Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

Install

npm install @parmanasystems/core express
npm install --save-dev @types/express

Setup

Initialize governance once at startup and inject it into your route handlers: 
import crypto from "crypto";
import express from "express";
import {
  executeFromSignals,
  verifyAttestation,
  LocalSigner,
  LocalVerifier,
  MemoryReplayStore,
} from "@parmanasystems/core";

// Initialize once at startup - not per-request
const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519", {
  privateKeyEncoding: { type: "pkcs8", format: "pem" },
  publicKeyEncoding:  { type: "spki",  format: "pem" },
});

const signer   = new LocalSigner(privateKey);
const verifier = new LocalVerifier(publicKey);
const store    = new MemoryReplayStore(); // Use RedisReplayStore in production

const app = express();
app.use(express.json());

app.post("/govern", async (req, res) => {
  try {
    const { policyId, policyVersion, signals } = req.body;

    const attestation = await executeFromSignals(
      { policyId, policyVersion, signals },
      signer,
      verifier,
      store
    );

    res.json({
      decision:    attestation.decision,
      executionId: attestation.executionId,
      verified:    verifyAttestation(attestation, verifier).valid,
    });
  } catch (error: any) {
    const code = error.message.match(/\[([\w-]+)@/)?.[1];
    res.status(code === "INV-013" ? 409 : 400).json({
      error: error.message,
      code,
    });
  }
});

app.listen(3000, () => console.log("Governance server on :3000"));

Error handling

Governance errors are thrown by executeFromSignals. Map them to HTTP status codes:
ErrorHTTPCauseFix
Policy not found: ...400Wrong policyId or policyVersionCheck policies/{id}/{version}/policy.json exists
VAL-003400Unknown signal in inputRemove the signal or add it to signalsSchema
VAL-004400Required signal missingAdd the missing signal to the request
VAL-006 - VAL-012400Signal has wrong typeCheck declared types in signalsSchema
INV-013409Replay detectedEach signal set executes exactly once

Using the standalone server

For production deployments, consider using @parmanasystems/server - a ready-to-deploy Express server with Redis replay store, PostgreSQL audit persistence, and health endpoints built in. 
import { createGovernanceServer } from "@parmanasystems/server";

const server = createGovernanceServer({
  port:       3000,
  privateKey: process.env.GOVERNANCE_PRIVATE_KEY!,
  publicKey:  process.env.GOVERNANCE_PUBLIC_KEY!,
  redisUrl:   process.env.REDIS_URL,
  dbUrl:      process.env.DATABASE_URL,
});

server.listen(() => console.log("Governance server running on :3000"));

Production notes

Replace MemoryReplayStore with RedisReplayStore and load keys from environment variables or a secrets manager. See the Production Checklist for the full list.

See also