Variable PolicySnapshotSchemaConst
PolicySnapshotSchema: ZodReadonly<
ZodPipe<
ZodObject<
{
mode: ZodEnum<
{
solo: "solo";
team: "team";
"team-ci": "team-ci";
regulated: "regulated";
},
>;
hash: ZodString;
resolvedAt: ZodString;
requestedMode: ZodEnum<
{
solo: "solo";
team: "team";
"team-ci": "team-ci";
regulated: "regulated";
},
>;
source: ZodOptional<
ZodEnum<
{
default: "default";
explicit: "explicit";
central: "central";
repo: "repo";
},
>,
>;
effectiveGateBehavior: ZodEnum<
{ auto_approve: "auto_approve"; human_gated: "human_gated" },
>;
degradedReason: ZodOptional<ZodString>;
resolutionReason: ZodOptional<ZodString>;
centralMinimumMode: ZodOptional<
ZodEnum<{ solo: "solo"; team: "team"; regulated: "regulated" }>,
>;
policyDigest: ZodOptional<ZodString>;
policyVersion: ZodOptional<ZodString>;
policyPathHint: ZodOptional<ZodString>;
requireHumanGates: ZodBoolean;
maxSelfReviewIterations: ZodNumber;
maxImplReviewIterations: ZodNumber;
allowSelfApproval: ZodBoolean;
minimumActorAssuranceForApproval: ZodDefault<
ZodEnum<
{
best_effort: "best_effort";
claim_validated: "claim_validated";
idp_verified: "idp_verified";
},
>,
>;
requireVerifiedActorsForApproval: ZodDefault<ZodBoolean>;
identityProvider: ZodOptional<
ZodPreprocess<
ZodDiscriminatedUnion<
[
ZodObject<
{
issuer: ZodString;
audience: ZodPipe<(...), (...)>;
claimMapping: ZodDefault<(...)>;
mode: ZodLiteral<(...)>;
signingKeys: ZodArray<(...)>;
},
$strict,
>,
ZodObject<
{
issuer: ZodString;
audience: ZodPipe<(...), (...)>;
claimMapping: ZodDefault<(...)>;
mode: ZodLiteral<(...)>;
jwksPath: ZodOptional<(...)>;
jwksUri: ZodOptional<(...)>;
cacheTtlSeconds: ZodDefault<(...)>;
},
$strict,
>,
],
"mode",
>,
>,
>;
identityProviderMode: ZodDefault<
ZodEnum<{ optional: "optional"; required: "required" }>,
>;
selfReview: ZodOptional<
ZodObject<
{
subagentEnabled: ZodBoolean;
fallbackToSelf: ZodBoolean;
strictEnforcement: ZodDefault<ZodBoolean>;
},
$strip,
>,
>;
reviewOutputPolicy: ZodOptional<
ZodEnum<
{
structured_required: "structured_required";
text_compat_allowed: "text_compat_allowed";
},
>,
>;
reviewInvocationPolicy: ZodOptional<
ZodEnum<
{
host_task_required: "host_task_required";
host_task_preferred: "host_task_preferred";
sdk_allowed: "sdk_allowed";
},
>,
>;
enforceRiskClassification: ZodOptional<ZodBoolean>;
allowRiskDowngradeOverride: ZodOptional<ZodBoolean>;
allowReducedCeremony: ZodOptional<ZodBoolean>;
discoveryHealth: ZodOptional<
ZodObject<
{
enforcement: ZodEnum<
{ advisory: "advisory"; required: "required"; off: "off" },
>;
onDegraded: ZodEnum<{ allow: "allow"; warn: "warn"; block: "block" }>;
onDrift: ZodEnum<{ allow: "allow"; warn: "warn"; block: "block" }>;
},
$strip,
>,
>;
validationEvidence: ZodOptional<
ZodObject<
{
enforcement: ZodEnum<
{ advisory: "advisory"; required: "required"; off: "off" },
>;
allowNoCommands: ZodBoolean;
},
$strip,
>,
>;
audit: ZodObject<
{
emitTransitions: ZodBoolean;
emitToolCalls: ZodBoolean;
enableChainHash: ZodBoolean;
timestampAssurance: ZodDefault<
ZodOptional<
ZodObject<
{
enabled: ZodDefault<(...)>;
mode: ZodDefault<(...)>;
strict: ZodDefault<(...)>;
criticalEvents: ZodDefault<(...)>;
tsaUrl: ZodOptional<(...)>;
trustAnchors: ZodOptional<(...)>;
ntpServers: ZodOptional<(...)>;
ntpDriftThresholdMs: ZodDefault<(...)>;
tsaTimeoutMs: ZodDefault<(...)>;
},
$strip,
>,
>,
>;
},
$strip,
>;
actorClassification: ZodRecord<ZodString, ZodString>;
},
$strip,
>,
ZodTransform<
{
mode: "solo"
| "team"
| "team-ci"
| "regulated";
hash: string;
resolvedAt: string;
requestedMode: "solo" | "team" | "team-ci" | "regulated";
source?: "default" | "explicit" | "central" | "repo";
effectiveGateBehavior: "auto_approve" | "human_gated";
degradedReason?: string;
resolutionReason?: string;
centralMinimumMode?: "solo" | "team" | "regulated";
policyDigest?: string;
policyVersion?: string;
policyPathHint?: string;
requireHumanGates: boolean;
maxSelfReviewIterations: number;
maxImplReviewIterations: number;
allowSelfApproval: boolean;
minimumActorAssuranceForApproval:
| "best_effort"
| "claim_validated"
| "idp_verified";
requireVerifiedActorsForApproval: boolean;
identityProvider?: | {
issuer: string;
audience: string[];
claimMapping: {
subjectClaim: string;
emailClaim: string;
nameClaim: string;
