Architecture

Policies are an immutable baseline combined with an owner overlay; an edit bumps the version and emits policy.updated. The compliance sweep is deterministic and rule-based — there is no LLM stage and no cost ($0). Findings are computed across refunds and listings with a result (pass / warn / violation) and a detail string. Owner edits, toggles, and resolutions write audit rows through the shared store.

The app owns demo_eco_c6_policy (domain, title, version, body, active) and demo_eco_c6_compliance_check (policy, domain, target, result, detail, resolved). It emits policy.updated and compliance.checked, and connects to #21 (refund policy), #32/#33 (KYC + content checks), and #34 (approval consistency). The data invariant holds — owner canonical, viewer policy edits and resolutions credential-scoped, ephemeral, and reset-clearing (setWhere-guarded). Honesty is inspector-only. Stage-2 reads the policy and compliance-check repos behind the same surface.