Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

A ready-to-deploy Express.js server that exposes the governance runtime as an HTTP API. Use this when you want to run governance as a standalone service rather than embedding it in your application.

Install

npm install @parmanasystems/server

Starting the server

import { createGovernanceServer } from "@parmanasystems/server";

const server = createGovernanceServer({
  port:       3000,
  privateKey: process.env.GOVERNANCE_PRIVATE_KEY!,
  publicKey:  process.env.GOVERNANCE_PUBLIC_KEY!,
  redisUrl:   process.env.REDIS_URL,      // optional - uses MemoryReplayStore if omitted
  dbUrl:      process.env.DATABASE_URL,   // optional - enables audit persistence
});

server.listen(() => {
  console.log("Governance server running on :3000");
});

API endpoints

MethodPathDescription
POST/executeExecute a governed decision
POST/verifyVerify an attestation
GET/healthHealth check
GET/runtimeRuntime manifest

POST /execute

Request: 
{
  "policyId":      "loan-approval",
  "policyVersion": "1.0.0",
  "signals": {
    "credit_score": 720,
    "loan_amount":  15000
  }
}
Response: 
{
  "decision": {
    "action":            "approve",
    "requires_override": false,
    "reason":            "Credit score meets standard threshold."
  },
  "executionId": "88a9db95-5f31-4f0d-84de-28a3ec9e3c83",
  "signature":   "TU6LMv5N...",
  "verified":    true
}

POST /verify

Request: the full attestation object returned by /execute. Response: 
{
  "valid": true,
  "checks": {
    "signature_verified": true,
    "runtime_verified":   true,
    "schema_compatible":  true,
    "governed":           true
  }
}

GET /health

{ "status": "ok" }

GET /runtime

Returns the runtime manifest - runtimeVersion and runtimeHash.

Using with the SDK client

Use @parmanasystems/sdk-client as the companion HTTP client for this server. It provides typed methods for all endpoints and can verify attestations locally without a round trip.

See also