Policy Context Normalizer

Workflow

1. Enumerate context sources: identify every source that contributes fields to the policy context — CLAUDE_SESSION_ID, ORG_SLUG, JWT claims, plugin.json metadata, and env vars from env-normalize.sh.
2. Define the canonical schema: using ./context-schema.md as the reference, list required vs optional fields and their expected types.
3. Write a normalization function: create a shell or Node.js function that merges all sources into a single JSON object, preferring explicit sources (session token) over inferred ones (path-derived plugin name).
4. Add inference guards: for each field that could be inferred rather than explicit, emit a "source": "inferred" flag and log a warning — never silently trust inferred values for high-stakes policy decisions; see ./inference-guards.md.
5. Implement fail-mode policy: if required fields (session_id, event_type, tool_name) are missing after normalization, emit a degraded decision rather than crashing; reference ./fail-mode-policy.md for the canonical degraded envelope.
6. Test pass, fail, and degraded modes: (a) full context → correct policy decision; (b) missing required field → degraded with warning; (c) conflicting sources → explicit source wins, conflict logged.

References

• Context Schema
• Inference Guards
• Fail-Mode Policy