> ## Documentation Index > Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt > Use this file to discover all available pages before exploring further. # Independent Verification > Verify any attestation using only the public key no server, no database, no infrastructure access ## What independent verification means Any party with the Ed25519 public key can verify any attestation without access to your database, your server, your network, or your source code. This is by design. Verification is stateless. The attestation is self-contained. The public key is the only external dependency. Distribute your public key to regulators, auditors, counterparties, or clients. They can verify any decision you have ever made, years after the fact, without involving your team. *** ## Minimal verification — TypeScript ```typescript theme={null} import { verifyAttestation, LocalVerifier, } from "@parmanasystems/core"; import fs from "node:fs"; // Only these two things are needed const publicKey = fs.readFileSync("trust/root.pub", "utf8"); const attestation = JSON.parse(fs.readFileSync("attestation.json", "utf8")); const verifier = new LocalVerifier(publicKey); const result = verifyAttestation(attestation, verifier); console.log(result.valid); // true — all fields are intact and the signature is valid if (!result.valid) { console.error("Verification failed:", result.checks); } ``` `verifyAttestation` is synchronous. It makes no network calls. It reads no files other than what you provide. *** ## Expected result A valid attestation returns: ```typescript theme={null} { valid: true, checks: { signature: "verified", runtime: "verified", schema: "verified" } } ``` An invalid attestation returns `valid: false` with one or more checks set to `"failed"`. *** ## Minimal verification — verifier-cli For parties without a Node.js environment, the `verifier-cli` provides a standalone command: ```bash theme={null} npm install -g @parmanasystems/verifier-cli parmana-verify \ --attestation attestation.json \ --public-key trust/root.pub ``` Expected output when valid: ``` ✓ Signature verified ✓ Runtime identity confirmed ✓ Schema compatible executionId: claim-CLM-2024-00441 policyId: claims-approval policyVersion: 1.0.0 decision.action: approve decision.reason: Approved: gold tier within standard limit. execution_fingerprint: a3f8d2c1e4b5f6a7... runtimeVersion: 1.0.0 signerKeyId: parmanasystems-root-2026 ``` Expected output when invalid: ``` ✗ Signature verification FAILED The attestation has been modified or the wrong public key was provided. Do not rely on this decision record. ``` *** ## What independent verification does NOT check Independent verification confirms the signature and schema. It does not: * Confirm that the `signals` values are accurate (that is your system's responsibility) * Confirm that the `policyId`/`policyVersion` bundle is the policy you intended (verify the `bundleHash` separately using `verifyBundle`) * Confirm that the action was actually taken (use `POST /confirm-execution` for that) *** ## Distributing the public key The public key is at `trust/root.pub`. It is a PEM-encoded Ed25519 public key: ``` -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEA... -----END PUBLIC KEY----- ``` This file is safe to distribute publicly. It contains no secret material. Include it in: * Your API documentation * Your compliance reports * Your contracts and terms of service * Your regulatory disclosures *** ## Audit workflow for regulators A regulator or auditor can verify any decision with this workflow: 1. Receive the attestation JSON from you (or retrieve it from your published audit log) 2. Receive your public key (from `trust/root.pub`) 3. Run verification: ```bash theme={null} npx @parmanasystems/verifier-cli verify-attestation \ --attestation provided-attestation.json \ --public-key provided-root.pub ``` 4. Read the output the decision, policy version, and rule matched are all in the verified output 5. If they want to confirm the policy content, compare the `bundleHash` from the attestation against the policy bundle you provide At no point do they need access to your database, your server, or your infrastructure. *** ## Troubleshooting **Verification fails for a valid attestation** The most common cause is using the wrong public key. Ensure the public key matches the `signerKeyId` in the attestation. If you have rotated keys, you need the public key from the key that was active when the attestation was produced. **`result.valid: false`, `checks.signature: "failed"`** One or more fields in the attestation JSON were modified after signing. Do not treat this attestation as proof. **verifier-cli not found** — Install with `npm install -g @parmanasystems/verifier-cli` or run with `npx @parmanasystems/verifier-cli verify-attestation ...`.