Documentation Index
Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt
Use this file to discover all available pages before exploring further.
A lightweight package for verifying governance attestations without the full execution runtime. Use this in auditing services, third-party verifiers, or any context where you only need to verify - not execute.
Install
npm install @parmanasystems/verifier
Key exports
| Export | Description |
|---|
verifyAttestation | Verify signature, runtime hash, bundle hash, and invariants |
verifyBundle | Verify a policy bundle’s content integrity and signature |
LocalVerifier | Ed25519 verifier from a PEM public key |
Verifying an attestation
import { verifyAttestation, LocalVerifier } from "@parmanasystems/verifier";
const verifier = new LocalVerifier(process.env.GOVERNANCE_PUBLIC_KEY!);
const result = verifyAttestation(attestation, verifier);
if (!result.valid) {
console.error("Attestation invalid:", result.errors);
}
console.log(result.checks);
// {
// signature_verified: true,
// runtime_verified: true,
// schema_compatible: true,
// governed: true,
// }
Verifying a policy bundle
import { verifyBundle } from "@parmanasystems/verifier";
const result = verifyBundle(
"./policies/loan-approval/1.0.0/bundle.manifest.json",
"./policies/loan-approval/1.0.0/bundle.sig"
);
console.log(result.valid); // true if content matches the manifest hash
Offline verification
Attestations are self-contained - you can verify them with only the public key, no network or database access required:
import fs from "fs";
import { verifyAttestation, LocalVerifier } from "@parmanasystems/verifier";
const attestation = JSON.parse(fs.readFileSync("attestation.json", "utf8"));
const verifier = new LocalVerifier(fs.readFileSync("public.pem", "utf8"));
const result = verifyAttestation(attestation, verifier);
console.log(result.valid); // true - verified with no infrastructure access
See also
