Problem

If an execution policy relies on unseeded random number generation (e.g., Math.random()), replaying the policy against the input will yield a different outcome. This breaks offline verification of EvidencePacks because the hashes will diverge.

Approach

All execution policies must be strictly deterministic. If pseudo-randomness is required for a heuristic algorithm, it must use a Deterministic Random Bit Generator (DRBG) seeded explicitly by the prevHash of the receipt chain, or by a cryptographically signed entropy injection proposed prior to execution.

Invariants

Execution environments must hook and block unseeded RNG syscalls.
f(state, input) == f(state, input) perfectly, infinitely.

Artifacts

HELM Unified Canonical Standard v1.2

References

NIST SP 800-90A Rev. 1 (DRBG mechanisms).