Variable PolicySnapshotSchemaConst
PolicySnapshotSchema: ZodReadonly<
ZodObject<
{
mode: ZodString;
hash: ZodString;
resolvedAt: ZodString;
requestedMode: ZodString;
source: ZodOptional<
ZodEnum<
{
default: "default";
explicit: "explicit";
central: "central";
repo: "repo";
},
>,
>;
effectiveGateBehavior: ZodEnum<
{ auto_approve: "auto_approve"; human_gated: "human_gated" },
>;
degradedReason: ZodOptional<ZodString>;
resolutionReason: ZodOptional<ZodString>;
centralMinimumMode: ZodOptional<
ZodEnum<{ solo: "solo"; team: "team"; regulated: "regulated" }>,
>;
policyDigest: ZodOptional<ZodString>;
policyVersion: ZodOptional<ZodString>;
policyPathHint: ZodOptional<ZodString>;
requireHumanGates: ZodBoolean;
maxSelfReviewIterations: ZodNumber;
maxImplReviewIterations: ZodNumber;
allowSelfApproval: ZodBoolean;
minimumActorAssuranceForApproval: ZodDefault<
ZodEnum<
{
best_effort: "best_effort";
claim_validated: "claim_validated";
idp_verified: "idp_verified";
},
>,
>;
requireVerifiedActorsForApproval: ZodDefault<ZodBoolean>;
identityProvider: ZodOptional<
ZodPreprocess<
ZodDiscriminatedUnion<
[
ZodObject<
{
issuer: ZodString;
audience: ZodPipe<ZodUnion<(...)>, ZodTransform<(...), (...)>>;
claimMapping: ZodDefault<ZodObject<(...), (...)>>;
mode: ZodLiteral<"static">;
signingKeys: ZodArray<ZodUnion<(...)>>;
},
$strict,
>,
ZodObject<
{
issuer: ZodString;
audience: ZodPipe<ZodUnion<(...)>, ZodTransform<(...), (...)>>;
claimMapping: ZodDefault<ZodObject<(...), (...)>>;
mode: ZodLiteral<"jwks">;
jwksPath: ZodOptional<ZodString>;
jwksUri: ZodOptional<ZodString>;
cacheTtlSeconds: ZodDefault<ZodNumber>;
},
$strict,
>,
],
"mode",
>,
>,
>;
identityProviderMode: ZodDefault<
ZodEnum<{ optional: "optional"; required: "required" }>,
>;
selfReview: ZodOptional<
ZodObject<
{
subagentEnabled: ZodBoolean;
fallbackToSelf: ZodBoolean;
strictEnforcement: ZodDefault<ZodBoolean>;
},
$strip,
>,
>;
reviewOutputPolicy: ZodOptional<
ZodEnum<
{
structured_required: "structured_required";
text_compat_allowed: "text_compat_allowed";
},
>,
>;
reviewInvocationPolicy: ZodOptional<
ZodEnum<
{
host_task_required: "host_task_required";
host_task_preferred: "host_task_preferred";
sdk_allowed: "sdk_allowed";
},
>,
>;
audit: ZodObject<
{
emitTransitions: ZodBoolean;
emitToolCalls: ZodBoolean;
enableChainHash: ZodBoolean;
},
$strip,
>;
actorClassification: ZodRecord<ZodString, ZodString>;
},
$strip,
>,
> = ...
Immutable policy snapshot embedded in SessionState.
Stores all FlowGuard-critical fields so auditors can verify which rules governed a session — even after policy presets are updated.
The hash is SHA-256 of the canonical JSON of the full GovernancePolicy. Non-repudiation: hash matches → policy is authentic and unmodified.
Lives in state layer (not config) because it is part of SessionState — the innermost layer must not depend on outer layers.