npm - @parmanasystems/core - Versions diffs - 1.55.0 → 1.59.0 - Mend

@parmanasystems/core 1.55.0 → 1.59.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,24 +1,87 @@
 # @parmanasystems/core
-Portable runtime SDK for the parmanasystems deterministic governance ecosystem.
+Deterministic governance SDK and evaluation foundation for the Parmana Systems ecosystem.
 [![npm](https://img.shields.io/npm/v/@parmanasystems/core)](https://www.npmjs.com/package/@parmanasystems/core)
-## Overview
+---
-`@parmanasystems/core` is the recommended single-package install for most applications. It re-exports the full governance lifecycle, execution runtime, and verification layer, and adds the deterministic validator and canonical JSON utilities.
+# Overview
-Install this instead of separately installing `@parmanasystems/execution`, `@parmanasystems/governance`, and `@parmanasystems/verifier`.
+`@parmanasystems/core` is the primary integration package for the Parmana deterministic governance ecosystem.
-## Installation
+It provides a unified governance SDK combining:
-```bash
-npm install @parmanasystems/core
-```
+- deterministic policy evaluation
+- governed execution
+- independent verification
+- replay-safe execution infrastructure
+- runtime provenance validation
+- canonical governance utilities
+For most applications, this is the recommended entry point into the Parmana ecosystem.
+---
+# Mental Model
+```txt id="o5f0r2"
+Signals
+  ↓
+Deterministic Evaluation
+  ↓
+Governed Decision
+  ↓
+Governed Execution
+  ↓
+Execution Attestation
+  ↓
+Independent Verification
+The core package unifies the full deterministic governance lifecycle.
+What this package does
+@parmanasystems/core combines:
+Capability	Description
+deterministic evaluation	governed decision evaluation
+governed execution	replay-safe enforcement
+verification	independent proof validation
+governance utilities	canonical governance infrastructure
+runtime lineage	provenance validation
+replay protection	deterministic execution safety
+This package acts as the unified developer-facing governance SDK.
+When to use this package
+Use this package when:
-## Quick start
+integrating deterministic governance into applications
+building governed AI systems
+implementing governed execution workflows
+deploying deterministic execution pipelines
+verifying execution attestations
+building replay-safe governance infrastructure
+adopting Parmana without managing multiple packages individually
-```typescript
+Do NOT use this package when:
+requiring only low-level runtime primitives
+implementing only cryptographic infrastructure
+building custom governance internals
+In those cases use lower-level packages directly:
+Package	Responsibility
+@parmanasystems/execution	governed execution runtime
+@parmanasystems/verifier	independent verification
+@parmanasystems/governance	governance lifecycle
+@parmanasystems/crypto	signing infrastructure
+Installation
+npm install @parmanasystems/core
+Quick Start
 import {
   executeFromSignals,
   verifyAttestation,
@@ -27,94 +90,268 @@ import {
   getRuntimeManifest,
   RedisReplayStore,
 } from "@parmanasystems/core";
 import { createClient } from "redis";
-const redis    = createClient();
+const redis =
+  createClient();
 await redis.connect();
-const signer   = new LocalSigner(process.env.Parmana_PRIVATE_KEY!);
-const verifier = new LocalVerifier(process.env.Parmana_PUBLIC_KEY!);
-const store    = new RedisReplayStore(redis);
-const manifest = getRuntimeManifest();
-// Execute a governance decision
-const result = await executeFromSignals(
-  {
-    policyId:      "claims-approval",
-    policyVersion: "v1",
-    signals: { insurance_active: true, risk_score: 42 },
-  },
-  signer,
-  verifier,
-  store
-);
-if (result.status === "success" && result.signature) {
-  // Independently verify
-  const verification = verifyAttestation(
-    { execution_id: result.execution_id, ...result },
+const signer =
+  new LocalSigner(
+    process.env.Parmana_PRIVATE_KEY!
+  );
+const verifier =
+  new LocalVerifier(
+    process.env.Parmana_PUBLIC_KEY!
+  );
+const store =
+  new RedisReplayStore(
+    redis
+  );
+const manifest =
+  getRuntimeManifest();
+const result =
+  await executeFromSignals(
+    {
+      policyId:
+        "claims-approval",
+      policyVersion:
+        "v1",
+      signals: {
+        insurance_active: true,
+        risk_score: 42,
+      },
+    },
+    signer,
     verifier,
-    manifest
+    store
+  );
+if (
+  result.status === "success"
+  &&
+  result.signature
+) {
+  const verification =
+    verifyAttestation(
+      {
+        execution_id:
+          result.execution_id,
+        ...result
+      },
+      verifier,
+      manifest
+    );
+  console.log(
+    verification.valid
   );
-  console.log(verification.valid);  // true
 }
-```
-## Exports
-### Governance lifecycle (from `@parmanasystems/governance`)
-| Export | Description |
-|---|---|
-| `createPolicy` | Scaffold a new policy directory |
-| `upgradePolicy` | Create an upgraded policy version |
-| `validatePolicy` | Validate a policy structure |
-| `generateBundle` | Generate a content-addressed policy bundle |
-| `definePolicy` | Build a PolicyDefinition in memory |
-### Deterministic execution (from `@parmanasystems/execution`)
-| Export | Description |
-|---|---|
-| `executeFromSignals` | Full pipeline: load policy → evaluate → sign |
-| `executeDecision` | Lower-level: token → verify → replay → sign |
-| `executeSimple` | Token-based execution without policy file |
-| `resolveOverride` | Complete a pending_override execution |
-| `evaluatePolicy` | Pure policy rule evaluation |
-| `issueToken` | Issue a single-use execution token |
-| `signExecutionToken` | Sign a token |
-| `verifyExecutionToken` | Verify a token signature |
-| `getRuntimeManifest` | Return the active runtime manifest |
-| `signRuntimeManifest` | Sign a runtime manifest |
-| `verifyRuntimeManifest` | Verify a runtime manifest signature |
-| `LocalSigner` | Ed25519 signer (Node.js crypto) |
-| `LocalVerifier` | Ed25519 verifier (Node.js crypto) |
-| `MemoryReplayStore` | In-process replay protection |
-| `RedisReplayStore` | Distributed Redis replay protection |
-| `INVARIANT_REGISTRY` | All 60+ registered invariants |
-| `InvariantViolation` | Invariant violation error class |
-| `violate` | Throw a structured invariant violation |
-### Portable verification (from `@parmanasystems/verifier`)
-| Export | Description |
-|---|---|
-| `verifyAttestation` | Four-check attestation verification |
-| `verifyBundle` | Bundle signature and hash verification |
-| `verifyRuntime` | Runtime manifest comparison |
-| `verifyRuntimeCompatibility` | Runtime requirements check |
-| `verifyExecutionRequirements` | Execution requirements check |
-### Canonical utilities (from `@parmanasystems/bundle`)
-```typescript
-import { canonicalize } from "@parmanasystems/core";
-// Deterministic JSON serialization (sorted keys, stable bytes)
-```
-### Types
-```typescript
+Core Concepts
+Deterministic Evaluation
+Governance evaluation is deterministic.
