Write Your First Policy - Parmana Systems

Prerequisites

npm install @parmanasystems/core @parmanasystems/governance
npm install -g @parmanasystems/verifier-cli
# or use npx throughout this guide

Step 1: Scaffold a workspace

npx parmana workspace init my-workspace
cd my-workspace

This creates:

my-workspace/
  policies/
    payment-approval/
      1.0.0/
        policy.json      ← edit this
  examples/
    approve.json
    reject.json

Step 2: Edit the policy

Open policies/payment-approval/1.0.0/policy.json. Replace the starter content with your rules. This example governs payment approvals:

{
  "policyId":      "payment-approval",
  "policyVersion": "1.0.0",
  "schemaVersion": "1.0.0",
  "signalsSchema": {
    "amount":   { "type": "integer" },
    "verified": { "type": "boolean" }
  },
  "rules": [
    {
      "id": "block-unverified",
      "condition": { "signal": "verified", "equals": false },
      "outcome": {
        "action": "reject",
        "requires_override": false,
        "reason": "Payment source not verified."
      }
    },
    {
      "id": "approve-standard",
      "condition": { "signal": "amount", "less_than": 10000 },
      "outcome": {
        "action": "approve",
        "requires_override": false,
        "reason": "Amount within standard limit."
      }
    },
    {
      "id": "flag-large",
      "condition": { "all": [] },
      "outcome": {
        "action": "manual_review",
        "requires_override": true,
        "reason": "Large payment requires manual review."
      }
    }
  ]
}

Step 3: Validate the policy

npx parmana policy compile ./policies/payment-approval/1.0.0

Output:

✅ Phase 1 - File exists
✅ Phase 2 - Valid JSON
✅ Phase 3 - Required fields
✅ Phase 4 - Directory name matches policyId
✅ Phase 5 - Schema version supported
✅ Phase 6 - Signals schema valid
✅ Phase 7 - Rules valid
✅ Phase 8 - Catch-all present

✅ Policy is valid

Errors block signing. Fix any errors before proceeding. See Error Codes for the full list.

Step 4: Build the bundle

npx parmana policy build ./policies/payment-approval/1.0.0

This creates bundle.manifest.json and bundle.sig alongside your policy. The bundle hash is deterministic - the same policy content always produces the same hash.

Step 5: Verify the bundle

npx parmana verify bundle ./policies/payment-approval/1.0.0

Step 6: Execute against the policy

import crypto from "crypto";
import {
  executeFromSignals,
  verifyAttestation,
  LocalSigner,
  LocalVerifier,
  MemoryReplayStore,
} from "@parmanasystems/core";

async function main() {
  const { privateKey, publicKey } = crypto.generateKeyPairSync("ed25519", {
    privateKeyEncoding: { type: "pkcs8", format: "pem" },
    publicKeyEncoding:  { type: "spki",  format: "pem" },
  });

  const attestation = await executeFromSignals(
    {
      policyId:      "payment-approval",
      policyVersion: "1.0.0",
      signals:       { amount: 500, verified: true },
    },
    new LocalSigner(privateKey),
    new LocalVerifier(publicKey),
    undefined,           // use default runtime paths (policies/ at project root)
    new MemoryReplayStore()
  );

  console.log(attestation.decision);
  // { action: "approve", requires_override: false, reason: "Amount within standard limit." }

  const result = verifyAttestation(attestation, new LocalVerifier(publicKey));
  console.log(result.valid); // true
}

main().catch(console.error);

Next steps

Policy Versioning - update policies without breaking history
Express Integration - add governance to an HTTP API
Production Checklist - what to do before going live
Policy Schema Reference - complete field reference

​Prerequisites

​Step 1: Scaffold a workspace

​Step 2: Edit the policy

​Step 3: Validate the policy

​Step 4: Build the bundle

​Step 5: Verify the bundle

​Step 6: Execute against the policy

​Next steps