JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 7733
  • Score
    100M100P100Q113231F
  • License Apache-2.0

Deterministic governance artifact packaging and manifest infrastructure for parmanasystems.

Package Exports

  • @parmanasystems/bundle

Readme

@parmanasystems/bundle

Governance artifact packaging - canonical manifests, content-addressed hashing, and bundle verification.

npm

Overview

@parmanasystems/bundle handles the packaging of policy artifacts into reproducible, content-addressed bundles. It produces and verifies BundleManifest records that commit to all policy files via SHA-256, with canonical JSON serialization ensuring deterministic hashes across environments.

Most applications should use @parmanasystems/governance which wraps this package's primitives in a higher-level generateBundle function. Use this package directly only when you need low-level manifest operations.

Install

npm install @parmanasystems/bundle

Usage

import {
  canonicalize,
  generateManifest,
  verifyManifest,
  readManifest,
  writeManifest,
} from "@parmanasystems/bundle";

// Canonical JSON serialization (recursive key sort - deterministic across environments)
const canonical = canonicalize({ z: 1, a: 2 });
// '{"a":2,"z":1}'

// Generate a content-addressed manifest for a policy directory
const manifest = generateManifest(
  "loan-approval",  // policyId
  "1.0.0",          // policyVersion
  "./policies/loan-approval/1.0.0"
);
console.log(manifest.bundle_hash); // SHA-256 hex digest of all artifacts

// Write manifest to disk
writeManifest(manifest, "./policies/loan-approval/1.0.0");
// → writes ./policies/loan-approval/1.0.0/bundle.manifest.json

// Read a previously written manifest
const loaded = readManifest("./policies/loan-approval/1.0.0/bundle.manifest.json");

// Verify a bundle directory against its manifest
const result = verifyManifest(
  "./policies/loan-approval/1.0.0",
  loaded
);
console.log(result.valid);                // true or false
console.log(result.actual_bundle_hash);   // recomputed hash from disk
console.log(result.expected_bundle_hash); // hash recorded in manifest

Exports

Functions

Export Description
canonicalize Recursively sort keys and serialize to canonical JSON string
generateManifest Compute SHA-256 content hash of a bundle directory and return a BundleManifest
verifyManifest Verify a BundleManifest against its directory contents
readManifest Read and parse a bundle.manifest.json from disk
writeManifest Write a BundleManifest to bundle.manifest.json
traverseDirectory Walk a directory and collect artifact paths with their SHA-256 hashes
sha256 Compute the SHA-256 hex digest of a string

Types

Export Description
BundleManifest Content-addressed manifest describing all policy artifacts
BundleArtifact Single artifact entry with normalized path and SHA-256 hash
VerifyResult Result of verifyManifest - valid flag and expected/actual hashes

Documentation

Full docs: parmanasystems.mintlify.app Package page: parmanasystems.mintlify.app/packages/bundle

License

Apache-2.0