> ## Documentation Index > Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt > Use this file to discover all available pages before exploring further. # @parmanasystems/verifier > Standalone attestation verification without the full execution runtime A lightweight package for verifying governance attestations without the full execution runtime. Use this in auditing services, third-party verifiers, or any context where you only need to verify - not execute. ## Install ```bash theme={null} npm install @parmanasystems/verifier ``` ## Key exports | Export | Description | | ------------------- | ----------------------------------------------------------- | | `verifyAttestation` | Verify signature, runtime hash, bundle hash, and invariants | | `verifyBundle` | Verify a policy bundle's content integrity and signature | | `LocalVerifier` | Ed25519 verifier from a PEM public key | ## Verifying an attestation ```typescript theme={null} import { verifyAttestation, LocalVerifier } from "@parmanasystems/verifier"; const verifier = new LocalVerifier(process.env.GOVERNANCE_PUBLIC_KEY!); const result = verifyAttestation(attestation, verifier); if (!result.valid) { console.error("Attestation invalid:", result.errors); } console.log(result.checks); // { // signature_verified: true, // runtime_verified: true, // schema_compatible: true, // governed: true, // } ``` ## Verifying a policy bundle ```typescript theme={null} import { verifyBundle } from "@parmanasystems/verifier"; const result = verifyBundle( "./policies/loan-approval/1.0.0/bundle.manifest.json", "./policies/loan-approval/1.0.0/bundle.sig", "./trust/root.pub" ); console.log(result.valid); // true only if content and signature verify ``` ## Offline verification Attestations are self-contained - you can verify them with only the public key, no network or database access required: ```typescript theme={null} import fs from "fs"; import { verifyAttestation, LocalVerifier } from "@parmanasystems/verifier"; const attestation = JSON.parse(fs.readFileSync("attestation.json", "utf8")); const verifier = new LocalVerifier(fs.readFileSync("public.pem", "utf8")); const result = verifyAttestation(attestation, verifier); console.log(result.valid); // true - verified with no infrastructure access ``` This works five minutes after signing or five years after signing. The verification result is identical regardless of when or where it runs. ## See also * [Attestations](/concepts/attestations) - what an attestation contains * [Portable Verification](/architecture/portable-verification) - why verification is infrastructure-independent * [Verifier CLI](/packages/verifier-cli) - verify from the command line