Package Exports

@parmanasystems/server
@parmanasystems/server/package.json

Readme

@parmanasystems/server

Deterministic governance runtime server for enforceable execution, replay-safe admissibility, runtime provenance continuity, and independently verifiable governance enforcement.

Overview

@parmanasystems/server provides the deployable runtime enforcement layer for Parmana Systems.

The server acts as:

a deterministic governance execution boundary
a replay-safe admissibility layer
a runtime provenance authority
a cryptographic attestation surface
an independently verifiable governance runtime

The server is responsible for:

deterministic policy evaluation
governed execution enforcement
replay-safe execution identity validation
runtime provenance generation
execution attestation issuance
admissibility enforcement
fail-closed governance validation

Core Principle

AI systems may recommend actions.

Parmana determines whether actions are admissible to execute.

The runtime server enforces:

deterministic governance policy
immutable lineage continuity
replay-safe execution semantics
cryptographic trust continuity
externally verifiable admissibility

What This Package Does

@parmanasystems/server:

executes deterministic governance evaluation
validates governed policy admissibility
enforces replay-safe execution semantics
issues execution attestations
generates runtime provenance
validates governed runtime compatibility
exposes deterministic governance APIs
enables independent external verification
enforces fail-closed governance behavior

What This Package Does NOT Do

@parmanasystems/server does not:

perform AI inference
determine business truth
probabilistically orchestrate execution
silently recover from invalid trust states
mutate immutable governance lineage
override deterministic governance policy
bypass replay protection
permit partial governance validation

Installation

npm install @parmanasystems/server

Quickstart

Start Local Governance Runtime

npm run dev

Example runtime:

Parmana governance runtime listening on port 3000

Deterministic Governance Evaluation

Request

POST /evaluate
Content-Type: application/json

{
  "policyId": "claims-approval",
  "policyVersion": "1.0.0",
  "signals": {
    "claim_amount": 1200,
    "vip_customer": false
  }
}

Response

{
  "decision": "approved",
  "execution_id": "exec_01",
  "execution_fingerprint": "sha256:...",
  "signature": "...",
  "provenance": {
    "runtimeHash": "sha256:...",
    "policyHash": "sha256:..."
  }
}

Deterministic Guarantees

@parmanasystems/server enforces:

deterministic evaluation semantics
immutable execution lineage
replay-safe execution identity
canonical execution hashing
deterministic attestation issuance
governed admissibility enforcement
runtime provenance continuity
fail-closed verification behavior

Identical governed inputs produce identical deterministic outcomes.

Replay Protection Semantics

Execution identities are single-use governance events.

The runtime server validates:

execution uniqueness
immutable execution lineage
replay-safe admissibility
deterministic replay rejection

Replay attempts are rejected.

Example:

✖ replay invariant violation
✖ execution identity already consumed

Runtime Provenance

The runtime server generates deterministic provenance including:

runtime identity
runtime manifest lineage
policy lineage
execution lineage
canonical execution hashes
governed compatibility metadata

Runtime provenance enables:

independent verification
portable auditability
deterministic reconstruction
external trust validation

Execution Attestations

The server issues signed execution attestations containing:

execution identity
policy lineage
runtime provenance
canonical execution hash
admissibility outcome
deterministic verification metadata

Attestations are independently verifiable.

Fail-Closed Governance Enforcement

The runtime server intentionally rejects:

invalid provenance
replay violations
incompatible runtime lineage
invalid trust roots
invalid signatures
incompatible schema versions
policy admissibility violations
runtime continuity divergence

Example:

✖ runtime provenance mismatch
✖ execution rejected

Silent fallback behavior is intentionally forbidden.

Architecture Boundaries

The runtime server:

enforces deterministic governance
validates admissibility
generates provenance
issues attestations
preserves immutable lineage

The runtime server does not:

determine business truth
replace AI systems
override deterministic policy
probabilistically orchestrate execution

Parmana preserves a strict separation between:

AI recommendation
deterministic governance enforcement

Deployment Model

Parmana uses a BYOI (Bring Your Own Infrastructure) deployment model.

Customers manage:

infrastructure
compute
storage
AI systems
cloud environments

Parmana provides:

deterministic governance enforcement
admissibility validation
provenance continuity
replay-safe execution
cryptographic attestations
independent verification semantics

Docker Deployment

docker compose up

Example deployment components:

governance runtime
PostgreSQL
Redis replay protection
audit storage

OpenAPI Support

The runtime server exposes deterministic OpenAPI artifacts for:

SDK generation
compatibility validation
governance API portability
deterministic schema verification

OpenAPI export:

npm run export:openapi

Observability And Auditability

The runtime server exposes:

execution audit lineage
replay rejection visibility
provenance continuity
attestation verification history
runtime compatibility evidence
governance execution traces

These capabilities support:

external audit workflows
incident reconstruction
regulatory review
governance evidence validation

Security Model

@parmanasystems/server uses:

Ed25519 signatures
canonical payload hashing
immutable trust roots
replay-safe execution semantics
deterministic provenance generation
fail-closed validation
governed admissibility enforcement

All verification behavior is intentionally deterministic.

External Verification Workflow

Typical workflow:

submit governed signals
evaluate deterministic policy
issue execution attestation
persist immutable provenance
verify runtime continuity
externally validate admissibility

External verification can validate:

execution admissibility
provenance continuity
replay integrity
release lineage
trust-root continuity
runtime compatibility

Compatibility Model

The runtime server validates compatibility across:

runtime versions
policy versions
schema versions
provenance lineage
governed artifacts
release manifests

Incompatible lineage is rejected.

Portable Verification

Governed execution produced by the runtime server is designed for:

external verification
clean-room verification
independent audit validation
reproducible governance evidence
portable provenance continuity

Verification does not require:

repository source access
internal workspace state
monorepo coupling

Example Use Cases

Financial Approval Governance

Deterministically enforce admissibility for governed financial execution.

Healthcare Decision Governance

Enforce replay-safe deterministic policy evaluation for regulated workflows.

Regulatory Audit Reconstruction

Reconstruct execution lineage and provenance continuity independently.

Enterprise AI Governance

Enforce deterministic governance boundaries around AI-recommended actions.

Non-Goals

Parmana runtime server does not:

replace AI systems
determine factual correctness
provide probabilistic orchestration
bypass deterministic policy
override governed admissibility

License

Apache-2.0