simulate

oz-policy-cli simulate <SPEC_FILE> <RECORDING_FILE> --wasm-dir <DIR> --out <PATH> [OPTIONS]

Replays the recording through the real soroban-env-host and runs the proptest-generated deny suite. Writes the resulting SimReport JSON to --out.

Flags

Flag	Type	Default	Description
`SPEC_FILE`	`PathBuf` (positional)	required	Path to a `PolicySpec` JSON document.
`RECORDING_FILE`	`PathBuf` (positional)	required	Path to a `Recording` JSON document.
`--wasm-dir`	`PathBuf`	required	Directory containing one `slot_<i>/policy.wasm` per Track-B `Generated` slot. The output of `codegen`.
`--extra-deny`	`PathBuf`	—	Optional path to a JSON file containing a `Vec<DenyVector>` to append to the auto-generated deny suite.
`--out`	`PathBuf`	required	Destination path for the resulting `SimReport` JSON. Pretty-printed, deterministic.

Exit semantics

Exit 0 only when report.permit.passed is true and every report.deny_results[i].passed is true. Otherwise exits with the canonical E_* mapping (see Overview).

Behavior

The recording is replayed via direct enforce invocation in an in-process TestHost wrapping soroban-env-host.
The deny suite is generated by a proptest Strategy that produces per-primitive boundary mutations. Generated deny vectors are aligned to real OZ primitive error codes (SimpleThresholdError::NotAllowed = 3202, WeightedThresholdError::NotAllowed = 3213, SpendingLimitError::SpendingLimitExceeded = 3221, SpendingLimitError::NotAllowed = 3223) plus the template-emitted codes (1010-1070).
Deterministic for a fixed RNG seed.

Example

oz-policy-cli simulate spec.json recording.json \
  --wasm-dir ./out \
  --out report.json

cat report.json | python3 -c 'import json,sys; r=json.load(sys.stdin); print("permit:",r["permit"]); print("deny:",r["passed"],"/",r["total_vectors"])'

Errors

Exit code	Variant
`16`	`E_SIM_PERMIT_DENIED` (the policy rejected the original transaction)
`17`	`E_SIM_DENY_PASSED` (a deny vector was incorrectly admitted)