Policy Linter

This tool performs static analysis on a Base64-encoded policy or schema string to lint it against critical security invariants and identify potential risks or misconfigurations. It accepts a single input parameter, policy_payload, which is a string containing the Base64-encoded policy content; the worker must decode this payload to obtain the raw policy text for analysis. Using that decoded policy text, the worker produces a structured risk assessment, including any detected issues and their severities. The returned JSON output must strictly validate against the system-provided structured output schema for this tool, with no extra fields and correct types for all properties.