Policy Linter

This tool validates break-glass architecture policies defined in a JSON schema against security invariants. It parses the provided schema_json input, which is a JSON string containing the full architecture schema and is treated as authoritative. The tool checks constraints such as Reconstruction Atomicity (for example, ensuring any maxReconstructionWindow is limited to 300 seconds or less), Passive Expiry of credentials (ttl_seconds must be greater than 0), and Sidecar Consistency when sidecars are present, and produces a structured validation report describing passes, failures, and relevant context. The JSON output must strictly validate against the system-provided structured output schema that is supplied at runtime and is not shown here.