kitelogik validate
Syntax-check every Rego policy file in the policies directory. Wraps opa check with the project layout convention so you don't have to remember the policy paths.
Synopsis
bash
kitelogik validate [--path PATH]| Flag | Default | Meaning |
|---|---|---|
--path PATH | auto-discover (see below) | Path to a policies directory |
What it does
- Resolves the policies directory — uses
--pathif given, otherwise walks upward fromcwdlooking forkitelogik/policies/orpolicies/(whichever appears first). - Globs
**/*.regounder that directory. - Excludes any file ending in
_test.rego— those go throughkitelogik testinstead. - Runs
opa checkagainst the remaining policy files. - Prints
All N policy files are valid.on success, or forwards OPA's diagnostic on failure.
Example
bash
$ kitelogik validate
Validating 7 policy files in /home/me/my-agent/policies...
All 7 policy files are valid.
$ echo $?
0A syntax error surfaces verbatim from OPA:
bash
$ kitelogik validate
Validating 7 policy files in /home/me/my-agent/policies...
1 error occurred: policies/financial.rego:14: rego_parse_error: unexpected ident token: ...The exit code matches OPA's — typically 1 for parse errors.
OPA binary or Docker
validate calls opa check directly when an opa binary is on PATH. Otherwise it transparently re-runs the same check inside openpolicyagent/opa:latest via Docker, bind-mounting your policies directory read-only at /policies. See CLI overview for the full fallback story.
When to run it
- In CI, before merge — catches typos that would otherwise cause OPA to fail to start with the new bundle.
- Locally, after every Rego edit — much faster than
kitelogik testwhen you just want to know "does this parse?". - Before
compliance—compliancereads policy files but assumes they parse; runningvalidatefirst surfaces parse errors with a clear message.
validate does not check semantic correctness (whether the rule matches what you intended). Pair it with test for behavioural assertions and check for one-off dry-runs.