diff --git a/policy/parser.go b/policy/parser.go
index 78905e3e..283a8e8b 100644
--- a/policy/parser.go
+++ b/policy/parser.go
@@ -121,9 +121,9 @@ func (p *Policy) GetExplanationOutputPolicy() *Policy {
 	ep := Policy{
 		name:     p.name,
 		semantic: p.semantic,
-		info:     &*p.info,
+		info:     p.info,
 		metadata: p.metadata,
-		source:   &*p.source,
+		source:   p.source,
 	}
 	if p.rule != nil {
 		ep.rule = p.rule.getExplanationOutputRule()
@@ -230,7 +230,7 @@ func (r *Rule) getExplanationOutputRule() *Rule {
 		description: r.description,
 	}
 	for _, variable := range r.variables {
-		er.variables = append(er.variables, &*variable)
+		er.variables = append(er.variables, variable)
 	}
 	for _, match := range r.matches {
 		em := Match{
diff --git a/policy/testdata/errors_unreachable/policy.yaml b/policy/testdata/errors_unreachable/policy.yaml
index 556b8bd9..410bd164 100644
--- a/policy/testdata/errors_unreachable/policy.yaml
+++ b/policy/testdata/errors_unreachable/policy.yaml
@@ -18,7 +18,7 @@ rule:
     - name: want
       expression: request.labels
     - name: missing
-      expression: variables.want.filter(l, !(l in resource.labels))    
+      expression: variables.want.filter(l, !(l in resource.labels))
     - name: invalid
       expression: >
         resource.labels.filter(l,
diff --git a/policy/testdata/k8s/policy.yaml b/policy/testdata/k8s/policy.yaml
index e47edafb..800d019d 100644
--- a/policy/testdata/k8s/policy.yaml
+++ b/policy/testdata/k8s/policy.yaml
@@ -34,4 +34,4 @@ spec:
         resource.containers.all(c, c.startsWith(variables.env + '.'))
     messageExpression: >
       'only %s containers are allowed in namespace %s'
-        .format([variables.env, resource.namespace])
\ No newline at end of file
+        .format([variables.env, resource.namespace])
diff --git a/policy/testdata/k8s/tests.yaml b/policy/testdata/k8s/tests.yaml
index 9e1d8b56..3965ea0f 100644
--- a/policy/testdata/k8s/tests.yaml
+++ b/policy/testdata/k8s/tests.yaml
@@ -18,7 +18,7 @@ section:
     tests:
       - name: "restricted_container"
         input:
-          resource.namespace: 
+          resource.namespace:
             value: "dev.cel"
           resource.labels:
             value:
diff --git a/policy/testdata/nested_rule2/policy.yaml b/policy/testdata/nested_rule2/policy.yaml
index ef2c0b81..2d422999 100644
--- a/policy/testdata/nested_rule2/policy.yaml
+++ b/policy/testdata/nested_rule2/policy.yaml
@@ -17,7 +17,7 @@ rule:
   variables:
     - name: "permitted_regions"
       expression: "['us', 'uk', 'es']"
-  match:  
+  match:
     - condition: resource.?user.orValue("").startsWith("bad")
       rule:
         id: "banned regions"
diff --git a/policy/testdata/nested_rule2/tests.yaml b/policy/testdata/nested_rule2/tests.yaml
index cd93b3aa..ac725956 100644
--- a/policy/testdata/nested_rule2/tests.yaml
+++ b/policy/testdata/nested_rule2/tests.yaml
@@ -18,7 +18,7 @@ section:
     tests:
       - name: "restricted_origin"
         input:
-          resource:            
+          resource:
             value:
               user: "bad-user"
               origin: "ir"
@@ -36,7 +36,7 @@ section:
             value:
               user: "good-user"
               origin: "de"
-        output: "{'banned': 'unconfigured_region'}"        
+        output: "{'banned': 'unconfigured_region'}"
   - name: "permitted"
     tests:
       - name: "valid_origin"
diff --git a/policy/testdata/nested_rule3/policy.yaml b/policy/testdata/nested_rule3/policy.yaml
index 54e33ba1..f4cff27d 100644
--- a/policy/testdata/nested_rule3/policy.yaml
+++ b/policy/testdata/nested_rule3/policy.yaml
@@ -17,7 +17,7 @@ rule:
   variables:
     - name: "permitted_regions"
       expression: "['us', 'uk', 'es']"
-  match:  
+  match:
     - condition: resource.?user.orValue("").startsWith("bad")
       rule:
         id: "banned regions"
diff --git a/policy/testdata/nested_rule3/tests.yaml b/policy/testdata/nested_rule3/tests.yaml
index 8a25cfec..ece86eba 100644
--- a/policy/testdata/nested_rule3/tests.yaml
+++ b/policy/testdata/nested_rule3/tests.yaml
@@ -18,7 +18,7 @@ section:
     tests:
       - name: "restricted_origin"
         input:
-          resource:            
+          resource:
             value:
               user: "bad-user"
               origin: "ir"
@@ -36,7 +36,7 @@ section:
             value:
               user: "good-user"
               origin: "de"
-        output: "{'banned': 'unconfigured_region'}"        
+        output: "{'banned': 'unconfigured_region'}"
   - name: "permitted"
     tests:
       - name: "valid_origin"
diff --git a/server/server.go b/server/server.go
index 4f88eebe..ed93adf0 100644
--- a/server/server.go
+++ b/server/server.go
@@ -85,6 +85,7 @@ func (s *ConformanceServer) Check(ctx context.Context, in *confpb.CheckRequest)
 	checkOptions = append(checkOptions, cel.Container(in.Container))
 	checkOptions = append(checkOptions, cel.Declarations(in.TypeEnv...))
 	checkOptions = append(checkOptions, cel.Types(&test2pb.TestAllTypes{}))
+	checkOptions = append(checkOptions, cel.Types(&test2pb.Proto2ExtensionScopedMessage{}))
 	checkOptions = append(checkOptions, cel.Types(&test3pb.TestAllTypes{}))
 	checkOptions = append(checkOptions, cel.OptionalTypes())
 	env, _ := cel.NewCustomEnv(checkOptions...)
@@ -268,7 +269,7 @@ func init() {
 		ext.Strings(),
 		ext.Math(),
 		ext.Encoders(),
-		cel.Types(&test2pb.TestAllTypes{}, &test3pb.TestAllTypes{}),
+		cel.Types(&test2pb.TestAllTypes{}, &test2pb.Proto2ExtensionScopedMessage{}, &test3pb.TestAllTypes{}),
 		cel.EagerlyValidateDeclarations(true),
 		cel.EnableErrorOnBadPresenceTest(true),
 		cel.OptionalTypes())