Skip to main content
AI systems can recommend actions. Parmana evaluates whether those actions are authorized to execute. Parmana is an Execution Authorization system. It determines whether an automated action is allowed to execute, produces a cryptographic record of every decision, and makes that record independently verifiable by any party — without access to your systems.

What Parmana does

When an AI agent or automated system proposes an action — approving a loan, processing a refund, escalating a patient, modifying infrastructure — Parmana evaluates that proposal against a signed policy, produces an attestation, and either authorizes or blocks execution. Every decision is:
  • authorized by a signed policy — policies are compiled, signed, and versioned before deployment. The runtime evaluates only signed bundles.
  • Reproducible from the same inputs — the same signals and policy version always produce the same decision on any runtime. No variance.
  • Cryptographically attested — every decision carries an Ed25519 signature over a canonical payload that includes the policy identity, signal hash, runtime identity, and decision outcome.
  • Independently verifiable — anyone with the public key can verify the attestation without database access, runtime access, or infrastructure access of any kind.
  • Replay-safe — every execution is keyed to an executionId. The same ID cannot execute twice.
Parmana is not a monitoring platform, an observability tool, an LLM framework, or a workflow engine. It controls execution authorization.

Architecture

Key capabilities

Same input, same decision

The same signals and policy version produce the same decision on every runtime, every time. No model variance, no timestamp dependence, no environmental drift.

No AI in the evaluation path

Decisions are produced by a policy rule engine. AI may generate signals or recommendations, but Parmana’s evaluation contains no probabilistic component.

Fail-closed execution

If the Authorization system runtime is not configured, if signing fails, or if replay protection is absent, execution is blocked. There is no fallback to unverified execution.

Replay protection

Every execution is keyed by executionId. Attempting to re-execute the same ID is blocked at the replay store. Distributed replay protection requires Redis.

Cryptographic attestation

Every decision produces an Ed25519-signed attestation over the canonical payload. The signature covers policy identity, signal hash, runtime identity, and decision outcome.

Independent verification

Verification requires only the attestation and the public key. No database, no runtime, no infrastructure access. Auditors, regulators, and counterparties can verify without involvement from your team.

Immutable policy lineage

Policies are versioned and signed at compile time. Deployed bundles cannot be modified. Every attestation records the exact policy version and bundle hash that produced it.

Override authority

When policy requires human review, execution enters pending_override state. A named, credentialed approver can authorize or reject the override. Both outcomes are cryptographically recorded.

Quick start

# Run the complete stack in under 5 minutes
cp .env.example .env          # set POSTGRES_PASSWORD and PARMANA_API_KEY
docker compose up -d
curl http://localhost:3000/health

Packages

PackageRole
@parmanasystems/corePolicy lifecycle, execution engine, verification, replay protection, canonical types
@parmanasystems/sdk-clientType-safe HTTP client for the Authorization system server
@parmanasystems/serverFastify Authorization system server — the deployable runtime
@parmanasystems/policy-enginePolicy creation, compilation, bundle signing
@parmanasystems/verifierStandalone attestation and bundle verification
@parmanasystems/execution-runtimeexecuteFromSignals, MemoryReplayStore, RedisReplayStore, override resolution
@parmanasystems/audit-dbPostgreSQL-backed audit storage
@parmanasystems/provenanceSignal provenance types, evidence hashing, source adapters
@parmanasystems/cryptoEd25519 primitives — sign, verify, key management
@parmanasystems/canonicalCanonical JSON serialization for signing
@parmanasystems/bundleBundle manifest, content-addressing, read/write

What Parmana is not

Parmana is not a replacement for your application logic, your AI model, or your workflow engine. It governs a specific question: is this action authorized to execute, and can that answer be proven?
  • It does not generate signals. Your system collects signals and passes them in.
  • It does not orchestrate workflows. It evaluates one decision at a time.
  • It does not store your business data. It stores decision records and audit evidence.
  • It does not require a SaaS connection. You deploy it in your own infrastructure.