Package Exports
- @parmanasystems/execution
Readme
@parmanasystems/execution
Deterministic evaluation engine, attestation primitives, and signing interfaces.
Overview
@parmanasystems/execution is the core runtime layer. It evaluates policies against input signals, issues cryptographically signed execution tokens, enforces deterministic execution, and produces ExecutionAttestation records. All outputs are reproducible given the same policy version and signals.
Most applications should use @parmanasystems/core, which re-exports everything from this package. Use this package directly only when building custom runtimes or integrating at the primitive level.
Install
npm install @parmanasystems/executionUsage
import {
evaluatePolicy,
issueToken,
executeDecision,
LocalSigner,
LocalVerifier,
getRuntimeManifest,
} from "@parmanasystems/execution";
import crypto from "crypto";
const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519", {
privateKeyEncoding: { type: "pkcs8", format: "pem" },
publicKeyEncoding: { type: "spki", format: "pem" },
});
const signer = new LocalSigner(privateKey);
const verifier = new LocalVerifier(publicKey);
const signals = { credit_score: 712, requested_usd: 50_000 };
// Evaluate policy against signals
const decision = evaluatePolicy("loan-approval", "1.0.0", signals);
// Issue a signed execution token binding the decision
const { token, token_signature } = await issueToken(decision, signer);
// Execute and produce a signed attestation
const manifest = getRuntimeManifest();
const attestation = executeDecision({
token,
token_signature,
signer,
verifier,
runtime_manifest: manifest,
runtime_requirements: {},
execution_fingerprint: token.executionId,
});
console.log(attestation.execution_state); // "completed"
console.log(attestation.signature); // Ed25519 over canonical attestation JSONExports
Functions
| Export | Description |
|---|---|
evaluatePolicy |
Evaluate a policy definition against input signals; returns a DecisionResult |
executeDecision |
Run the deterministic execution pipeline (verify → execute → sign); returns ExecutionAttestation |
issueToken |
Create a signed ExecutionToken binding a decision to an execution identity |
verifyExecutionToken |
Verify an ExecutionToken signature |
getRuntimeManifest |
Return the current RuntimeManifest including the runtime content hash |
signRuntimeManifest |
Sign a RuntimeManifest with a Signer |
verifyRuntimeManifest |
Verify a signed RuntimeManifest |
validateSignals |
Validate input signals against a policy schema |
canonicalizeForSigning |
Produce a canonical JSON string suitable for signing |
hashInput |
SHA-256 hash of canonical input |
violate |
Throw an InvariantViolation with a structured violation report |
Classes
| Export | Description |
|---|---|
LocalSigner |
Ed25519 signer backed by a local PEM private key |
LocalVerifier |
Ed25519 verifier backed by a local PEM public key |
InvariantViolation |
Error subclass representing a deterministic invariant violation |
Types
| Export | Description |
|---|---|
ExecutionContext |
Full input context passed to executeDecision |
ExecutionAttestation |
Signed record of a completed governed execution |
ExecutionToken |
Signed intermediate artifact binding a decision to its execution identity |
RuntimeManifest |
Hash of runtime binary state included in every attestation |
Signer |
Interface for signing operations |
Verifier |
Interface for verification operations |
ReplayStore |
Interface for replay protection stores |
AsyncReplayStore |
Async variant of ReplayStore |
DecisionResult |
Resolved decision with status, outcome, rule ID, and source |
Documentation
Full docs: parmanasystems.mintlify.app Package page: parmanasystems.mintlify.app/packages/execution
License
Apache-2.0