Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

The problem

Automated systems make thousands of decisions per day. When something goes wrong - a loan incorrectly rejected, a transaction incorrectly flagged, an AI agent taking an unexpected action - you need to answer:
  • What decision was made?
  • Which rules governed it?
  • Can I prove it wasn’t tampered with after the fact?
  • Can an auditor verify it independently, without access to my infrastructure?
Most systems answer these with logs. Logs can be altered. Parmana answers with cryptographic attestations.

The three guarantees

1. Deterministic

Same inputs always produce the same decision. The execution_fingerprint is a SHA-256 hash of the canonical input signals - any system can reproduce it from the inputs alone, regardless of language, platform, or time.

2. Signed

Every decision carries an Ed25519 signature over the complete attestation payload. The signature is computed over canonical (sorted-key, NFC-normalized, CRLF-normalized) JSON - ensuring it verifies identically on any platform.

3. Portable

Any party with the public key can independently verify any attestation. No access to your infrastructure required. The attestation is a self-contained proof - verifiable five minutes or five years after it was issued.

How a decision flows

Signals + Policy

validateSignalsStrict()     ← schema check: rejects unknown signals, wrong types, missing required

reserve(fingerprint)        ← replay protection phase 1: atomic reservation

evaluatePolicy()            ← first-match-wins rule evaluation

issueToken()                ← build the signed payload

signer.sign(canonical)      ← Ed25519 signature over canonical JSON

confirm(fingerprint)        ← replay protection phase 2: atomic confirmation

ExecutionAttestation        ← the signed, portable result
The sequence is enforced by the runtime. There is no shortcut - every step must succeed before the next runs.

Policies

A policy is a JSON file that declares the signals it accepts (signalsSchema) and the rules that govern decisions (rules). Rules are evaluated top to bottom - the first matching rule wins. 
{
  "policyId": "loan-approval",
  "policyVersion": "1.0.0",
  "schemaVersion": "1.0.0",
  "signalsSchema": {
    "credit_score": { "type": "integer" },
    "loan_amount":  { "type": "integer" }
  },
  "rules": [
    {
      "id": "approve-standard",
      "condition": { "signal": "credit_score", "greater_than": 700 },
      "outcome": { "action": "approve", "requires_override": false, "reason": "Credit score meets standard threshold." }
    },
    {
      "id": "catch-all",
      "condition": { "all": [] },
      "outcome": { "action": "manual_review", "requires_override": true, "reason": "Credit score requires manual review." }
    }
  ]
}

Attestations

An attestation is the signed record of a governance decision. It contains the decision, the policy that governed it, the signals that were evaluated, and a cryptographic signature over all of it. See Attestations for the complete field reference.

Replay protection

Each execution_fingerprint can only be consumed once. A second call with the same signals throws INV-013. This prevents double-execution of consequential actions. See Replay Protection.

When to use Parmana

  • AI agent tool execution governance
  • Automated loan, credit, and insurance decisions
  • Compliance-critical triage and escalation
  • Risk scoring and fraud flagging
  • Any decision that must be auditable and independently verifiable

When not to use Parmana

  • Simple if/else logic with no audit requirement
  • Real-time systems where sub-millisecond latency is critical
  • Decisions that don’t need to be independently verified

Going deeper