> ## Documentation Index
> Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt
> Use this file to discover all available pages before exploring further.

# Deterministic Replay

> What POST /replay checks today, and what real deterministic replay would require

<Warning>
  Read [REST API → Replay](/docs/api/replay) before this guide if you haven't — `POST /replay` currently performs the same hash-integrity check as `POST /verify`, not a re-evaluation of policy against recorded signals. This guide covers both what you can do today and what [`@parmana/replay`](/docs/packages/replay)'s real engine would do if it were wired in.
</Warning>

## What you can do today

```bash theme={null}
curl -X POST http://localhost:3000/replay \
  -H "Content-Type: application/json" \
  -d '{ "businessTransactionId": "..." }'
```

```json theme={null}
{ "businessTransactionId": "...", "trustRecordHash": "...", "verified": true }
```

This confirms the stored [Execution Trust Record](/docs/concepts/execution-trust-record) hasn't been tampered with since it was written — useful, but it's an integrity check, not independent confirmation that the recorded Decision was the *correct* one given the recorded Policy and signals.

## What real deterministic replay would check

`packages/replay/src/ReplayEngine.ts` re-runs [`PolicyEngine.evaluate()`](/docs/packages/policy) against the trust record's recorded `transaction.signals` and policy, and compares its own `replayedDecision.outcome` against the `recordedDecision.outcome`:

```ts theme={null}
import { ReplayEngine } from "@parmana/replay";

const engine = new ReplayEngine();

const result = engine.replay({
  trustRecord,                 // from GET /trust-records/:id
  transaction: trustRecord.transaction,
  policy,                      // the same Policy version referenced by trustRecord.transaction.policy
});

// result.matches === true means the policy would make the same decision again today,
// given the same recorded signals.
```

This is not currently reachable through `packages/api` — you'd construct and call `ReplayEngine` yourself, in your own code, against a trust record and policy you've fetched independently (e.g. via [`GET /trust-records/:id`](/docs/api/trust-records) and reading the policy file directly from `policies/<name>/<version>/policy.json`).

<Note>
  `examples/06-replay`'s `run.ts` is currently an unimplemented stub (`console.log("Parmana Example 06 - Replay")`) — there's no runnable example of either path in the monorepo yet.
</Note>

## Why this distinction matters

* **Hash verification** (`POST /replay`, `POST /verify` today) answers: *has this record been altered since it was written?*
* **Deterministic decision replay** (`ReplayEngine`, not currently wired in) answers: *would the same Policy, given the same signals, produce the same Decision again, independent of trusting the original run?*

Both matter for an audit — a record can be byte-for-byte unaltered and still have been produced by a buggy or since-changed policy evaluation. See [FAQ](/docs/faq) for more on how this relates to Verification.

## Related

<CardGroup cols={2}>
  <Card title="Replay (REST API)" href="/docs/api/replay">The endpoint and its current behavior.</Card>
  <Card title="replay package" href="/docs/packages/replay">`ReplayEngine` in full.</Card>
  <Card title="Policy" href="/docs/concepts/policy">What's being re-evaluated.</Card>
  <Card title="Trust Chain Audit" href="/docs/guides/trust-chain-audit">Reading the full record this operates on.</Card>
</CardGroup>