+The runtime guarantees:
+same signals + same policy → same governed outcome
+Evaluation does not depend on:
+randomness
+mutable runtime state
+probabilistic execution
+timestamps
+Signals vs Rules vs Execution
+Parmana separates:
+Component	Responsibility
+signals	governed facts and inputs
+rules	deterministic governance logic
+execution	governed enforcement
+This separation improves:
+auditability
+reproducibility
+governance clarity
+execution trust boundaries
+signalsSchema
+Policies define governed signal structure explicitly.
+Example:
+{
+  "signalsSchema": {
+    "risk_score": {
+      "type": "number"
+    }
+  }
+}
+Signals are:
+typed
+deterministic
+explicitly governed
+schema-validated
+Governed Decisions
+The evaluator produces governed outcomes:
+{
+  "action": "approve",
+  "requires_override": false
+}
+Possible outcomes include:
+Outcome	Meaning
+approve	execution allowed
+reject	execution denied
+requires_override	human escalation required
+The evaluator determines governance outcomes.
+Execution authority is enforced separately.
+execution_id
+Operational execution lineage identifier.
+Used for:
+audit tracking
+governance event identity
+operational lineage
+execution_fingerprint
+Deterministic replay identity.
+Replay protection operates on execution fingerprints.
+Identical governed inputs produce identical execution fingerprints.
+signals_hash
+Canonicalized governed input proof.
+Used for:
+deterministic reconstruction
+execution verification
+audit integrity
+replay-safe governance
+Example Policy
+{
+  "policyId": "loan-approval",
+  "version": "v1",
+  "signalsSchema": {
+    "risk_score": {
+      "type": "number"
+    }
+  },
+  "rules": [
+    {
+      "id": "approve-low-risk",
+      "condition": {
+        "all": [
+          {
+            "signal": "risk_score",
+            "less_than": 0.25
+          }
+        ]
+      },
+      "outcome": {
+        "action": "approve",
+        "requires_override": false
+      }
+    }
+  ]
+}
+Governance Lifecycle
+Signals
+  ↓
+Validation
+  ↓
+Deterministic Evaluation
+  ↓
+Governed Decision
+  ↓
+Execution Token
+  ↓
+Governed Execution
+  ↓
+Execution Attestation
+  ↓
+Independent Verification
+Major Exports
+Governance Lifecycle
+From @parmanasystems/governance
+Export	Description
+createPolicy	scaffold governance policy
+upgradePolicy	create new immutable policy version
+validatePolicy	validate governance policy
+generateBundle	generate governance bundle
+definePolicy	define policy in memory
+Deterministic Execution
+From @parmanasystems/execution
+Export	Description
+executeFromSignals	full governed execution pipeline
+executeDecision	low-level execution pipeline
+executeSimple	simplified token execution
+resolveOverride	resolve override workflow
+evaluatePolicy	deterministic policy evaluation
+issueToken	issue execution token
+getRuntimeManifest	active runtime lineage
+LocalSigner	local Ed25519 signer
+LocalVerifier	local Ed25519 verifier
+MemoryReplayStore	in-memory replay protection
+RedisReplayStore	distributed replay protection
+Independent Verification
+From @parmanasystems/verifier
+Export	Description
+verifyAttestation	deterministic attestation verification
+verifyBundle	governance bundle verification
+verifyRuntime	runtime lineage verification
+verifyRuntimeCompatibility	runtime compatibility validation
+verifyExecutionRequirements	execution requirement validation
+Canonical Utilities
+From @parmanasystems/bundle
+import {
+  canonicalize
+} from "@parmanasystems/core";
+Provides deterministic canonical serialization.
+Types
 import type {
   ExecutionContext,
   ExecutionAttestation,
@@ -128,8 +365,43 @@ import type {
   AsyncReplayStore,
   ViolationReport,
 } from "@parmanasystems/core";
-```
+Recommended Architecture
+Application
+    ↓
+@parmanasystems/core
+    ↓
+Deterministic Governance
+    ↓
+Execution Attestation
+    ↓
+Independent Verification
+For most applications, @parmanasystems/core is the recommended integration surface.
+Security Model
+The core governance SDK enforces:
+deterministic evaluation
+fail-closed governance
+replay-safe execution
+immutable attestations
+runtime provenance validation
+independent verification
+governed execution boundaries
+canonical deterministic serialization
+The system is designed so that:
-## License
+AI may recommend actions.
+Deterministic governance controls execution authority.
