Policy Linter Security Invariant Checker

Analyze a provided policy_text JSON string representing a policy document and validate it against predefined security invariants such as limits on reconstruction_window, the presence and value of ttl_seconds, and the setting of cache_invalidation. The tool accepts a single required input, policy_text, which is the raw JSON policy encoded as a string payload and must be parsed as authoritative. Using this input, the worker must construct a structured RiskReport summarizing whether each invariant passes or fails, plus any derived details defined by the system. The final output must strictly validate against the system-provided structured output schema, with correct types and enums, no extra keys, and no nulls unless explicitly allowed.