Skip to main content

Authorization Flow

The Authorization Flow defines how Parmana evaluates AI-generated signals and produces enforceable execution outcomes. It is fully deterministic and independent of AI model variability.

System Flow

AI → Signals → Governance → Authorization Decision → Execution Runtime → Attestation
1. Signal ingestion

AI systems generate signals representing proposed actions, observations, or intent.

These signals are structured inputs to the system.

2. Governance evaluation

Signals are passed into the Governance layer (@parmanasystems/governance).

Governance applies:

signed policies
deterministic rules
authorization constraints

No probabilistic reasoning is involved.

3. Authorization Decision generation

Governance produces an Authorization Decision.

This decision is:

deterministic
reproducible
bound to a specific policy version

It is the only valid outcome of governance evaluation.

4. Execution Runtime enforcement

The Execution Runtime enforces the Authorization Decision.

It ensures:

replay protection via executionId
deterministic enforcement behavior
rejection of unauthorized execution attempts

If validation fails, execution is blocked.

5. Attestation generation

Each Authorization Decision produces a cryptographic attestation.

The attestation includes:

policy version
signal hash
decision outcome
runtime identity

It can be independently verified using public keys.

Properties of Authorization Flow
Deterministic

Identical inputs always produce identical outputs.

Secure

Unauthorized or invalid executions are blocked.

Replay-safe

Each execution is uniquely bound and cannot be replayed.

Verifiable

All decisions are independently verifiable without system access.

Summary

Parmana enforces strict separation of concerns:

AI generates signals
Governance evaluates signals
Authorization Decision is computed deterministically
Execution Runtime enforces decisions
Attestation ensures verifiability