/DESIGN.md, Cargo.toml description, the scan footer string in src/output/text.rs, and CLI help in src/cli.rs from "Rego for OPA" to "Policy as Code (PaC) — Rego/OPA today"
• Add docs/CEDAR_SUPPORT.md — 135-line scoping memo covering: current Rego coupling, additive Phase A plan (parallel cedar_template TOML keys, cedar_stub field, new src/cedar/ module, --engine flag on extract, new suggest_policy/validate_policy MCP tools with Rego-named aliases retained), Phase B PolicyGenerator trait extraction, risk register, and open questions
• Clean up stragglers caught in code review (README quickstart comment, MCP blurb, DESIGN.md ASCII diagram + CLI block, vague companion-issue reference in the memo)

Test plan

• cargo check clean
• cargo fmt --check clean
• cargo clippy -- -D warnings clean
• cargo test — all 12 tests pass (deep_subprocess + mcp_stdio integration)
• All docs: / docs(cli): commits — won't trigger release-plz version bump (correct: no behavior change)
• Eyeball the rendered docs/CEDAR_SUPPORT.md on GitHub to confirm formatting + the Cedar support / pluggable policy backends #27 link resolves

Summary by CodeRabbit

• Documentation

  • Reframed docs and CLI help to describe "Policy as Code" (PaC) with Rego as the current backend
  • Added a scoping/design memo outlining planned Cedar support as a second Policy-as-Code backend
  • Minor wording/emphasis updates across README and design docs

• Chores

  • Updated package metadata description to reference Policy as Code (Rego/OPA today)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d615634a-ce77-4521-a040-27d5f5701ed5

📥 Commits

Reviewing files that changed from the base of the PR and between d366de5 and 6d55ee6.

📒 Files selected for processing (2)

• docs/CEDAR_SUPPORT.md
• docs/DESIGN.md

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/CEDAR_SUPPORT.md

---

📝 Walkthrough

Walkthrough

This PR updates user-facing and design documentation to reframe the project as generating "Policy as Code (PaC)" (Rego/OPA today) and adds a scoped design memo for optional Cedar support; minor CLI/help and output text strings were changed to match the PaC wording. No public APIs or runtime logic were modified.

Changes

Policy as Code Positioning & Cedar Planning

Layer / File(s)	Summary
Identity / Branding CLAUDE.md, README.md, Cargo.toml	Top-level descriptions changed from "generate Rego policies for OPA" to "generate Policy as Code (Rego/OPA today)" and mention Cedar/other engines on the roadmap.
Design Documentation docs/DESIGN.md	Reworded goals, architecture, and implementation-plan sections from Rego-specific language to "Policy-as-Code" framing; CLI examples and licensing references clarified for multi-engine support.
Cedar Support Memo docs/CEDAR_SUPPORT.md	New scoping memo proposing Phase A additive Cedar support (TOML template keys, Finding.cedar_stub, new src/cedar/ module, --engine CLI flag, MCP engine-parameterized endpoints) and Phase B refactor toward a shared PolicyGenerator.
CLI / Output Text src/cli.rs, src/output/text.rs	CLI about/command/help strings and enforcement_points summary text updated to use "Policy as Code" / "policy engine" wording; no signature or behavior changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related issues

• Issue #27 – The Cedar backend design memo and Policy-as-Code wording align with the multi-engine/Cedar roadmap described in the issue.

Possibly related PRs

• PR #4 – Overlaps in documentation and CLI text updates (e.g., CLAUDE.md) suggesting related messaging changes.

Poem

🐰 Hop, hop, a new narrative takes flight,
"Policy as Code" now framed in the light,
Rego today, Cedar coming in sight,
Templates and flags prepare the right,
A littler rabbit cheers the future bright!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: reframing documentation from Rego-specific to Policy as Code terminology and adding a Cedar support scoping memo.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[amazon-q-developer]

Summary

This PR successfully reframes zift's user-facing messaging from "Rego for OPA" to "Policy as Code (PaC)" and adds a comprehensive Cedar support scoping memo. The changes are documentation-only with no code or behavior modifications.

Key Changes:

• Updated README.md, CLAUDE.md, Cargo.toml, docs/DESIGN.md to reflect PaC framing
• Modified CLI help strings in src/cli.rs to use policy-agnostic language
• Updated output text in src/output/text.rs to remove OPA-specific reference
• Added docs/CEDAR_SUPPORT.md - 135-line design memo for future Cedar backend support

Review Findings:
No blocking issues identified. All changes are consistent with the stated goal, maintain backward compatibility, and correctly update documentation and user-facing strings. The Cedar design memo is well-structured and thoroughly documents the path for multi-engine support.

The PR is ready to merge.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/CEDAR_SUPPORT.md`:
- Line 72: The two untyped fenced code blocks in docs/CEDAR_SUPPORT.md (the
block listing the src/cedar files starting with "src/cedar/" and the shell
example containing "zift extract findings.json --engine cedar --output-dir
./policies/cedar") should include language identifiers to satisfy markdownlint
MD040 and improve rendering; change the file-list fence to use a language hint
such as "text" (e.g., ```text) and the command fence to "bash" (e.g., ```bash)
so the blocks with "src/cedar/" and the zift extract command are properly typed.

In `@docs/DESIGN.md`:
- Line 245: Update the CLI docs so the "extract" option consistently references
Policy-as-Code (PaC) instead of implying Rego is mandatory: edit the "extract"
description and the nearby CLI block (the entry labeled extract and the text
around lines 268-271) to replace "Generate Policy-as-Code files from findings"
and any phrase like ".rego files" with a single consistent phrase such as
"Generate Policy-as-Code files from findings (e.g., Rego or other PaC formats)"
so readers aren't led to believe Rego is required.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 0cccf1fe-7499-480e-b510-74fc0317cdb3

📥 Commits

Reviewing files that changed from the base of the PR and between 0f50c8d and d366de5.

📒 Files selected for processing (7)

• CLAUDE.md
• Cargo.toml
• README.md
• docs/CEDAR_SUPPORT.md
• docs/DESIGN.md
• src/cli.rs
• src/output/text.rs