+Relationship to Other Parmana Packages
+Package	Responsibility
+@parmanasystems/core	unified governance SDK
+@parmanasystems/execution	governed execution runtime
+@parmanasystems/verifier	independent verification
+@parmanasystems/server	deployable runtime
+@parmanasystems/sdk-client	HTTP integration
+License
-Apache-2.0
+Apache-2.0

package/dist/index.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@ export { signBundle } from '@parmanasystems/crypto';
 export { ExecutionAttestation, ExecutionContext, ExecutionToken, INVARIANT_REGISTRY, InvariantBoundary, InvariantEntry, InvariantId, InvariantViolation, LocalSigner, LocalVerifier, MemoryReplayStore, ReplayStore, RuntimeManifest, Signer, Verifier, ViolationReport, executeDecision, executeFromSignals, getRuntimeManifest, hashInput, issueToken, signRuntimeManifest, verifyExecutionToken, verifyRuntimeManifest, violate } from '@parmanasystems/execution';
 export { verifyAttestation, verifyBundle, verifyExecutionRequirements, verifyRuntime, verifyRuntimeCompatibility } from '@parmanasystems/verifier';
 export { DecisionOutcome, DecisionResult } from '@parmanasystems/contracts';
-import { AuditDb, AuditOverride } from '@parmanasystems/audit-db';
+import { AuditOverride } from '@parmanasystems/audit-db';
 interface ApproveOverrideInput {
     execution_id: string;
@@ -11,7 +11,7 @@ interface ApproveOverrideInput {
     approver_role: string;
     reason: string;
 }
-declare function approveOverride(input: ApproveOverrideInput, auditDb: AuditDb): Promise<AuditOverride>;
+declare function approveOverride(input: ApproveOverrideInput): Promise<AuditOverride>;
 /**
  * Serializes `value` to a stable, compact JSON string with object keys sorted

package/dist/index.js CHANGED Viewed

@@ -36,7 +36,7 @@ import {
 // src/override.ts
 import crypto from "crypto";
-async function approveOverride(input, auditDb) {
+async function approveOverride(input) {
   const override_id = crypto.randomUUID();
   const approved_at = /* @__PURE__ */ new Date();
   const override_signature = crypto.createHash("sha256").update(
@@ -60,12 +60,6 @@ async function approveOverride(input, auditDb) {
     approved_at,
     recorded_at: approved_at
   };
-  await auditDb.recordOverride(
-    override
-  );
-  await auditDb.markExecuted(
-    input.execution_id
-  );
   return override;
 }

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/override.ts","../src/canonicalize.ts","../src/invariants.ts","../src/deterministic-policy.ts","../src/validator.ts"],"sourcesContent":["// -----------------------------\r\n// Governance Lifecycle\r\n// -----------------------------\r\nexport {\r\n createPolicy,\r\n upgradePolicy,\r\n validatePolicy,\r\n generateBundle\r\n} from \"@parmanasystems/governance\";\r\n\r\nexport {\r\n signBundle\r\n} from \"@parmanasystems/crypto\";\r\n\r\n// -----------------------------\r\n// Deterministic Execution\r\n// -----------------------------\r\nexport {\r\n executeFromSignals,\r\n executeDecision,\r\n issueToken,\r\n verifyExecutionToken,\r\n getRuntimeManifest,\r\n signRuntimeManifest,\r\n verifyRuntimeManifest,\r\n LocalSigner,\r\n LocalVerifier,\r\n MemoryReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n// -----------------------------\r\n// Portable Verification\r\n// -----------------------------\r\nexport {\r\n verifyAttestation,\r\n verifyBundle,\r\n verifyRuntime,\r\n verifyRuntimeCompatibility,\r\n verifyExecutionRequirements\r\n} from \"@parmanasystems/verifier\";\r\n\r\n// -----------------------------\r\n// Canonical Governance Types\r\n// -----------------------------\r\nexport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n ExecutionToken,\r\n RuntimeManifest,\r\n Signer,\r\n Verifier,\r\n ReplayStore,\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport type {\r\n RuntimeRequirements,\r\n} from \"@parmanasystems/governance\";\r\n\r\nexport type {\r\n DecisionResult,\r\n DecisionOutcome\r\n} from \"@parmanasystems/contracts\";\r\n\r\n// -----------------------------\r\n// Invariant Registry\r\n// -----------------------------\r\nexport type {\r\n InvariantBoundary,\r\n InvariantEntry,\r\n InvariantId,\r\n ViolationReport,\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport {\r\n INVARIANT_REGISTRY,\r\n InvariantViolation,\r\n violate,\r\n hashInput,\r\n} from \"@parmanasystems/execution\";\r\n\r\n// -----------------------------\r\n// Override Authority\r\n// -----------------------------\r\nexport {\r\n approveOverride\r\n} from \"./override.js\";\r\n\r\nexport type {\r\n ApproveOverrideInput\r\n} from \"./override.js\";\r\n\r\n// -----------------------------\r\n// Deterministic Validation\r\n// -----------------------------\r\nexport * from \"./canonicalize.js\";\r\nexport * from \"./validator.js\";\r\nexport * from \"./invariants.js\";\r\n\r\n// -----------------------------\r\n// Validation Types\r\n// -----------------------------\r\nexport * from \"./types/envelope.js\";\r\nexport * from \"./types/payloads.js\";\r\nexport * from \"./types/validation.js\";\r\nexport * from \"./types/metadata.js\";\r\nexport * from \"./deterministic-policy.js\";\r\nexport * from \"./types/validator-config.js\";","import crypto from \"node:crypto\";\r\n\r\nimport type {\r\n AuditDb,\r\n AuditOverride\r\n} from \"@parmanasystems/audit-db\";\r\n\r\nexport interface ApproveOverrideInput {\r\n\r\n execution_id: string;\r\n\r\n approved_by: string;\r\n\r\n approver_role: string;\r\n\r\n reason: string;\r\n}\r\n\r\nexport async function approveOverride(\r\n input: ApproveOverrideInput,\r\n auditDb: AuditDb\r\n): Promise<AuditOverride> {\r\n\r\n const override_id =\r\n crypto.randomUUID();\r\n\r\n const approved_at =\r\n new Date();\r\n\r\n const override_signature =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n override_id,\r\n execution_id:\r\n input.execution_id,\r\n approved_by:\r\n input.approved_by,\r\n approver_role:\r\n input.approver_role,\r\n reason:\r\n input.reason,\r\n approved_at\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n const override: AuditOverride = {\r\n\r\n id: 0,\r\n\r\n override_id,\r\n\r\n execution_id:\r\n input.execution_id,\r\n\r\n approved_by:\r\n input.approved_by,\r\n\r\n approver_role:\r\n input.approver_role,\r\n\r\n reason:\r\n input.reason,\r\n\r\n override_signature,\r\n\r\n approved_at,\r\n\r\n recorded_at:\r\n approved_at\r\n };\r\n\r\n await auditDb.recordOverride(\r\n override\r\n );\r\n\r\n await auditDb.markExecuted(\r\n input.execution_id\r\n );\r\n\r\n return override;\r\n}","function sortKeys(value: any): any {\r\n if (Array.isArray(value)) {\r\n return value.map(sortKeys);\r\n }\r\n\r\n if (value && typeof value === \"object\") {\r\n return Object.keys(value)\r\n .sort()\r\n .reduce((acc, key) => {\r\n acc[key] = sortKeys(value[key]);\r\n return acc;\r\n }, {} as Record<string, unknown>);\r\n }\r\n\r\n return value;\r\n}\r\n\r\n/*\r\n Serializes `value` to a stable, compact JSON string with object keys sorted\r\n * recursively. Used by the core validation pipeline for determinism checks.\r\n \r\n Note: unlike `@parmanasystems/bundle`'s `canonicalize`, this variant uses\r\n * compact output (`JSON.stringify` without indentation) for in-memory comparisons.\r\n /\r\nexport function canonicalize(value: unknown): string {\r\n return JSON.stringify(sortKeys(value));\r\n}\r\n","/* Returns `true` when `value` is a non-empty, non-whitespace-only string. /\r\nexport function assertNonEmptyString(\r\n value: unknown\r\n): boolean {\r\n return (\r\n typeof value === \"string\" &&\r\n value.trim().length > 0\r\n );\r\n}\r\n\r\n/* Returns `true` when `value` is an array. /\r\nexport function assertArray(\r\n value: unknown\r\n): boolean {\r\n return Array.isArray(value);\r\n}\r\n\r\nfunction scanObject(\r\n value: unknown,\r\n forbiddenFields:\r\n readonly string[]\r\n): boolean {\r\n\r\n if (\r\n typeof value !== \"object\" \|\|\r\n value === null\r\n ) {\r\n return true;\r\n }\r\n\r\n if (Array.isArray(value)) {\r\n return value.every(\r\n (item) =>\r\n scanObject(\r\n item,\r\n forbiddenFields\r\n )\r\n );\r\n }\r\n\r\n for (\r\n const [key, nested]\r\n of Object.entries(value)\r\n ) {\r\n\r\n if (\r\n forbiddenFields.includes(\r\n key\r\n )\r\n ) {\r\n return false;\r\n }\r\n\r\n if (\r\n !scanObject(\r\n nested,\r\n forbiddenFields\r\n )\r\n ) {\r\n return false;\r\n }\r\n }\r\n\r\n return true;\r\n}\r\n\r\n/\r\n Recursively scans `payload` and returns `false` if any object key matches\r\n * a name in `forbiddenFields`.\r\n \r\n Used by {@link LocalValidator} to enforce that operational-metadata fields\r\n * have not contaminated the deterministic signing scope.\r\n \r\n @param payload - The payload object to inspect.\r\n * @param forbiddenFields - Field names that must not appear anywhere in the payload.\r\n /\r\nexport function assertNoOperationalMetadata(\r\n payload: unknown,\r\n forbiddenFields:\r\n readonly string[]\r\n): boolean {\r\n\r\n return scanObject(\r\n payload,\r\n forbiddenFields\r\n );\r\n}\r\n","/\r\n Field names that must not appear inside a deterministic payload.\r\n \r\n These are operational-metadata fields that introduce non-determinism\r\n * (timestamps, hostnames, trace IDs, deployment context) and would break\r\n * reproducible verification if present in the signed payload scope.\r\n \r\n Used as the default for {@link ValidatorConfig.forbiddenDeterministicFields}.\r\n /\r\nexport const forbiddenDeterministicFields = [\r\n \"generatedAt\",\r\n \"environment\",\r\n \"host\",\r\n \"runtime\",\r\n \"traceId\"\r\n] as const;\r\n","import { canonicalize } from \"./canonicalize.js\";\r\n\r\nimport {\r\n assertNoOperationalMetadata\r\n} from \"./invariants.js\";\r\n\r\nimport {\r\n forbiddenDeterministicFields\r\n} from \"./deterministic-policy.js\";\r\n\r\nimport {\r\n ValidatorConfig\r\n} from \"./types/validator-config.js\";\r\n\r\nimport { ValidationResult } from \"./types/validation.js\";\r\n\r\nimport { SignedEnvelope } from \"./types/envelope.js\";\r\n\r\n/\r\n Multi-stage validator for {@link SignedEnvelope} values.