Skip to main content

Endpoint

GET /runtime/manifest
Authorization: Bearer <api-key>
The runtime manifest describes the currently running Parmana environment. It provides metadata that allows auditors, verifiers, operators, and external systems to understand:
  • Which runtime is executing
  • Which capabilities are enabled
  • Which schema versions are supported
  • Whether signing is operational
  • Whether replay protection is active

Why Runtime Manifests Exist

Authorization decisions are only meaningful if the runtime producing them is known. The runtime manifest exposes information about the execution environment. 
Runtime

Capabilities

Configuration

Verification
This allows external systems to verify that they are interacting with the expected Parmana runtime.

Example Request

GET /runtime/manifest

Example Response

{
  "version": "1.0.0",
  "runtimeHash": "f55711983deddba4b6ad3d9d63017980641d242142e8e6e0602f77e0f54c4eb0",
  "capabilities": [
    "deterministic-evaluation",
    "attestation-signing",
    "replay-protection",
    "bundle-verification"
  ],
  "supportedSchemaVersions": [
    "1.0.0"
  ],
  "startedAt": "2026-06-14T12:31:11.411Z",
  "signingKeyStatus": "ok",
  "auditDbStatus": "unconfigured",
  "replayProtection": true
}

Response Fields

version

Runtime version. 
{
  "version": "1.0.0"
}
Represents the runtime release currently executing.

runtimeHash

Deterministic runtime identifier. 
{
  "runtimeHash": "f55711983deddba4b6ad3d9d63017980641d242142e8e6e0602f77e0f54c4eb0"
}
Used for provenance, verification, and audit workflows.

capabilities

Features supported by the runtime. 
{
  "capabilities": [
    "deterministic-evaluation",
    "attestation-signing",
    "replay-protection",
    "bundle-verification"
  ]
}
Common capabilities include:
CapabilityDescription
deterministic-evaluationDeterministic policy evaluation
attestation-signingCryptographic attestation generation
replay-protectionReplay attack prevention
bundle-verificationBundle and provenance verification

supportedSchemaVersions

Policy schema versions supported by the runtime. 
{
  "supportedSchemaVersions": [
    "1.0.0"
  ]
}
Clients can use this field to determine compatibility.

startedAt

Runtime startup timestamp. 
{
  "startedAt": "2026-06-14T12:31:11.411Z"
}
Useful for operational monitoring and diagnostics.

signingKeyStatus

Signing subsystem status. 
{
  "signingKeyStatus": "ok"
}
Possible values: 
ok
unavailable
error
When signing is unavailable, attestation generation may fail.

auditDbStatus

Audit persistence status. 
{
  "auditDbStatus": "configured"
}
or 
{
  "auditDbStatus": "unconfigured"
}
Indicates whether audit persistence is enabled.

replayProtection

Replay protection status. 
{
  "replayProtection": true
}
When enabled, Parmana prevents replay of protected operations.

Operational Uses

Health Verification

External systems can confirm: 
Runtime Online

Signing Operational

Replay Protection Enabled

Deployment Validation

Operators can verify:
  • Runtime version
  • Runtime hash
  • Capability set
  • Startup status
after deployment.

Audit Verification

Auditors can record: 
Runtime Version
Runtime Hash
Capability Set
Schema Compatibility
alongside authorization evidence.

Integration Validation

Before submitting requests, clients can verify: 
Supported Schema Versions
Runtime Availability
Signing Status

Example — curl

curl \
  -H "Authorization: Bearer $PARMANA_API_KEY" \
  https://your-runtime/runtime/manifest

Error Responses

401 Unauthorized

{
  "error": "Unauthorized"
}
Missing or invalid API key.

500 Internal Error

{
  "error": "Failed to load runtime manifest"
}
Unexpected runtime failure.

Runtime Verification

The runtime manifest provides visibility into the environment producing authorization decisions. It allows external systems to independently confirm: 
Which runtime evaluated the policy?
Which capabilities were enabled?
Which schema versions were supported?
Was signing operational?
Was replay protection active?

How Runtime Manifest Fits Into Parmana

Runtime

Capabilities

Evaluation

Attestation

Verification
The runtime manifest provides metadata about the environment that produces Parmana decisions and attestations. It helps operators, auditors, and integrators understand and verify the runtime responsible for policy enforcement.