Policy Linter

Analyzes a provided Break-Glass architecture JSON policy schema against critical security invariants such as Reconstruction Atomicity (window <= 300s), Passive Expiry (TTL > 0), and Sidecar Consistency, then produces a structured pass/fail risk report. Accepts a single input: policy_json, a required JSON string containing the full architecture policy schema definition to lint; this JSON must be parsed and treated as authoritative. The tool's output must strictly validate against the system-provided structured output schema (auto-produced and referenced by schemaArtifactId), with no extra fields or type deviations.