\r\n \r\n Runs up to five sequential checks (structure → canonical → deterministic →\r\n * metadata isolation → cryptographic) and returns a detailed\r\n * {@link ValidationResult} with per-stage flags and error messages.\r\n \r\n Note: the `cryptographic` stage is not yet implemented and always returns\r\n * `false`, so `valid` is always `false`. Use `@parmanasystems/verifier` for\r\n * cryptographic attestation verification.\r\n /\r\nexport class LocalValidator {\r\n\r\n private readonly config:\r\n ValidatorConfig;\r\n\r\n /\r\n @param config - Optional override for {@link ValidatorConfig}.\r\n * Defaults to using {@link forbiddenDeterministicFields}.\r\n /\r\n constructor(\r\n config: ValidatorConfig = {}\r\n ) {\r\n this.config = {\r\n forbiddenDeterministicFields,\r\n ...config\r\n };\r\n }\r\n\r\n private extractDeterministicPayload(\r\n envelope: SignedEnvelope<unknown>\r\n ): unknown {\r\n return envelope.payload;\r\n }\r\n\r\n /* Returns `true` when `envelope` has `payload` (any value) and `signature` (string). /\r\n validateStructure(\r\n envelope: SignedEnvelope<unknown>\r\n ): boolean {\r\n\r\n return (\r\n typeof envelope === \"object\" &&\r\n envelope !== null &&\r\n \"payload\" in envelope &&\r\n \"signature\" in envelope &&\r\n typeof envelope.signature === \"string\"\r\n );\r\n }\r\n\r\n /* Returns `true` when `payload` can be serialized through the canonical JSON pipeline without error. /\r\n validateCanonical(\r\n payload: unknown\r\n ): boolean {\r\n\r\n try {\r\n\r\n canonicalize(payload);\r\n\r\n return true;\r\n\r\n } catch {\r\n\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Returns `true` when the canonical form of the payload alone equals the\r\n * canonical form of `{ payload }`, confirming that no metadata fields have\r\n * leaked into the deterministic signing scope.\r\n /\r\n validateMetadataIsolation(\r\n envelope: SignedEnvelope<unknown>\r\n ): boolean {\r\n\r\n try {\r\n\r\n const canonicalPayload =\r\n canonicalize(\r\n this.extractDeterministicPayload(\r\n envelope\r\n )\r\n );\r\n\r\n const canonicalEnvelope =\r\n canonicalize({\r\n payload:\r\n this.extractDeterministicPayload(\r\n envelope\r\n )\r\n });\r\n\r\n return (\r\n canonicalPayload ===\r\n canonicalEnvelope\r\n );\r\n\r\n } catch {\r\n\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Runs all five validation stages against `envelope` and returns a\r\n * {@link ValidationResult} with per-stage flags and accumulated error messages.\r\n */\r\n validate(\r\n envelope: SignedEnvelope<unknown>\r\n ): ValidationResult {\r\n\r\n const structure =\r\n this.validateStructure(\r\n envelope\r\n );\r\n\r\n const canonical =\r\n structure &&\r\n this.validateCanonical(\r\n envelope.payload\r\n );\r\n\r\n const deterministic =\r\n structure &&\r\n assertNoOperationalMetadata(\r\n envelope.payload,\r\n this.config\r\n .forbiddenDeterministicFields ??\r\n []\r\n );\r\n\r\n const metadataIsolation =\r\n structure &&\r\n this.validateMetadataIsolation(\r\n envelope\r\n );\r\n\r\n const cryptographic =\r\n false;\r\n\r\n const errors: string[] =\r\n [];\r\n\r\n if (!structure) {\r\n errors.push(\r\n \"Invalid structure.\"\r\n );\r\n }\r\n\r\n if (!canonical) {\r\n errors.push(\r\n \"Canonicalization validation failed.\"\r\n );\r\n }\r\n\r\n if (!deterministic) {\r\n errors.push(\r\n \"Operational metadata contamination detected.\"\r\n );\r\n }\r\n\r\n if (!metadataIsolation) {\r\n errors.push(\r\n \"Metadata isolation validation failed.\"\r\n );\r\n }\r\n\r\n return {\r\n valid:\r\n structure &&\r\n canonical &&\r\n deterministic &&\r\n metadataIsolation &&\r\n cryptographic,\r\n\r\n verified:\r\n cryptographic,\r\n\r\n stages: {\r\n structure,\r\n canonical,\r\n deterministic,\r\n metadataIsolation,\r\n cryptographic\r\n },\r\n\r\n errors\r\n };\r\n }\r\n}\r\n"],"mappings":";AAGA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,OACK;AAKP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAKP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAkCP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;AC9EP,OAAO,YAAY;AAkBnB,eAAsB,gBACpB,OACA,SACwB;AAExB,QAAM,cACJ,OAAO,WAAW;AAEpB,QAAM,cACJ,oBAAI,KAAK;AAEX,QAAM,qBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb;AAAA,MACA,cACE,MAAM;AAAA,MACR,aACE,MAAM;AAAA,MACR,eACE,MAAM;AAAA,MACR,QACE,MAAM;AAAA,MACR;AAAA,IACF,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAEjB,QAAM,WAA0B;AAAA,IAE9B,IAAI;AAAA,IAEJ;AAAA,IAEA,cACE,MAAM;AAAA,IAER,aACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,QACE,MAAM;AAAA,IAER;AAAA,IAEA;AAAA,IAEA,aACE;AAAA,EACJ;AAEA,QAAM,QAAQ;AAAA,IACZ;AAAA,EACF;AAEA,QAAM,QAAQ;AAAA,IACZ,MAAM