Skip to main content
@parmana/verification (packages/verification/src/index.ts) exports VerificationEngine, VerificationBuilder, VerificationPipeline, VerificationComponent, a VerificationContext type, six verification stages, and VerificationError.
This package is not imported anywhere under packages/runtime or packages/api. What POST /verify actually does is call VerificationCrypto.verify() from crypto — a single hash comparison — inside VerificationService (packages/runtime/src/services/verification-service.ts). See REST API → Verify for that trace. This package’s real, multi-stage pipeline is dormant.

VerificationEngine

class VerificationEngine {
  constructor(pipeline: VerificationPipeline);
  verify(trustRecord: ExecutionTrustRecord): Promise<Verification>;
  isEmpty(): boolean;
  size(): number;
}
verify() (packages/verification/src/VerificationEngine.ts) builds a VerificationContext ({ trustRecord, verified: true, errors: [] }), runs it through the pipeline, and produces a Verification whose status is VERIFIED only if every stage left context.verified === true; otherwise message is the joined list of stage errors.
The Verification this engine produces has the same shape as the one VerificationService actually returns (verificationId, businessTransactionId, trustRecordHash, status, message, verifiedAt) — unlike the replay package’s diverging result types, this package’s output type is at least consistent with what’s really returned by POST /verify. It’s the depth of checking behind that result that differs.

The six stages

packages/verification/src/stages/, intended to run in sequence within a VerificationPipeline:
StageChecks
IntegrityStageStructural/hash integrity of the trust record.
AuthorityVerificationStageThe recorded Authority.
AuthorizationVerificationStageThe recorded Authorization.
IntentVerificationStageThe recorded Intent.
EvidenceVerificationStageExecution evidence against what was recorded.
SignatureVerificationStageCryptographic signatures.
Together these describe a materially deeper verification than the single hash check VerificationCrypto.verify() performs — each stage independently re-examines one link in the Authority → Authorization → Intent → Policy → Decision → Execution trust chain, rather than only confirming the record wasn’t tampered with after the fact.

VerificationComponent

Implements the same RuntimeComponent-style contract used in runtime’s own pipeline, so this engine could in principle be dropped into the Runtime’s component list — but per Packages → runtime, RuntimeFactory doesn’t add it (or the runtime package’s own, separate VerificationComponent) today.

Verification (concept)

What verification is meant to guarantee.

REST API → Verify

What actually runs when you call POST /verify.

crypto

The single check that runs today.

replay

The other unused-by-the-API engine package.