Skip to main content

Documentation Index

Fetch the complete documentation index at: https://parmanasystems.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The Parmana Systems server (@parmanasystems/server) exposes a Fastify REST API. The full OpenAPI 3.0 spec lives at openapi.json in the repository root and is referenced by this site’s mint.json. Base URL (local dev): http://localhost:3000 Authentication: Bearer token via Authorization: Bearer <token>. Only enforced when the PARMANA_API_KEY environment variable is set. Omit in development mode.

POST /execute

Execute a deterministic governance decision.

Request body

{
  "policyId":      "claims-approval",
  "policyVersion": "v1",
  "signals": {
    "insurance_active": true,
    "risk_score":       42,
    "vip_customer":     false,
    "claim_amount":     8500
  }
}
FieldTypeRequiredDescription
policyIdstringPolicy identifier
policyVersionstringExact policy version to evaluate against
signalsobjectKey/value map of governed input signals

Response 200 OK

{
  "status":           "ok",
  "executionId":      "a3f2b1c4d8e7f96a012b3c4d5e6f7890a1b2c3d4e5f6789012345678abcdef01",
  "decision":         { "action": "approve", "requires_override": false, "reason": "standard_approval" },
  "execution_state":  "completed",
  "requires_override": false,
  "signature":        "v4F7mK3nQs8rXpLw2YbD9eHtNcAoGiUjZlV0TfRkMyPh1CxBs6WqJ5IuEdOgPm4Qa3bZwF2K8BNrHc+Ts1YxXD=="
}
FieldTypeDescription
executionIdstringSHA-256 execution identity
decisionobjectGovernance outcome
execution_statestring"completed" / "blocked" / "pending_override"
requires_overridebooleanWhether human escalation is required
signaturestringEd25519 over canonical attestation JSON

Error responses

StatusMeaning
400Invalid request body (missing fields, wrong types)
413Request body too large
422Execution failure (invariant violation, no matching rule)
429Rate limit exceeded

Example (curl)

curl -X POST http://localhost:3000/execute \
  -H "Content-Type: application/json" \
  -d '{
    "policyId":      "claims-approval",
    "policyVersion": "v1",
    "signals": {
      "insurance_active": true,
      "risk_score":       42,
      "vip_customer":     false,
      "claim_amount":     8500
    }
  }'

POST /verify

Verify the cryptographic signature and runtime provenance of an ExecutionAttestation.

Request body

The canonical flattened ExecutionAttestation: 
{
  "executionId":     "a3f2b1c4d8e7...",
  "decision":        { "action": "approve", "requires_override": false },
  "execution_state": "completed",
  "runtimeHash":     "8f4a2e9c1b3d...",
  "signature":       "v4F7mK3nQs8r..."
}
FieldTypeRequiredDescription
executionIdstringExecution identity to verify
decisionobjectDecision payload to verify against
execution_statestringExpected execution state
runtimeHashstringExpected runtime hash
signaturestringBase64 Ed25519 signature to verify

Response 200 OK

{
  "valid": true,
  "checks": {
    "signature_verified": true,
    "runtime_verified":   true,
    "schema_compatible":  true
  }
}
FieldTypeDescription
validbooleantrue if all checks pass
checks.signature_verifiedbooleanEd25519 signature is valid
checks.runtime_verifiedbooleanRuntime hash matches expected
checks.schema_compatiblebooleanSchema version is compatible

Example (curl)

curl -X POST http://localhost:3000/verify \
  -H "Content-Type: application/json" \
  -d '{
    "executionId":     "a3f2b1c4d8e7...",
    "decision":        { "action": "approve", "requires_override": false },
    "execution_state": "completed",
    "runtimeHash":     "8f4a2e9c1b3d...",
    "signature":       "v4F7mK3nQs8r..."
  }'

Starting the server

# Development
npm run dev --workspace=packages/server

# Production
npm run build --workspace=packages/server
node packages/server/dist/index.js
Environment variables:
VariableDescriptionDefault
PORTServer port3000
PARMANA_API_KEYEnable Bearer authunset (auth disabled)
REDIS_URLRedis for replay storeunset (uses memory)
DATABASE_URLPostgreSQL for audit-dbunset (audit disabled)

TypeScript client

Use @parmanasystems/sdk-client for type-safe access: 
import { ParmanaClient } from "@parmanasystems/sdk-client";

const client = new ParmanaClient({ baseUrl: "http://localhost:3000" });

const result = await client.execute({
  policyId:      "claims-approval",
  policyVersion: "v1",
  signals:       { insurance_active: true, risk_score: 42, vip_customer: false, claim_amount: 8500 },
});
See @parmanasystems/sdk-client for full documentation.