;AAAA,EACR;AAEA,SAAO;AACT;;;ACnFA,SAAS,SAAS,OAAiB;AACjC,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,QAAQ;AAAA,EAC3B;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,WAAO,OAAO,KAAK,KAAK,EACrB,KAAK,EACL,OAAO,CAAC,KAAK,QAAQ;AACpB,UAAI,GAAG,IAAI,SAAS,MAAM,GAAG,CAAC;AAC9B,aAAO;AAAA,IACT,GAAG,CAAC,CAA4B;AAAA,EACpC;AAEA,SAAO;AACT;AASO,SAAS,aAAa,OAAwB;AACnD,SAAO,KAAK,UAAU,SAAS,KAAK,CAAC;AACvC;;;ACzBO,SAAS,qBACd,OACS;AACT,SACE,OAAO,UAAU,YACjB,MAAM,KAAK,EAAE,SAAS;AAE1B;AAGO,SAAS,YACd,OACS;AACT,SAAO,MAAM,QAAQ,KAAK;AAC5B;AAEA,SAAS,WACP,OACA,iBAES;AAET,MACE,OAAO,UAAU,YACjB,UAAU,MACV;AACA,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM;AAAA,MACX,CAAC,SACC;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,aACQ,CAAC,KAAK,MAAM,KACf,OAAO,QAAQ,KAAK,GACvB;AAEA,QACE,gBAAgB;AAAA,MACd;AAAA,IACF,GACA;AACA,aAAO;AAAA,IACT;AAEA,QACE,CAAC;AAAA,MACC;AAAA,MACA;AAAA,IACF,GACA;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAYO,SAAS,4BACd,SACA,iBAES;AAET,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;AC7EO,IAAM,+BAA+B;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACcO,IAAM,iBAAN,MAAqB;AAAA,EAET;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjB,YACE,SAA0B,CAAC,GAC3B;AACA,SAAK,SAAS;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEQ,4BACN,UACS;AACT,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,kBACE,UACS;AAET,WACE,OAAO,aAAa,YACpB,aAAa,QACb,aAAa,YACb,eAAe,YACf,OAAO,SAAS,cAAc;AAAA,EAElC;AAAA;AAAA,EAGA,kBACE,SACS;AAET,QAAI;AAEF,mBAAa,OAAO;AAEpB,aAAO;AAAA,IAET,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,0BACE,UACS;AAET,QAAI;AAEF,YAAM,mBACJ;AAAA,QACE,KAAK;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAEF,YAAM,oBACJ,aAAa;AAAA,QACX,SACE,KAAK;AAAA,UACH;AAAA,QACF;AAAA,MACJ,CAAC;AAEH,aACE,qBACA;AAAA,IAGJ,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SACE,UACkB;AAElB,UAAM,YACJ,KAAK;AAAA,MACH;AAAA,IACF;AAEF,UAAM,YACJ,aACA,KAAK;AAAA,MACH,SAAS;AAAA,IACX;AAEF,UAAM,gBACJ,aACA;AAAA,MACE,SAAS;AAAA,MACT,KAAK,OACF,gCACD,CAAC;AAAA,IACL;AAEF,UAAM,oBACJ,aACA,KAAK;AAAA,MACH;AAAA,IACF;AAEF,UAAM,gBACJ;AAEF,UAAM,SACJ,CAAC;AAEH,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,eAAe;AAClB,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OACE,aACA,aACA,iBACA,qBACA;AAAA,MAEF,UACE;AAAA,MAEF,QAAQ;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MAEA;AAAA,IACF;AAAA,EACF;AACF;","names":[]}
1	+ {"version":3,"sources":["../src/index.ts","../src/override.ts","../src/canonicalize.ts","../src/invariants.ts","../src/deterministic-policy.ts","../src/validator.ts"],"sourcesContent":["// -----------------------------\r\n// Governance Lifecycle\r\n// -----------------------------\r\nexport {\r\n createPolicy,\r\n upgradePolicy,\r\n validatePolicy,\r\n generateBundle\r\n} from \"@parmanasystems/governance\";\r\n\r\nexport {\r\n signBundle\r\n} from \"@parmanasystems/crypto\";\r\n\r\n// -----------------------------\r\n// Deterministic Execution\r\n// -----------------------------\r\nexport {\r\n executeFromSignals,\r\n executeDecision,\r\n issueToken,\r\n verifyExecutionToken,\r\n getRuntimeManifest,\r\n signRuntimeManifest,\r\n verifyRuntimeManifest,\r\n LocalSigner,\r\n LocalVerifier,\r\n MemoryReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n// -----------------------------\r\n// Portable Verification\r\n// -----------------------------\r\nexport {\r\n verifyAttestation,\r\n verifyBundle,\r\n verifyRuntime,\r\n verifyRuntimeCompatibility,\r\n verifyExecutionRequirements\r\n} from \"@parmanasystems/verifier\";\r\n\r\n// -----------------------------\r\n// Canonical Governance Types\r\n// -----------------------------\r\nexport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n ExecutionToken,\r\n RuntimeManifest,\r\n Signer,\r\n Verifier,\r\n ReplayStore,\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport type {\r\n RuntimeRequirements,\r\n} from \"@parmanasystems/governance\";\r\n\r\nexport type {\r\n DecisionResult,\r\n DecisionOutcome\r\n} from \"@parmanasystems/contracts\";\r\n\r\n// -----------------------------\r\n// Invariant Registry\r\n// -----------------------------\r\nexport type {\r\n InvariantBoundary,\r\n InvariantEntry,\r\n InvariantId,\r\n ViolationReport,\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport {\r\n INVARIANT_REGISTRY,\r\n InvariantViolation,\r\n violate,\r\n hashInput,\r\n} from \"@parmanasystems/execution\";\r\n\r\n// -----------------------------\r\n// Override Authority\r\n// -----------------------------\r\nexport {\r\n approveOverride\r\n} from \"./override.js\";\r\n\r\nexport type {\r\n ApproveOverrideInput\r\n} from \"./override.js\";\r\n\r\n// -----------------------------\r\n// Deterministic Validation\r\n// -----------------------------\r\nexport * from \"./canonicalize.js\";\r\nexport * from \"./validator.js\";\r\nexport * from \"./invariants.js\";\r\n\r\n// -----------------------------\r\n// Validation