Before opening, please confirm:

• I have searched for duplicate or closed issues.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

Bug Category

Schemas and Validation

Describe the bug

[Only affects the partial-eval experimental feature]

Contexts containing unknowns are not properly typechecked during request validation; indeed, I suspect (but have not confirmed) that all Contexts containing unknowns will be reported as failing request validation. The root of the problem is that function typecheck_restricted_expr in cedar-policy-validator/src/types.rs doesn't properly handle the Unknown case of BorrowedRestrictedExpr.

Expected behavior

Some contexts containing unknowns should pass request validation, and others fail. For instance:

• if the context contains attributes foo: 1 and bar: unknown, and the schema requires foo: long and bar: string, this should pass.
• if the context contains attributes foo: 1 and bar: unknown, and the schema requires foo: string and bar:string, this should fail.
• if the context contains attributes foo: 1 and bar: unknown, and the schema requires foo: long, bar: string, and baz: string, this should fail.

Reproduction steps

Can't be easily reproduced in CLI without #331 I believe

Code Snippet

No response

Log output

No response

Additional configuration

No response

Operating System

No response

Additional information and screenshots

No response