Attestation Schema - Parmana Systems

TypeScript interface

interface ExecutionAttestation {
  // Identity
  executionId: string;
  execution_fingerprint: string;

  // Policy
  policyId: string;
  policyVersion: string;
  schemaVersion: string;

  // Runtime
  runtimeVersion: string;
  runtimeHash: string;

  // Decision
  decision: {
    action: string;
    requires_override: boolean;
    reason: string;
  };
  execution_state: "completed" | "pending_override";

  // Hashes
  signalsHash: string;
  bundleHash: string;
  manifestHash: string;
  releaseManifestHash: string;
  evaluatorHash: string;           // deprecated alias
  evaluatorSemanticHash: string;
  evaluatorArtifactHash: string;

  // Trust
  manifestSignature: string;
  trustRootVersion: string;
  signerKeyId: string;

  // Signature
  signature: string;
}

Field reference

Identity

Field	Type	Description
`executionId`	`string`	Business transaction identifier provided by the caller. Unique per execution. Used as the replay protection key.
`execution_fingerprint`	`string`	SHA-256 of canonical `{ policyId, policyVersion, signals }`. The semantic identity of the decision — identical for two executions with the same policy and signals regardless of `executionId`.

Policy

Field	Type	Description
`policyId`	`string`	Identifier of the policy that governed the decision.
`policyVersion`	`string`	Version of the policy bundle.
`schemaVersion`	`string`	Policy schema format version. Used during verification to check compatibility.

Runtime

Field	Type	Description
`runtimeVersion`	`string`	Semver version of the governance server.
`runtimeHash`	`string`	SHA-256 of the server binary. Matches `/health` and `/runtime/manifest`.

Decision

Field	Type	Description
`decision.action`	`string`	Policy outcome: `"approve"`, `"reject"`, or a custom action string (e.g., `"manual_review"`, `"hold"`, `"clinical_review"`).
`decision.requires_override`	`boolean`	Whether human override is required before the action may proceed.
`decision.reason`	`string`	Human-readable reason from the matched policy rule.
`execution_state`	`"completed" \| "pending_override"`	`"completed"` when the action may proceed. `"pending_override"` when blocked pending human override.

Hashes

Field	Type	Description
`signalsHash`	`string`	SHA-256 of canonical signals. Equal to `execution_fingerprint` in current implementations.
`bundleHash`	`string`	Content hash of the policy bundle. Uniquely identifies the compiled rule set.
`manifestHash`	`string`	SHA-256 of `bundle.manifest.json`.
`releaseManifestHash`	`string`	SHA-256 of `artifacts/release-manifest.json`.
`evaluatorSemanticHash`	`string`	Hash of the policy evaluator’s logic semantics.
`evaluatorArtifactHash`	`string`	Hash of the evaluator binary artifact.
`evaluatorHash`	`string`	Deprecated alias for `evaluatorSemanticHash`. Present for backward compatibility.

Trust

Field	Type	Description
`manifestSignature`	`string`	Ed25519 signature over the bundle manifest, produced at bundle compile time.
`trustRootVersion`	`string`	Version of the trust root that anchors the signing key.
`signerKeyId`	`string`	Key ID of the Ed25519 signing key. Use to look up the correct public key for verification, especially after key rotation.

Signature

Field	Type	Description
`signature`	`string`	Ed25519 signature over `canonicalizeForSigning(token, SIGNING_DOMAINS.token)`. This is the root of trust for the entire attestation.

JSON example

{
  "executionId": "claim-CLM-2024-00441",
  "execution_fingerprint": "a3f8d2c1e4b5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1",
  "policyId": "claims-approval",
  "policyVersion": "1.0.0",
  "schemaVersion": "1.0.0",
  "runtimeVersion": "1.0.0",
  "runtimeHash": "sha256:c9d4e5f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9",
  "decision": {
    "action": "approve",
    "requires_override": false,
    "reason": "Approved: gold tier within standard limit."
  },
  "execution_state": "completed",
  "signalsHash": "a3f8d2c1e4b5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1",
  "bundleHash": "sha256:bundle1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0",
  "manifestHash": "sha256:manifest1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9",
  "manifestSignature": "base64EncodedSignatureHere",
  "trustRootVersion": "2026-01",
  "signerKeyId": "parmanasystems-root-2026",
  "evaluatorHash": "sha256:evaluator1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9",
  "evaluatorSemanticHash": "sha256:semantic1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9",
  "evaluatorArtifactHash": "sha256:artifact1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9",
  "releaseManifestHash": "sha256:release1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0",
  "signature": "ed25519SignatureBase64EncodedHere"
}

Canonical payload

The signature field is an Ed25519 signature over the canonical form of the attestation payload. The canonical form is produced by:

import { canonicalizeForSigning, SIGNING_DOMAINS } from "@parmanasystems/core";

const canonical = canonicalizeForSigning(token, SIGNING_DOMAINS.token);
// Returns a deterministic JSON string with sorted keys and a domain separator prefix

Two attestations with identical inputs will have identical canonical payloads and therefore identical signatures (given the same signing key).

​TypeScript interface

​Field reference

​Identity

​Policy

​Runtime

​Decision

​Hashes

​Trust

​Signature

​JSON example

​Canonical payload