Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

Parmana is a governance SDK for Node.js. Every automated decision it produces is cryptographically signed, deterministically reproducible, and independently verifiable by any party with the public key - with no access to your infrastructure required. Use Parmana when you need to prove - not just claim - that a decision was made according to specific rules, by a specific runtime, and cannot be tampered with after the fact.

The three guarantees

Deterministic

Same inputs always produce the same decision. No model variance, no timestamp dependence, no environmental drift.

Signed

Every decision carries an Ed25519 attestation over a canonical payload. Tamper-evident by construction.

Portable

Any party with the public key can verify independently. No database, no runtime, no infrastructure access needed.

Get started

What you get

import { executeFromSignals, verifyAttestation, LocalSigner, LocalVerifier, MemoryReplayStore } from "@parmanasystems/core";

const attestation = await executeFromSignals(
  { policyId: "loan-approval", policyVersion: "1.0.0", signals: { credit_score: 720, loan_amount: 15000 } },
  new LocalSigner(privateKey),
  new LocalVerifier(publicKey),
  new MemoryReplayStore()
);

console.log(attestation.decision);
// { action: "approve", requires_override: false, reason: "Credit score meets standard threshold." }

const result = verifyAttestation(attestation, new LocalVerifier(publicKey));
console.log(result.valid); // true - verifiable by anyone with the public key

Why governance needs to be deterministic

When an AI agent makes a consequential decision - approving a loan, escalating a patient, modifying infrastructure - you need more than a log entry. You need a cryptographic proof that:
  • The exact policy rules that governed the decision
  • The exact inputs that were evaluated
  • The exact runtime version that produced the outcome
can all be independently reconstructed and verified, years after the fact, by any party - without access to your systems.

Architecture: Deterministic Governance

Why governance must be deterministic to be trustworthy

Bring Your Own Infrastructure

Parmana is not a SaaS platform. It is an SDK you deploy in your own infrastructure.
  • Your keys - Ed25519 keypairs you generate and control. Integrate with AWS KMS, HashiCorp Vault, Azure Key Vault, or any HSM.
  • Your store - MemoryReplayStore for development, RedisReplayStore for production, or implement the ReplayStore interface for any backend - DynamoDB, PostgreSQL, custom.
  • Your database - attestations are plain JSON. Store them in PostgreSQL, S3, MongoDB, or your existing audit system.
  • Your framework - Express, Fastify, Next.js, Hono, Lambda. Parmana has no framework opinion.
Nothing leaves your infrastructure. You own the keys, the data, and the audit trail.

Custom Integrations (BYOI)

AWS KMS, HashiCorp Vault, DynamoDB, and custom ReplayStore implementations

Packages

PackageDescription
@parmanasystems/coreMain SDK - execute, verify, sign, replay protection
@parmanasystems/governancePolicy lifecycle - create, compile, sign, version
@parmanasystems/verifierStandalone attestation verification
@parmanasystems/verifier-cliCLI for policy compilation and verification
@parmanasystems/serverExpress governance server
@parmanasystems/sdk-clientHTTP client for the governance server
@parmanasystems/audit-dbPostgreSQL-backed audit storage
@parmanasystems/bundleCanonical JSON and content-addressing
@parmanasystems/cryptoEd25519 primitives