Policy Linter

This tool performs static analysis of a raw policy or schema string, checking security invariants such as atomicity with reconstruction window less than 600 seconds, passive TTL enforced by an identity provider, and memory safety via shard length prefixing, and then returns a structured risk assessment. It accepts one input parameter: policy_text (string) containing the entire policy or schema body as raw text, which may itself be JSON or another structured format and must be parsed internally by the tool logic. The LLM must output only a single JSON object that strictly validates against the system-provided structured output schema for this tool, using the correct types, enums, and ranges and adding no extra keys.