Skip to main content
This walks through the same path REST API → Execute documents at the endpoint level, plus what happens underneath it.

The call

curl -X POST http://localhost:3000/execute \
  -H "Content-Type: application/json" \
  -d '{ ... full BusinessTransaction ... }'

What happens, in order

ExecutionTrustApplication.execute() (packages/runtime/src/ExecutionTrustApplication.ts) runs four steps sequentially, not as a single pipeline object:
  1. AcceptBusinessTransactionService.accept() persists the transaction as submitted.
  2. ExecuteRuntime.execute() runs it through RuntimeEngine, which routes to the referenced Policy, evaluates it deterministically, and records a Decision and Execution.
  3. VerifyVerificationService.verify() computes and checks the trust record’s hash (see Packages → crypto), producing a Verification.
  4. ReceiptReceiptService.generate() produces a signed Receipt, but only because step 3 succeeded.
The response is the resulting Execution Trust Record, already carrying one execution, one verification, and one receipt.
A businessTransactionId must be a well-formed UUID — see the Execute reference for the exact regex and the 400 you get otherwise.

Signals must be deterministic

The signals your policy evaluates (e.g. amount, riskScore) must be pre-computed, static values by the time you call execute()PolicyEngine.evaluate() is a pure function over (policy, signals), with no notion of re-fetching or recomputing a signal mid-evaluation. If your signal is itself the output of a model or an external call, resolve it before constructing the transaction, not inside the request.

What the bundled examples actually show

examples/01-hello-world and examples/03-runtime-execution are the only two of the ten numbered examples with real, runnable code (see Examples Overview for the rest).
Both examples construct their BusinessTransaction-like object by hand with only a handful of fields (authority: { authorityId: "authority-1" }, intent: { intentId: "intent-1", action: "vendor-payment" }, etc.) and cast it with as any before passing it to the Runtime. This does not match the full canonical shape documented in Concepts → Business Transaction — real fields like authority.authorityType, authority.principalId, authority.issuedAt, intent.authorizationId, intent.target, intent.parameters, and intent.createdAt are simply absent. Treat these two examples as illustrating the shape of a call, not as a template to copy field-for-field.
examples/03-runtime-execution also calls RuntimeEngine directly with an empty RuntimePipeline([]), bypassing RuntimeFactory/ExecutionTrustApplication entirely — it demonstrates the lower-level RuntimeEngine API from runtime, not the POST /execute path described above.

Execute (REST API)

The endpoint reference.

Execution Lifecycle

The domain-level version of the same four steps.

runtime package

ExecutionTrustApplication and its services.

Receipt Verification

What happens after execution.