Types\r\n// -----------------------------\r\nexport * from \"./types/envelope.js\";\r\nexport * from \"./types/payloads.js\";\r\nexport * from \"./types/validation.js\";\r\nexport * from \"./types/metadata.js\";\r\nexport * from \"./deterministic-policy.js\";\r\nexport * from \"./types/validator-config.js\";","import crypto from \"node:crypto\";\r\n\r\nimport type {\r\n AuditOverride\r\n} from \"@parmanasystems/audit-db\";\r\n\r\nexport interface ApproveOverrideInput {\r\n\r\n execution_id: string;\r\n\r\n approved_by: string;\r\n\r\n approver_role: string;\r\n\r\n reason: string;\r\n}\r\n\r\nexport async function approveOverride(\r\n input: ApproveOverrideInput\r\n): Promise<AuditOverride> {\r\n\r\n const override_id =\r\n crypto.randomUUID();\r\n\r\n const approved_at =\r\n new Date();\r\n\r\n const override_signature =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n override_id,\r\n execution_id:\r\n input.execution_id,\r\n approved_by:\r\n input.approved_by,\r\n approver_role:\r\n input.approver_role,\r\n reason:\r\n input.reason,\r\n approved_at\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n const override: AuditOverride = {\r\n\r\n id: 0,\r\n\r\n override_id,\r\n\r\n execution_id:\r\n input.execution_id,\r\n\r\n approved_by:\r\n input.approved_by,\r\n\r\n approver_role:\r\n input.approver_role,\r\n\r\n reason:\r\n input.reason,\r\n\r\n override_signature,\r\n\r\n approved_at,\r\n\r\n recorded_at:\r\n approved_at\r\n };\r\n\r\n return override;\r\n}","function sortKeys(value: any): any {\r\n if (Array.isArray(value)) {\r\n return value.map(sortKeys);\r\n }\r\n\r\n if (value && typeof value === \"object\") {\r\n return Object.keys(value)\r\n .sort()\r\n .reduce((acc, key) => {\r\n acc[key] = sortKeys(value[key]);\r\n return acc;\r\n }, {} as Record<string, unknown>);\r\n }\r\n\r\n return value;\r\n}\r\n\r\n/*\r\n Serializes `value` to a stable, compact JSON string with object keys sorted\r\n * recursively. Used by the core validation pipeline for determinism checks.\r\n \r\n Note: unlike `@parmanasystems/bundle`'s `canonicalize`, this variant uses\r\n * compact output (`JSON.stringify` without indentation) for in-memory comparisons.\r\n /\r\nexport function canonicalize(value: unknown): string {\r\n return JSON.stringify(sortKeys(value));\r\n}\r\n","/* Returns `true` when `value` is a non-empty, non-whitespace-only string. /\r\nexport function assertNonEmptyString(\r\n value: unknown\r\n): boolean {\r\n return (\r\n typeof value === \"string\" &&\r\n value.trim().length > 0\r\n );\r\n}\r\n\r\n/* Returns `true` when `value` is an array. /\r\nexport function assertArray(\r\n value: unknown\r\n): boolean {\r\n return Array.isArray(value);\r\n}\r\n\r\nfunction scanObject(\r\n value: unknown,\r\n forbiddenFields:\r\n readonly string[]\r\n): boolean {\r\n\r\n if (\r\n typeof value !== \"object\" \|\|\r\n value === null\r\n ) {\r\n return true;\r\n }\r\n\r\n if (Array.isArray(value)) {\r\n return value.every(\r\n (item) =>\r\n scanObject(\r\n item,\r\n forbiddenFields\r\n )\r\n );\r\n }\r\n\r\n for (\r\n const [key, nested]\r\n of Object.entries(value)\r\n ) {\r\n\r\n if (\r\n forbiddenFields.includes(\r\n key\r\n )\r\n ) {\r\n return false;\r\n }\r\n\r\n if (\r\n !scanObject(\r\n nested,\r\n forbiddenFields\r\n )\r\n ) {\r\n return false;\r\n }\r\n }\r\n\r\n return true;\r\n}\r\n\r\n/\r\n Recursively scans `payload` and returns `false` if any object key matches\r\n * a name in `forbiddenFields`.\r\n \r\n Used by {@link LocalValidator} to enforce that operational-metadata fields\r\n * have not contaminated the deterministic signing scope.\r\n \r\n @param payload - The payload object to inspect.\r\n * @param forbiddenFields - Field names that must not appear anywhere in the payload.\r\n /\r\nexport function assertNoOperationalMetadata(\r\n payload: unknown,\r\n forbiddenFields:\r\n readonly string[]\r\n): boolean {\r\n\r\n return scanObject(\r\n payload,\r\n forbiddenFields\r\n );\r\n}\r\n","/\r\n Field names that must not appear inside a deterministic payload.\r\n \r\n These are operational-metadata fields that introduce non-determinism\r\n * (timestamps, hostnames, trace IDs, deployment context) and would break\r\n * reproducible verification if present in the signed payload scope.\r\n \r\n Used as the default for {@link ValidatorConfig.forbiddenDeterministicFields}.\r\n /\r\nexport const forbiddenDeterministicFields = [\r\n \"generatedAt\",\r\n \"environment\",\r\n \"host\",\r\n \"runtime\",\r\n \"traceId\"\r\n] as const;\r\n","import { canonicalize } from \"./canonicalize.js\";\r\n\r\nimport {\r\n assertNoOperationalMetadata\r\n} from \"./invariants.js\";\r\n\r\nimport {\r\n forbiddenDeterministicFields\r\n} from \"./deterministic-policy.js\";\r\n\r\nimport {\r\n ValidatorConfig\r\n} from \"./types/validator-config.js\";\r\n\r\nimport { ValidationResult } from \"./types/validation.js\";\r\n\r\nimport { SignedEnvelope } from \"./types/envelope.js\";\r\n\r\n/\r\n Multi-stage validator for {@link SignedEnvelope} values.