more grammar fixes

Author: miparnisari

pages/spicedb/concepts/caveats.mdx

@@ -119,7 +119,7 @@ A few important notes:
     This allows for **partial** binding of data at write time.
 - The Context is a `structpb`, which is defined by Google [and represents JSON-like data](https://pkg.go.dev/google.golang.org/protobuf/types/known/structpb).
   - To send 64-bit integers, encode them as strings.
-- A relationship cannot be duplicated, with or without a caveat, e.g. two relationships that differ only on their use of a caveat cannot both exist.
+- A relationship cannot be duplicated, with or without a caveat. In other words, two relationships that differ only on their use of a caveat cannot both exist.
 - When deleting a relationship, a caveat does not need to be specified; the matching relationship will be deleted if present.
 
 ## Providing Caveat Context via the API
@@ -157,7 +157,7 @@ In the case of `PERMISSIONSHIP_CONDITIONAL_PERMISSION`, SpiceDB will also return
 [states]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.CheckPermissionResponse.Permissionship
 [check-resp]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.CheckPermissionResponse
 
-## `LookupResources` and `LookupSubjects`
+### `LookupResources` and `LookupSubjects`
 
 Similarly to **CheckPermission**, both **LookupResources** and **LookupSubjects** can be provided with additional context and will return one of the two permission states for each of the results found (either has permission or conditionally has permission).
 
@@ -175,7 +175,7 @@ LookupResourcesRequest {
 }
 ```
 
-### Providing Caveat Context with `zed CLI
+## Providing Caveat Context with `zed CLI`
 
 When using `zed` command-line tool to interact with SpiceDB, the context can be provided using the `--caveat-context` flag.
 The caveat context should be a JSON representation that matches the types defined in the schema.
@@ -209,7 +209,7 @@ zed check -r resource:specificresource#view -p view -s user:specificuser --cavea
 
 ## Full Example
 
-A full example of a schema with caveats can be found below, which allows users to `view` a resource if they are directly a `viewer` or they are a`viewer` within the correct IP CIDR range:
+A full example of a schema with caveats can be found below, which allows users to `view` a resource if they are directly a `viewer` or if they are a `viewer` within the correct IP CIDR range:
 
 ### Schema
 

pages/spicedb/concepts/datastores.mdx

@@ -41,7 +41,7 @@ For more information, refer to the [Datastore Migration documentation](/spicedb/
 </Callout>
 
 - Recommended for multi-region deployments, with configurable region awareness
-- Enables horizontal scalablity by adding more SpiceDB and CockroachDB instances
+- Enables horizontal scalability by adding more SpiceDB and CockroachDB instances
 - Resiliency to individual CockroachDB instance failures
 - Query and data balanced across the CockroachDB
 - Setup and operational complexity of running CockroachDB

pages/spicedb/concepts/expiring-relationships.mdx

@@ -11,14 +11,18 @@ import { InlinePlayground } from '@/components/playground';
 A common use case is to model relationships that expire after a certain time.
 This is useful for granting temporary access to a resource.
 
-Until now, caveats were the recommended way to support time-bound permissions, but that has some limitations:
+Before version 1.40, [caveats] were the recommended way to support time-bound permissions, but that has some limitations:
+
+[caveats]: caveats
 
 - It requires clients to provide the `now` timestamp.
 This is additional complexity for clients.
 - Expired caveats are not automatically garbage collected.
 This can lead to many caveated relationships in the system and increase the costs of loading and evaluating those into the runtime.
 
-SpiceDB supports expiring relationships, which lets users define relationships that expire at a given time.
+SpiceDB supports expiring relationships, which lets users define relationships that expire at a given time. The time must be specified in [RFC 3339 format]. 
+
+[RFC 3339 format]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.8
 
 <Callout type="info">
     The clock used to determine if a relationship is expired is that of the underlying SpiceDB datastore.
@@ -34,7 +38,7 @@ The novelty here is that users need to enable the feature using the `use` clause
 This is to disambiguate a caveat named `expiration` from the new expiration feature.
 
 To enable expiration in your schema, add a `use expiration` clause to the top of the file.
-Then the relations subject to expiration are marked using `<type> with expiration`:
+Then the relations subject to expiration are marked using `<type> with expiration`. For example:
 
 ```zed
 use expiration
@@ -86,12 +90,12 @@ Set expirations on relationships in the Playground with the format `[expiration:
 resource:r1#folder@folder:folder1[expiration:2025-12-31T23:59:59Z]
 ```
 
-or specify expirations in RFC 3339 format in the `Expiration` column in the Relationship grid editor.
+or specify expirations in the `Expiration` column in the Relationship grid editor.
 <br/><InlinePlayground reference="naky4PZ86uTc"/>
 
 ## zed
 
-Use the `--expiration-time` flag to pass the expiration time of the relationship in RFC 3339 format:
+Use the `--expiration-time` flag to pass the expiration time of the relationship:
 
