Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

What is an attestation?

An attestation is the signed record of a governance decision. It is the output of executeFromSignals and contains everything needed to independently verify the decision - by any party, at any time, without access to your infrastructure.

Attestation structure

{
  "executionId":           "88a9db95-5f31-4f0d-84de-28a3ec9e3c83",
  "execution_fingerprint": "43258cff783fe703...",
  "policyId":              "loan-approval",
  "policyVersion":         "1.0.0",
  "schemaVersion":         "1.0.0",
  "runtimeVersion":        "1.0.0",
  "runtimeHash":           "4ece56164e1a8809...",
  "signalsHash":           "43258cff783fe703...",
  "decision": {
    "action":            "approve",
    "requires_override": false,
    "reason":            "Credit score meets standard threshold."
  },
  "execution_state": "completed",
  "signature":       "TU6LMv5NJJm1KvM2..."
}

Field reference

FieldTypeDescription
executionIdUUIDUnique identifier for this specific execution event
execution_fingerprintSHA-256 hexsha256(canonicalize(signals)) - the replay protection key
policyIdstringWhich policy governed this decision
policyVersionsemverWhich version of the policy
schemaVersionsemverSchema version used for evaluation
runtimeVersionsemverRuntime version that produced this attestation
runtimeHashSHA-256 hexHash of the runtime itself - pins the exact code
signalsHashSHA-256 hexHash of the input signals
decision.actionstringThe governance outcome
decision.requires_overridebooleanWhether human override is required before execution
decision.reasonstringHuman-readable explanation of the decision
execution_statestring"completed" or "pending_override"
signaturebase64Ed25519 signature over the canonical payload

executionId vs execution_fingerprint

These are semantically distinct:
FieldWhat it identifiesHow it’s generated
executionIdThis specific execution eventcrypto.randomUUID() - random
execution_fingerprintThe content of the execution inputssha256(canonicalize(signals)) - deterministic
The execution_fingerprint is the replay protection key - same signals always produce the same fingerprint, and the second submission is rejected. The executionId is unique per event even if signals differ.

Verifying an attestation

import { verifyAttestation, LocalVerifier } from "@parmanasystems/core";

const verifier = new LocalVerifier(publicKey);
const result   = verifyAttestation(attestation, verifier);

console.log(result.valid);   // true if all checks pass
console.log(result.checks);
// {
//   signature_verified: true,
//   runtime_verified:   true,
//   schema_compatible:  true,
//   governed:           true,
// }

Storing attestations

Attestations are plain JSON - store them in any database. They remain verifiable forever as long as you keep the public key. 
// Store
import fs from "fs";
fs.writeFileSync("attestation.json", JSON.stringify(attestation, null, 2));

// Retrieve and verify later
const stored = JSON.parse(fs.readFileSync("attestation.json", "utf8"));
const result = verifyAttestation(stored, verifier);
For structured PostgreSQL-backed storage with querying support, use @parmanasystems/audit-db.

Decisions that require override

When decision.requires_override is true, the execution_state is "pending_override" and a human approver must explicitly sign off before execution proceeds. 
import { approveOverride } from "@parmanasystems/core";

const override = await approveOverride({
  executionId:   attestation.executionId,
  approved_by:   "user@example.com",
  approver_role: "risk-manager",
  reason:        "Manually reviewed and approved based on supporting documentation.",
});

See also