Context

This sub-issue wires the target-neutral policy checking architecture (from sub-issues 1–2) into the CLI, JSON output, and evidence manifest. It builds on:

• capability_ir module (pdd/prompts/capability_ir_python.prompt) — provides ContractEffectIR
• policy_backends package (pdd/prompts/policy_backends/__init___python.prompt, pdd/prompts/policy_backends/python_ast_python.prompt) — provides get_backend() and PolicyFinding

Interface Contract

from capability_ir import parse_capabilities
from policy_backends import get_backend, PolicyFinding

CLI command signature consumed: get_backend(target: str).analyze(artifact_path, contract_ir) -> list[PolicyFinding]

Scope

1. CLI — pdd/prompts/commands/checkup_python.prompt

Extend pdd checkup policy check to accept --target <target> (default: python for backward compatibility).

Example:

pdd checkup policy check prompts/refund_payment.prompt src/refund_payment.py --target python --json

The command must:

• Parse <capabilities> using parse_capabilities() → ContractEffectIR
• Call get_backend(target).analyze(artifact_path, contract_ir) → list[PolicyFinding]
• Emit normalized JSON findings (see below)

2. Normalized JSON output schema

JSON output must follow:

{
  "target": "python",
  "contract": {"capabilities_present": true, "effect_count": 8},
  "findings": [
    {
      "severity": "error",
      "effect": {"action": "send", "resource": "email"},
      "rule": "must_not_send_email",
      "message": "...",
      "location": {"file": "src/refund_payment.py", "line": 42, "symbol": "sendgrid.SendGridAPIClient"}
    }
  ]
}

For unsupported targets: {"target": "typescript", "status": "unsupported", "message": "No policy backend registered for target: typescript"}

3. Evidence manifest — pdd/prompts/evidence_manifest_python.prompt

Update the evidence manifest integration so that policy check results are stored as normalized PolicyFinding objects (not Python-specific structures). The manifest entry should include the target field.

Files to modify

• pdd/prompts/commands/checkup_python.prompt (CHANGE — add --target flag)
• pdd/prompts/evidence_manifest_python.prompt (CHANGE — store normalized policy findings)

Acceptance criteria

• pdd checkup policy check <prompt> <artifact> --target python --json emits the normalized JSON schema above
• pdd checkup policy check <prompt> <artifact> --target typescript --json emits {"status": "unsupported", ...}
• Evidence manifest stores policy results with target field and normalized PolicyFinding structure
• Omitting --target defaults to python (backward compatible)
• Tests verify: (a) JSON output stability across backends, (b) evidence manifest contains normalized findings, (c) unsupported target returns structured response

PDD Command Hint

change, sync

Split Contract

Command sequence: change → sync
Allowed write set:

• pdd/prompts/commands/checkup_python.prompt
• pdd/prompts/evidence_manifest_python.prompt
  Acceptance criteria:
• pdd checkup policy check accepts --target flag and defaults to python
• JSON output uses normalized findings schema with target, contract, and findings fields
• Unsupported target returns {"status": "unsupported"} without crashing
• Evidence manifest stores policy results with target field and PolicyFinding structure
• Omitting --target is backward compatible
  Independently mergeable: True
  Scope rule: Do not expand beyond this contract or implement sibling sub-issue work. If the contract is insufficient, report the gap instead.

PDD Command Hint: This is a new feature. Use change → sync (modify prompts, then generate and validate code).

Parent: #1370
Parent issue: #1370