 ```shell zed
 zed relationship create resource:r1 folder folder:folder1 --expiration-time "2025-12-31T23:59:59Z"

pages/spicedb/concepts/schema.mdx

@@ -77,7 +77,7 @@ definition document {
 ```
 
 <Callout type="info">
-  In the above example, the `user` on `reader` does not contain a sub-relation
+  In the above example, the `user` on `reader` does not contain a sub-relation.
 
 Occasionally you will see a subject which has a sub-relation such as `usergroup:admins#members` which refers not just to the `usergroup` as a whole, but the set of members which have that relation to the `usergroup`.
 
@@ -181,7 +181,7 @@ Permissions support four kinds of operations: **union**, **intersection**, **exc
 
 #### `+` (Union)
 
-Unions together the relations/permissions referenced
+Unions together the relations/permissions referenced.
 
 Union is the most common operation and is used to join different relations or permissions together to form a set of allowed subjects.
 
@@ -193,7 +193,7 @@ permission combined = reader + writer
 
 #### `&` (Intersection)
 
-Intersects the set of subjects found for the relations/permissions referenced
+Intersects the set of subjects found for the relations/permissions referenced.
 
 Intersection allows for a permission to only include those subjects that were found in **both** relations/permissions.
 
@@ -205,9 +205,9 @@ permission read_and_write = reader & writer
 
 #### `-` (Exclusion)
 
-Excludes the set of subjects found for the right side relation/permission from those found in the left side relation/permission
+Excludes the set of subjects found for the right side relation/permission from those found in the left side relation/permission.
 
-Exclusion allows for computing the difference between two sets of relations/permissions
+Exclusion allows for computing the difference between two sets of relations/permissions.
 
 For example, to grant a permission to a user that is `reader` but not the `writer` of a document:
 
@@ -217,7 +217,7 @@ permission can_only_read = reader - writer
 
 #### `->` (Arrow)
 
-Arrows allow for "walking" the heirarchy of relations (and permissions) defined for an **object** of a subject, referencing a permission or relation on the _resulting_ subject's object.
+Arrows allow for "walking" the hierarchy of relations (and permissions) defined for an **object** of a subject, referencing a permission or relation on the _resulting_ subject's object.
 
 For example, imagine a schema where a document is found under a folder:
 
@@ -260,7 +260,7 @@ definition document {
 
 The expression `parent_folder->read` indicates to "walk" from the `parent_folder` of the `document`, and then to include the subjects found for the `read` permission of that folder.
 
-Making use of a `union`, we can also include the local `reader` relation, allowing the `read` permission on a document can check whether a user is a `reader` of a document or a `reader` of its parent folder.
+Making use of a `union`, we can also include the local `reader` relation, allowing the `read` permission on a document to check whether a user is a `reader` of a document or a `reader` of its parent folder.
 
 ```zed
 definition user {}
@@ -298,7 +298,7 @@ definition document {
 For example, in:
 
 ```
-defintion resource {
+definition resource {
   relation parent: group#member
   permission someperm = parent->something
 }
@@ -379,7 +379,6 @@ In the above example, the user must be in the `member` relation for _all_ groups
 
 <Callout type="warning">
   Intersection arrows can impact performance since they require loading **all** results for the arrow. This is especially a concern for arrows that traverse relationship graphs with a high branching factor.
-  results for the arrow, it can impact performance if the arrow is very wide.
 </Callout>
 
 ### Naming Permissions
@@ -455,7 +454,7 @@ Admin permission on resources is then defined as the direct owner of the resourc
 
 Relation traversals can be modeled using intermediate, synthetic relations.
 
-Given the example hierarchy, portfolio can have folders, folders can have documents, we’d like a viewer of a portfolio to also be able to read documents contained in its folders.
+Given the example hierarchy below, where a portfolio can have folders and folders can have documents, we’d like a viewer of a portfolio to also be able to read documents contained in its folders.
 The read on documents could be thought of as:
 
 ```

pages/spicedb/concepts/watch.mdx

@@ -5,12 +5,13 @@ import { InlinePlayground } from '@/components/playground';
 
 The [Watch API] in SpiceDB enables clients to monitor changes made to [Relationships] within the system.
 
-Watch events are generated when relationships are created, touched, or deleted through the [WriteRelationships], [DeleteRelationships], or the bulk import API.
+Watch events are generated when relationships are created, touched, or deleted through the [WriteRelationships], [DeleteRelationships] or [BulkImportRelationships] APIs.
 
