Skip to main content

The requirement

An authority verification outcome must be reproducible. If a regulator, auditor, or counterparty presents the same policy, the same signals, and asks “what should the decision have been?” — the answer must be provable, not re-derived probabilistically. This requires that the evaluation engine produce the same output for the same input, every time, on every system that runs it.

How Parmana achieves this

No randomness in the evaluation path. Policy rules evaluate signals against conditions using only deterministic comparisons: equals, greater_than, less_than, greater_than_or_equal, less_than_or_equal, and logical combinations of these. No random sampling, no probabilistic scoring. No time dependence. Evaluation does not read the system clock. Conditions cannot depend on “is today before some date.” This prevents the same inputs from producing different outputs at different times. No external calls. The policy evaluation engine makes no network calls, reads no external state, and does not access databases. The only inputs are the signals you provide and the compiled policy bundle. Canonical serialization before hashing. Before computing the execution_fingerprint, signals are serialized using a canonical JSON algorithm (canonicalizeForSigning) that produces the same byte sequence regardless of key insertion order. { "a": 1, "b": 2 } and { "b": 2, "a": 1 } produce the same fingerprint.

Canonical serialization

import { canonicalize, canonicalizeForSigning, SIGNING_DOMAINS } from "@parmanasystems/core";

const signals = { claimAmount: 1200, customerTier: "gold", priorFraudSignals: false };

// Canonical JSON — deterministic key ordering
const canonical = canonicalize(signals);
// '{"claimAmount":1200,"customerTier":"gold","priorFraudSignals":false}'

// Canonical form for signing — includes domain separator
const forSigning = canonicalizeForSigning(signals, SIGNING_DOMAINS.audit);
The SIGNING_DOMAINS object contains domain separators that prevent cross-context signature confusion: 
export const SIGNING_DOMAINS = {
  token: "PARMANA_TOKEN_V1",
  audit: "PARMANA_AUDIT_V1",
};

What this means for reproduction

Given:
  • The policy bundle at a specific policyId and policyVersion
  • The exact signals (normalized and canonicalized)
  • A runtime that implements the same evaluation semantics
Any party can reproduce the decision. They do not need access to your database, your server, or your history. They evaluate the policy against the signals and get the same result. This is provable because:
  1. The bundleHash in the attestation identifies the exact policy content
  2. The signalsHash in the attestation is the SHA-256 of the canonical signals
  3. The evaluatorSemanticHash identifies the evaluation semantics
  4. The decision is part of the signed payload — it cannot have been altered after signing

Policy rule evaluation order

Rules are evaluated in the order they appear in policy.json. The first rule whose condition matches wins. No further rules are evaluated. 
{
  "rules": [
    { "id": "rule-1", "condition": { "signal": "fraudScore", "greater_than": 0.8 }, "outcome": { ... } },
    { "id": "rule-2", "condition": { "signal": "amount", "greater_than": 10000 }, "outcome": { ... } },
    { "id": "catch-all", "condition": { "all": [] }, "outcome": { ... } }
  ]
}
  • If fraudScore > 0.8, rule-1 fires. rule-2 and catch-all are never evaluated.
  • If fraudScore <= 0.8 and amount > 10000, rule-2 fires.
  • If neither condition matches, catch-all fires.
A policy without a catch-all rule will throw [SYS-006] if no rule matches. Always include a catch-all.

What this is not

  • Not a model. There is no probability distribution, no embedding, no language model in the evaluation path.
  • Not “AI governance.” Parmana governs whether an action executes. It does not govern AI model behavior or output quality.
  • Not approximate. The evaluation is exact. There are no confidence scores. The decision is binary (or from a fixed set of defined outcomes) and fully reproducible.