# Deterministic Evaluator Spec (Draft) — PREP-POLICY-ENGINE-20-002

Status: Draft (2025-11-20)
Owners: Policy Guild
Scope: Define deterministic evaluator requirements for Policy Engine to unblock POLICY-ENGINE-20-002.

## Determinism rules
- Evaluation order: lexical by rule ID within policy set; stable tie-breaker by condition hash.
- Data types: disallow host clock/network; only allow provided inputs; random seeded with fixed seed per run.
- Outputs: sorted by finding_id; numeric outputs with fixed precision (3 decimals) and invariant culture.
- Time handling: all timestamps in inputs are treated as UTC; now() not permitted.

## Engine contract
- Input envelope: `{policy_set_id, policy_version, inputs_hash, tenant_id, run_id}`.
- Execution context: immutable; no mutations to global state; cache keyed by inputs_hash + policy_version.
- Result envelope: `{run_id, policy_set_id, policy_version, findings[], metrics{duration_ms, rules_evaluated}}`.

## Testing strategy
- Golden runs: same inputs produce identical outputs/hashes across runs and machines.
- Property tests: altering rule order must not change result ordering; injecting clock skew should be rejected.

## Open decisions
- Whether to allow parallel rule evaluation if output ordering remains deterministic (requires stable merge logic).
- Exact numeric tolerance/rounding strategy.

## Handoff
Use this as the PREP artefact for PREP-POLICY-ENGINE-20-002. Update once numeric rounding and parallelism decisions are finalized.