 [Watch API]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.WatchService
 [Relationships]: relationships
 [WriteRelationships]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.WriteRelationships
 [DeleteRelationships]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.DeleteRelationships
+[BulkImportRelationships]: https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.BulkImportRelationshipsRequest
 
 ## Subscribing to Watch
 

pages/spicedb/concepts/zanzibar.mdx

@@ -33,7 +33,7 @@ In homeage, AuthZed maintained a Dune-related naming scheme for their own projec
 ### Popularizing ReBAC
 
 **Re**lationship-**b**ased **A**ccess **C**ontrol (ReBAC) is a one of the paradigms for the design of authorization systems.
-The core idea behind ReBAC is that the existence of a chain relationships between a subject and a resource defines access.
+The core idea behind ReBAC is that the existence of a chain of relationships between a subject and a resource defines access.
 This abstraction alone is able to model all other existing authorization paradigms including the very popular RBAC and ABAC designs.
 The concept was originally described by Carrie Gates in a 2006 paper entitled [Access Control Requirements for Web 2.0 Security and Privacy][web2-paper] with Facebook cited as an early adopter of this paradigm.
 However, it wouldn't be until the publication of the Zanzibar paper in 2019 that ReBAC would achieve popularity outside of applications that weren't already leveraging graph abstractions for their data.
@@ -49,10 +49,10 @@ For more information on ReBAC, see the [documentation for Relationships][rels].
 
 ### New Enemy Problem
 
-The New Enemy Problem is scenario where unauthorized access can occur when changes to permissions and the resources they protect are not updated together [consistently].
+The New Enemy Problem is a scenario where unauthorized access can occur when changes to permissions and the resources they protect are not updated together [consistently].
 SpiceDB solves this problem with configurable consistency and ZedTokens, its version of Zookies.
 
-This term was first introduced in the Zanzibar paper where solving this problem was a fundamental design goal:
+The term "Zookies" was first introduced in the Zanzibar paper where solving this problem was a fundamental design goal:
 
 >ACL checks must respect the order in which users modify ACLs and object contents to avoid unexpected sharing behaviors.
 >Specifically, our clients care about preventing the "new enemy" problem, which can arise when we fail to respect the ordering between ACL updates or when we apply old ACLs to new content.
@@ -110,9 +110,9 @@ SpiceDB instead offers a [Schema Language][schema] that internally compiles into
 
 Zanzibar [does not disambiguate][disambiguate] between relations that define access and those that exist purely in the abstract.
 
-SpiceDB introduces new terms and syntax to differentiate relations into two concepts Relations and Permissions.
+SpiceDB introduces new terms and syntax to differentiate relations into two concepts: Relations and Permissions.
 
-Permissions are best thought of "public API" being consumed by applications to check access.
+Permissions are best thought of as the "public API" being consumed by applications to check access.
 Permissions are defined using set semantics referred to in Zanzibar parlance as
 "computed usersets".
 
@@ -141,19 +141,20 @@ Zanzibar only supports Google's internal [Spanner] service for tuple-storage.
 
 SpiceDB supports a variety of datastores; including [Cloud Spanner].
 
-You can learn more about datastores in the [Datastore documentation].
+You can learn more about datastores in the [Datastores documentation].
 
 [Spanner]: https://static.googleusercontent.com/media/research.google.com/en//archive/spanner-osdi2012.pdf
 [Cloud Spanner]: https://cloud.google.com/spanner/
 [Datastore documentation]: ./datastores
 
 ### Consistency
 
-Zanzibar supports a [ContentChangeCheck API][ccc-api] and the ability specify "at least as fresh" as a Zookie.
+Zanzibar supports a [ContentChangeCheck API][ccc-api] and the ability to specify "at least as fresh" as a Zookie.
 
-SpiceDB simplifies this workflow by allowing API requests to specify their consistency behavior in addition to implementing ZedTokens, the analogue of Zanzibar's Zookies.
+SpiceDB simplifies this workflow by allowing API requests to specify their consistency behavior in addition to implementing ZedTokens, the analogue of Zanzibar's Zookies. See [Consistency] for more details.
 
 [ccc-api]: https://zanzibar.tech/#annotations/spicedb/content-change-check
+[Consistency]: consistency
 
 ### Identifiers
 

pages/spicedb/ops/observability.mdx

@@ -9,9 +9,9 @@ In order to operate SpiceDB in a reliable and performant fashion, SpiceDB expose
 
 ## Prometheus
 
-Every SpiceDB [command] has a configurable HTTP server that serves observability data.
+Every SpiceDB [command] has a configurable HTTP server that serves observability data. 
 
-A [Prometheus metrics endpoint][prom-endpoint] at can be found on this server at the path `/metrics`.
+A [Prometheus metrics endpoint][prom-endpoint] can be found on this server at the path `/metrics`.
 
 Available metrics include operational information about the Go runtime and serving metrics for any servers that are enabled.
 
@@ -22,7 +22,7 @@ Available metrics include operational information about the Go runtime and servi
 
 Every SpiceDB [command] has a configurable HTTP server that serves observability data.
 
-[pprof endpoints][go-pprof] for various types of profiles can be found on this server at the path: `/debug/pprof`.
+[pprof endpoints][go-pprof] for various types of profiles can be found on this server at the path `/debug/pprof`.
 
 The types of profiles available are: