Bury it in the desert. Wear gloves
Polkit problem is that it was designed by people with brains made of cabbage. Open source can not help you if your brain is made of cabbage. Open source can not help you if you use software written by cabbage brains.
Imagine you wanted to look at a system and statically answer question: 'who has privileged access?'. If that system uses polkit then to answer this question you must evaluate programs written in JavaScript. JavaScript is trivially Turing-complete language so in general that means that you can not answer this question, even in principle. Oh, yes, now cabbage-brains will say that no, is not halting problem here as computations are time limited. Yes: time-limited, so now to know if a computation completes or times out and fails you will need merely to store the entire physical state of the machine running it and replay it, accounting for any possible events which may alter timings like, well, anything. Which is a problem you can solve in principle ... if you can store the entire state of the past light cone of the computation, which is laughably impossible.
Solution to polkit is simple: bury it in the desert. Wear gloves.