import crypto from "crypto";
import express from "express";
import {
executeFromSignals,
verifyAttestation,
LocalSigner,
LocalVerifier,
MemoryReplayStore,
} from "@parmanasystems/core";
// Initialize once at startup - not per-request
const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519", {
privateKeyEncoding: { type: "pkcs8", format: "pem" },
publicKeyEncoding: { type: "spki", format: "pem" },
});
const signer = new LocalSigner(privateKey);
const verifier = new LocalVerifier(publicKey);
const store = new MemoryReplayStore(); // Use RedisReplayStore in production
const app = express();
app.use(express.json());
app.post("/govern", async (req, res) => {
try {
const { policyId, policyVersion, signals } = req.body;
const attestation = await executeFromSignals(
{ policyId, policyVersion, signals },
signer,
verifier,
undefined,
store
);
res.json({
decision: attestation.decision,
executionId: attestation.executionId,
verified: verifyAttestation(attestation, verifier).valid,
});
} catch (error: any) {
const code = error.message.match(/\[([\w-]+)@/)?.[1];
res.status(code === "INV-013" ? 409 : 400).json({
error: error.message,
code,
});
}
});
app.listen(3000, () => console.log("Governance server on :3000"));
