parmana monorepo’s core runtime is split into eight focused packages under packages/. Each has a single, well-defined responsibility, and dependencies flow in one direction — shared has no internal dependencies, while api depends on nearly everything else as the composition root.
Package responsibilities
| Package | Responsibility |
|---|---|
shared | Canonical domain model, repository contracts, immutable trust artifacts. |
runtime | Application workflow, runtime orchestration, the execution pipeline, ExecutionTrustApplication. |
storage | Repository implementations — in-memory today, with PostgreSQL/Supabase and other cloud adapters as the storage-agnostic design allows. |
crypto | Canonical serialization, hashing, digital signatures, receipt generation. |
replay | Replay verification, deterministic validation, execution comparison. |
verification | Verification engines, evidence validation, compliance verification. |
policy | Policy evaluation, decision generation, business rule execution. |
api | REST interface, authentication, HTTP transport, application composition root. |
Why this split
Each package maps directly onto one stage of the canonical trust model:policy produces Decisions, runtime orchestrates Execution, verification produces Verifications, crypto produces Receipts, and replay re-derives outcomes independently of the original run. No package reaches into another’s internals — they interact only through the contracts defined in shared.
SDK and language surfaces
Outsidepackages/, the monorepo also has:
typescript/— the published TypeScript SDK (@parmana/sdk), a thin client over the REST API. See TypeScript SDK.python/— the Python SDK, mirroring the TypeScript SDK’s API surface. See Python SDK.