};
mode: "static";
signingKeys: (
| {
kind: "jwk";
kid: string;
alg: "RS256"
| "ES256";
jwk:
| { kty: ...; n: ...; e: ... }
| { kty: ...; x: ...; y: ...; crv: ... };
}
| { kind: "pem"; kid: string; alg: "RS256"
| "ES256"; pem: string }
)[];
}
| {
issuer: string;
audience: string[];
claimMapping: {
subjectClaim: string;
emailClaim: string;
nameClaim: string;
};
mode: "jwks";
jwksPath?: string;
jwksUri?: string;
cacheTtlSeconds: number;
};
identityProviderMode: "optional"
| "required";
selfReview?: {
subagentEnabled: boolean;
fallbackToSelf: boolean;
strictEnforcement: boolean;
};
reviewOutputPolicy?: "structured_required"
| "text_compat_allowed";
reviewInvocationPolicy?:
| "host_task_required"
| "host_task_preferred"
| "sdk_allowed";
audit: {
emitTransitions: boolean;
emitToolCalls: boolean;
enableChainHash: boolean;
timestampAssurance: {
enabled: boolean;
mode: "local_only"
| "ntp_check"
| "tsa_critical";
strict: boolean;
criticalEvents: string[];
tsaUrl?: string;
trustAnchors?: string[];
ntpServers?: string[];
ntpDriftThresholdMs: number;
tsaTimeoutMs: number;
};
};
actorClassification: Record<string, string>;
enforceRiskClassification: boolean;
allowRiskDowngradeOverride: boolean;
allowReducedCeremony: boolean;
discoveryHealth: {
enforcement: "advisory" | "required" | "off";
onDegraded: "allow" | "warn" | "block";
onDrift: "allow" | "warn" | "block";
};
validationEvidence: {
enforcement: "advisory"
| "required"
| "off";
allowNoCommands: boolean;
};
},
{
mode: "solo"
| "team"
| "team-ci"
| "regulated";
hash: string;
resolvedAt: string;
requestedMode: "solo" | "team" | "team-ci" | "regulated";
source?: "default" | "explicit" | "central" | "repo";
effectiveGateBehavior: "auto_approve" | "human_gated";
degradedReason?: string;
resolutionReason?: string;
centralMinimumMode?: "solo" | "team" | "regulated";
policyDigest?: string;
policyVersion?: string;
policyPathHint?: string;
requireHumanGates: boolean;
maxSelfReviewIterations: number;
maxImplReviewIterations: number;
allowSelfApproval: boolean;
minimumActorAssuranceForApproval:
| "best_effort"
| "claim_validated"
| "idp_verified";
requireVerifiedActorsForApproval: boolean;
identityProvider?: | {
issuer: string;
audience: string[];
claimMapping: {
subjectClaim: string;
emailClaim: string;
nameClaim: string;
};
mode: "static";
signingKeys: (
| {
kind: "jwk";
kid: string;
alg: "RS256"
| "ES256";
jwk:
| { kty: ...; n: ...; e: ... }
| { kty: ...; x: ...; y: ...; crv: ... };
}
| { kind: "pem"; kid: string; alg: "RS256"
| "ES256"; pem: string }
)[];
}
| {
issuer: string;
audience: string[];
claimMapping: {
subjectClaim: string;
emailClaim: string;
nameClaim: string;
};
mode: "jwks";
jwksPath?: string;
jwksUri?: string;
cacheTtlSeconds: number;
};
identityProviderMode: "optional"
| "required";
selfReview?: {
subagentEnabled: boolean;
fallbackToSelf: boolean;
strictEnforcement: boolean;
};
reviewOutputPolicy?: "structured_required"
| "text_compat_allowed";
reviewInvocationPolicy?:
| "host_task_required"
| "host_task_preferred"
| "sdk_allowed";
enforceRiskClassification?: boolean;
allowRiskDowngradeOverride?: boolean;
allowReducedCeremony?: boolean;
discoveryHealth?: {
enforcement: "advisory"
| "required"
| "off";
onDegraded: "allow" | "warn" | "block";
onDrift: "allow" | "warn" | "block";
};
validationEvidence?: {
enforcement: "advisory"
| "required"
| "off";
allowNoCommands: boolean;
};
audit: {
emitTransitions: boolean;
emitToolCalls: boolean;
enableChainHash: boolean;
timestampAssurance: {
enabled: boolean;
mode: "local_only"
| "ntp_check"
| "tsa_critical";
strict: boolean;
criticalEvents: string[];
tsaUrl?: string;
trustAnchors?: string[];
ntpServers?: string[];
ntpDriftThresholdMs: number;
tsaTimeoutMs: number;
};
};
actorClassification: Record<string, string>;
},
>,
>,
> = ...
Immutable policy snapshot embedded in SessionState.
Stores all FlowGuard-critical fields so auditors can verify which rules governed a session — even after policy presets are updated.
The hash is SHA-256 of the canonical JSON of the full GovernancePolicy. Non-repudiation: hash matches → policy is authentic and unmodified.
Lives in state layer (not config) because it is part of SessionState — the innermost layer must not depend on outer layers.