Verified Signals + Policy → Governance → Authorization Decision
Policy structure

All policies are:

signed
versioned
immutable after deployment
cryptographically verifiable
How policies are used

Governance loads policies from the Governance system (@parmanasystems/governance) and evaluates:

verified signals
policy constraints
execution rules

This produces an Authorization Decision.

Policy lifecycle
Policy is defined by humans
Policy is signed
Policy is deployed
Governance evaluates against policy
Decisions are produced
Decisions are attested
Why policies matter

Policies are the ONLY source of authority in the system.

They ensure:

deterministic evaluation
reproducible decisions
enforceable constraints
auditability
What policies are NOT

Policies are NOT:

AI-generated outputs
runtime heuristics
probabilistic models
execution logic
Governance dependency

Governance is the execution layer for policies.

Policies → Governance → Authorization Decision
Key invariant

Policies define authority
Governance enforces authority
Execution follows authority

Summary

Policies are the foundation of deterministic authority in Parmana.

They ensure:

humans define rules
governance enforces rules
execution is strictly controlled