# @parmanasystems/execution-runtime

Deterministic governance runtime enforcement for Parmana Systems.

`@parmanasystems/execution-runtime` executes governed decisions using:
- deterministic policy evaluation
- replay-safe execution semantics
- fail-closed runtime enforcement
- governed provenance continuity
- portable runtime verification
- immutable execution lineage

This package is the operational enforcement boundary of the Parmana governance ecosystem.

AI systems may generate signals or recommendations.

Only deterministic governed runtime execution may execute decisions.

---

# Installation

```bash
npm install @parmanasystems/execution-runtime

What This Package Provides

@parmanasystems/execution-runtime provides:

• governed runtime execution
• deterministic policy enforcement
• replay-safe execution identity
• runtime provenance continuity
• execution attestations
• governed audit evidence
• portable runtime execution
• fail-closed governance enforcement

The runtime is deterministic: the same:

• policy
• signals
• runtime lineage
• governance artifacts

always produce the same execution result.

Runtime Design Principles

The runtime is designed around strict governance invariants:

• deterministic execution
• replay-safe execution
• fail-closed behavior
• portable governance execution
• immutable execution lineage
• explicit runtime configuration
• no implicit trust assumptions
• no runtime external fetching

The runtime never:

• relies on hidden state
• mutates governance lineage
• introduces nondeterministic evaluation
• delegates execution authority to AI systems

Example

Execute Governed Decision

import {

  executeFromSignals,

  MemoryReplayStore,

} from "@parmanasystems/execution-runtime";

import {

  LocalSigner,

  LocalVerifier,

} from "@parmanasystems/execution";

import crypto from "node:crypto";

import path from "node:path";

// --------------------------------------------------
// Ephemeral runtime signing authority
// --------------------------------------------------

const { privateKey, publicKey } =
  crypto.generateKeyPairSync(
    "ed25519",
    {
      privateKeyEncoding: {
        type: "pkcs8",
        format: "pem",
      },

      publicKeyEncoding: {
        type: "spki",
        format: "pem",
      },
    }
  );

const signer =
  new LocalSigner(
    privateKey
  );

const verifier =
  new LocalVerifier(
    publicKey
  );

// --------------------------------------------------
// Replay-safe execution store
// --------------------------------------------------

const replayStore =
  new MemoryReplayStore();

// --------------------------------------------------
// Explicit runtime environment
// --------------------------------------------------

const runtimeEnvironment = {

  policiesRootPath:
    path.resolve(
      "./policies"
    ),

  trustPublicKeyPath:
    path.resolve(
      "./trust/root.pub"
    ),

  trustRootPath:
    path.resolve(
      "./trust/trust-root.json"
    ),

  releaseManifestPath:
    path.resolve(
      "./release-manifest.json"
    ),
};

// --------------------------------------------------
// Execute governed decision
// --------------------------------------------------

const result =
  await executeFromSignals({

    executionId:
      crypto.randomUUID(),

    policyId:
      "claims-approval",

    policyVersion:
      "1.0.0",

    signals: {

      claim_amount:
        1200,

      vip_customer:
        false,
    },

    signer,

    verifier,

    replayStore,

    runtimeEnvironment,
  });

console.log(
  JSON.stringify(
    result,
    null,
    2
  )
);

Replay-Safe Execution

Execution identity is immutable.

Each execution:

• consumes a unique execution identity
• produces immutable provenance
• persists replay continuity
• maintains deterministic lineage

Retries must generate new execution identities.

Replay protection is fail-closed.

Fail-Closed Enforcement

Invalid:

• provenance
• trust lineage
• runtime lineage
• policy structure
• governance continuity
• execution signatures

cause execution failure.

The runtime never executes partially trusted governance decisions.

Portable Runtime Execution

The runtime is portable across:

• local development
• CI systems
• regulated infrastructure
• customer-managed environments
• isolated audit environments

Execution portability does not depend on:

• repository layout
• workspace assumptions
• runtime ownership
• hidden infrastructure state

Runtime Provenance

Execution outputs contain governed provenance including:

• runtime lineage
• bundle continuity
• manifest continuity
• trust-root continuity
• evaluator continuity
• execution fingerprints

This enables:

• independent auditability
• replay reconstruction
• portable verification
• external admissibility validation

Deterministic Governance Boundary

Parmana separates:

• AI evaluation
• governance enforcement
• independent verification

AI systems may recommend actions.

The runtime determines:

• whether execution is permitted
• whether governance continuity is valid
• whether replay invariants hold
• whether provenance continuity is admissible

Execution authority remains deterministic.

Security Model

The runtime is designed for:

• regulated environments
• compliance-sensitive execution
• independently verifiable governance
• portable audit reconstruction
• deterministic operational enforcement

The runtime assumes:

• explicit governance configuration
• immutable execution evidence
• deterministic policy semantics
• governed trust continuity

No implicit trust assumptions are permitted.

Ecosystem Role

@parmanasystems/execution-runtime is the operational enforcement layer of the Parmana Systems ecosystem.

It provides:

• deterministic governed execution
• replay-safe operational enforcement
• portable runtime execution
• governed provenance continuity
• execution attestations
• fail-closed governance enforcement

across distributed runtime environments.

License

Apache-2.0