Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt

Use this file to discover all available pages before exploring further.

executeFromSignals

Executes a governed decision against a policy and returns a signed attestation. 
function executeFromSignals(
  input: {
    policyId:      string;
    policyVersion: string;
    signals:       Record<string, unknown>;
  },
  signer:      Signer,
  verifier:    Verifier,
  replayStore: ReplayStore
): Promise<ExecutionAttestation>

Parameters

ParameterTypeDescription
input.policyIdstringPolicy identifier - must match policies/{policyId}/ directory
input.policyVersionstringSemver version - must match policies/{id}/{version}/ directory
input.signalsobjectSignal values - validated against signalsSchema before evaluation
signerSignerSigns the attestation payload with Ed25519
verifierVerifierVerifies the signature immediately after signing (self-verify)
replayStoreReplayStoreTracks executed fingerprints to prevent replay

Returns

Promise<ExecutionAttestation> - see Attestations for the complete field reference.

Throws

ErrorCause
Policy not found: ...policyId / policyVersion directory does not exist
VAL-003Unknown signal not declared in signalsSchema
VAL-004Required signal missing from input
VAL-006 - VAL-012Signal has wrong type
INV-013Same fingerprint already consumed by replay store

verifyAttestation

Verifies an attestation’s Ed25519 signature and checks all invariants. 
function verifyAttestation(
  attestation:      ExecutionAttestation,
  verifier:         Verifier,
  runtimeManifest?: RuntimeManifest
): VerificationResult

Returns

{
  valid:    boolean;
  checks: {
    signature_verified: boolean;
    runtime_verified:   boolean;
    schema_compatible:  boolean;
    governed:           boolean;
  };
  warnings: string[];
  errors:   string[];
}
valid is true only when all checks pass. Inspect checks and errors when valid is false.

LocalSigner

Ed25519 signer backed by Node.js crypto, initialized from a PEM-encoded PKCS8 private key. 
const signer = new LocalSigner(privateKeyPem: string);

signer.sign(payload: string): string
// Returns a base64-encoded Ed25519 signature over the UTF-8 payload.

LocalVerifier

Ed25519 verifier initialized from a PEM-encoded SPKI public key. 
const verifier = new LocalVerifier(publicKeyPem: string);

verifier.verify(payload: string, signature: string): boolean
// Returns true when the base64 signature is valid for the given payload.

MemoryReplayStore

In-process replay store for development and testing. 
const store = new MemoryReplayStore(options?: {
  warnInProduction?: boolean; // default: true - logs warning when NODE_ENV=production
  maxSize?:          number;  // default: 1,000,000 - evicts oldest when exceeded
});
Not suitable for production. Does not persist across process restarts and does not work across multiple processes. Use RedisReplayStore in production.

getRuntimeManifest

Returns the current runtime manifest containing the runtime version and content hash. 
function getRuntimeManifest(): RuntimeManifest

// RuntimeManifest shape
{
  runtimeVersion: string;   // e.g. "1.0.0"
  runtimeHash:    string;   // SHA-256 of the runtime
  schemaVersion:  string;   // e.g. "1.0.0"
}

approveOverride

Records a human override for a decision in pending_override state. 
import { approveOverride } from "@parmanasystems/core";

const override = await approveOverride(
  {
    executionId:   "88a9db95-...",
    approved_by:   "user@example.com",
    approver_role: "risk-manager",
    reason:        "Manually reviewed and approved.",
  },
  signer // optional - omit for SHA-256, provide for Ed25519
);
Returns an AuditOverride object:
FieldDescription
override_idUUID for this override event
override_signatureSignature over the override payload
signature_type"ed25519" (with signer) or "sha256" (without)
approved_byApprover identity
approved_atISO timestamp

Types

Signer

interface Signer {
  sign(payload: string): string;
}

Verifier

interface Verifier {
  verify(payload: string, signature: string): boolean;
}

ReplayStore

interface ReplayStore {
  reserve(fingerprint: string): Promise<void>;
  confirm(fingerprint: string): Promise<void>;
  has(fingerprint: string):     Promise<boolean>;
}