diff --git a/go.mod b/go.mod
index b04e58aa05..c595f9850f 100644
--- a/go.mod
+++ b/go.mod
@@ -53,6 +53,7 @@ require (
 	github.com/pires/go-proxyproto v0.5.0
 	github.com/pkg/errors v0.9.1
 	github.com/posener/complete v1.2.3
+	github.com/spf13/cobra v1.1.1 // indirect
 	github.com/stretchr/testify v1.7.0
 	github.com/zalando/go-keyring v0.1.1
 	go.uber.org/atomic v1.7.0
@@ -64,6 +65,7 @@ require (
 	google.golang.org/grpc v1.37.1
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0
 	google.golang.org/protobuf v1.26.0
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	mvdan.cc/gofumpt v0.1.1
 	nhooyr.io/websocket v1.8.7
 )
diff --git a/go.sum b/go.sum
index bc24a2eded..62e2f2184f 100644
--- a/go.sum
+++ b/go.sum
@@ -900,8 +900,9 @@ github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.0.1-0.20201006035406-b97b5ead31f7 h1:O63eWlXlvyw4YdsuatjRIU6emvJ2fqz+PTdMEoxIT2s=
 github.com/spf13/cobra v1.0.1-0.20201006035406-b97b5ead31f7/go.mod h1:yk5b0mALVusDL5fMM6Rd1wgnoO5jUPhwsQ6LQAJTidQ=
+github.com/spf13/cobra v1.1.1 h1:KfztREH0tPxJJ+geloSLaAkaPkr4ki2Er5quFV1TDo4=
+github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI=
 github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
 github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
@@ -1436,8 +1437,9 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
diff --git a/internal/cmd/commands/managedgroupscmd/managedgroups.gen.go b/internal/cmd/commands/managedgroupscmd/managedgroups.gen.go
index 74b2f801f9..89f50aeaed 100644
--- a/internal/cmd/commands/managedgroupscmd/managedgroups.gen.go
+++ b/internal/cmd/commands/managedgroupscmd/managedgroups.gen.go
@@ -1,4 +1,4 @@
-// Code generated by "make api"; DO NOT EDIT.
+// Code generated by "make cli"; DO NOT EDIT.
 package managedgroupscmd
 
 import (
diff --git a/internal/cmd/commands/managedgroupscmd/oidc_managedgroups.gen.go b/internal/cmd/commands/managedgroupscmd/oidc_managedgroups.gen.go
index 98e04e9116..3d9144489d 100644
--- a/internal/cmd/commands/managedgroupscmd/oidc_managedgroups.gen.go
+++ b/internal/cmd/commands/managedgroupscmd/oidc_managedgroups.gen.go
@@ -1,4 +1,4 @@
-// Code generated by "make api"; DO NOT EDIT.
+// Code generated by "make cli"; DO NOT EDIT.
 package managedgroupscmd
 
 import (
diff --git a/internal/observability/event/context_test.go b/internal/observability/event/context_test.go
index d20bdd822f..2597ba3c18 100644
--- a/internal/observability/event/context_test.go
+++ b/internal/observability/event/context_test.go
@@ -25,9 +25,11 @@ import (
 
 const apiRequest = "APIRequest"
 
-const testAuditVersion = "v0.1"
-const testErrorVersion = "v0.1"
-const testObservationVersion = "v0.1"
+const (
+	testAuditVersion       = "v0.1"
+	testErrorVersion       = "v0.1"
+	testObservationVersion = "v0.1"
+)
 
 type testAudit struct {
 	Id             string             `json:"id"`                     // std audit/boundary field
@@ -855,7 +857,7 @@ func Test_WriteError(t *testing.T) {
 			}
 			event.WriteError(tt.ctx, event.Op(op), tt.e)
 			if tt.errSinkFileName != "" {
-				defer func() { _ = os.WriteFile(tt.errSinkFileName, nil, 0666) }()
+				defer func() { _ = os.WriteFile(tt.errSinkFileName, nil, 0o666) }()
 				b, err := ioutil.ReadFile(tt.errSinkFileName)
 				require.NoError(err)
 
@@ -891,7 +893,6 @@ func Test_WriteError(t *testing.T) {
 				}
 				if tt.info != nil {
 					wantError.Payload["request_info"] = tt.info
-
 				}
 				wantJson, err := json.Marshal(wantError)
 				require.NoError(err)
diff --git a/website/content/docs/concepts/security/permissions.mdx b/website/content/docs/concepts/security/permissions.mdx
index 9af0230725..68466a0085 100644
--- a/website/content/docs/concepts/security/permissions.mdx
+++ b/website/content/docs/concepts/security/permissions.mdx
@@ -461,8 +461,7 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>set-password</code>: Set a password on an account, without
-            requiring the current password
+            <code>set-password</code>: Set a password on an account, without requiring the current password
           </li>
           <ul>
             <li>
@@ -473,17 +472,14 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>change-password</code>: Change a password on an account given
-            the current password
+            <code>change-password</code>: Change a password on an account given the current password
           </li>
           <ul>
             <li>
               <code>id=&lt;id&gt;;actions=change-password</code>
             </li>
             <li>
-              <code>
-                id=&lt;pin&gt;;type=&lt;type&gt;;actions=change-password
-              </code>
+              <code>id=&lt;pin&gt;;type=&lt;type&gt;;actions=change-password</code>
             </li>
           </ul>
         </ul>
@@ -1316,8 +1312,7 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>set-principals</code>: Set the full set of principals on a
-            role
+            <code>set-principals</code>: Set the full set of principals on a role
           </li>
           <ul>
             <li>
@@ -1522,8 +1517,7 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>read:self</code>: Read a session, which must be associated
-            with the calling user
+            <code>read:self</code>: Read a session, which must be associated with the calling user
           </li>
           <ul>
             <li>
@@ -1531,8 +1525,7 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>cancel:self</code>: Cancel a session, which must be associated
-            with the calling user
+            <code>cancel:self</code>: Cancel a session, which must be associated with the calling user
           </li>
           <ul>
             <li>
@@ -1638,8 +1631,7 @@ documentation](https://www.boundaryproject.io/api-docs) for guidance.
             </li>
           </ul>
           <li>
-            <code>set-host-sets</code>: Set the full set of host sets on a
-            target
+            <code>set-host-sets</code>: Set the full set of host sets on a target
           </li>
           <ul>
             <li>