\r\n \r\n Runs up to five sequential checks (structure → canonical → deterministic →\r\n * metadata isolation → cryptographic) and returns a detailed\r\n * {@link ValidationResult} with per-stage flags and error messages.\r\n \r\n Note: the `cryptographic` stage is not yet implemented and always returns\r\n * `false`, so `valid` is always `false`. Use `@parmanasystems/verifier` for\r\n * cryptographic attestation verification.\r\n /\r\nexport class LocalValidator {\r\n\r\n private readonly config:\r\n ValidatorConfig;\r\n\r\n /\r\n @param config - Optional override for {@link ValidatorConfig}.\r\n * Defaults to using {@link forbiddenDeterministicFields}.\r\n /\r\n constructor(\r\n config: ValidatorConfig = {}\r\n ) {\r\n this.config = {\r\n forbiddenDeterministicFields,\r\n ...config\r\n };\r\n }\r\n\r\n private extractDeterministicPayload(\r\n envelope: SignedEnvelope<unknown>\r\n ): unknown {\r\n return envelope.payload;\r\n }\r\n\r\n /* Returns `true` when `envelope` has `payload` (any value) and `signature` (string). /\r\n validateStructure(\r\n envelope: SignedEnvelope<unknown>\r\n ): boolean {\r\n\r\n return (\r\n typeof envelope === \"object\" &&\r\n envelope !== null &&\r\n \"payload\" in envelope &&\r\n \"signature\" in envelope &&\r\n typeof envelope.signature === \"string\"\r\n );\r\n }\r\n\r\n /* Returns `true` when `payload` can be serialized through the canonical JSON pipeline without error. /\r\n validateCanonical(\r\n payload: unknown\r\n ): boolean {\r\n\r\n try {\r\n\r\n canonicalize(payload);\r\n\r\n return true;\r\n\r\n } catch {\r\n\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Returns `true` when the canonical form of the payload alone equals the\r\n * canonical form of `{ payload }`, confirming that no metadata fields have\r\n * leaked into the deterministic signing scope.\r\n /\r\n validateMetadataIsolation(\r\n envelope: SignedEnvelope<unknown>\r\n ): boolean {\r\n\r\n try {\r\n\r\n const canonicalPayload =\r\n canonicalize(\r\n this.extractDeterministicPayload(\r\n envelope\r\n )\r\n );\r\n\r\n const canonicalEnvelope =\r\n canonicalize({\r\n payload:\r\n this.extractDeterministicPayload(\r\n envelope\r\n )\r\n });\r\n\r\n return (\r\n canonicalPayload ===\r\n canonicalEnvelope\r\n );\r\n\r\n } catch {\r\n\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Runs all five validation stages against `envelope` and returns a\r\n * {@link ValidationResult} with per-stage flags and accumulated error messages.\r\n */\r\n validate(\r\n envelope: SignedEnvelope<unknown>\r\n ): ValidationResult {\r\n\r\n const structure =\r\n this.validateStructure(\r\n envelope\r\n );\r\n\r\n const canonical =\r\n structure &&\r\n this.validateCanonical(\r\n envelope.payload\r\n );\r\n\r\n const deterministic =\r\n structure &&\r\n assertNoOperationalMetadata(\r\n envelope.payload,\r\n this.config\r\n .forbiddenDeterministicFields ??\r\n []\r\n );\r\n\r\n const metadataIsolation =\r\n structure &&\r\n this.validateMetadataIsolation(\r\n envelope\r\n );\r\n\r\n const cryptographic =\r\n false;\r\n\r\n const errors: string[] =\r\n [];\r\n\r\n if (!structure) {\r\n errors.push(\r\n \"Invalid structure.\"\r\n );\r\n }\r\n\r\n if (!canonical) {\r\n errors.push(\r\n \"Canonicalization validation failed.\"\r\n );\r\n }\r\n\r\n if (!deterministic) {\r\n errors.push(\r\n \"Operational metadata contamination detected.\"\r\n );\r\n }\r\n\r\n if (!metadataIsolation) {\r\n errors.push(\r\n \"Metadata isolation validation failed.\"\r\n );\r\n }\r\n\r\n return {\r\n valid:\r\n structure &&\r\n canonical &&\r\n deterministic &&\r\n metadataIsolation &&\r\n cryptographic,\r\n\r\n verified:\r\n cryptographic,\r\n\r\n stages: {\r\n structure,\r\n canonical,\r\n deterministic,\r\n metadataIsolation,\r\n cryptographic\r\n },\r\n\r\n errors\r\n };\r\n }\r\n}\r\n"],"mappings":";AAGA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,OACK;AAKP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAKP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAkCP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;AC9EP,OAAO,YAAY;AAiBnB,eAAsB,gBACpB,OACwB;AAExB,QAAM,cACJ,OAAO,WAAW;AAEpB,QAAM,cACJ,oBAAI,KAAK;AAEX,QAAM,qBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb;AAAA,MACA,cACE,MAAM;AAAA,MACR,aACE,MAAM;AAAA,MACR,eACE,MAAM;AAAA,MACR,QACE,MAAM;AAAA,MACR;AAAA,IACF,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAEjB,QAAM,WAA0B;AAAA,IAE9B,IAAI;AAAA,IAEJ;AAAA,IAEA,cACE,MAAM;AAAA,IAER,aACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,QACE,MAAM;AAAA,IAER;AAAA,IAEA;AAAA,IAEA,aACE;AAAA,EACJ;AAEA,SAAO;AACT;;;ACzEA,SAAS,SAAS,OAAiB;AACjC,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,IAAI,QAAQ;AAAA,EAC3B;AAEA,MAAI,SAAS,OAAO,UAAU,UAAU;AACtC,WAAO,OAAO,KAAK,KAAK,EACrB,KAAK,EACL,OAAO,CAAC,KAAK,QAAQ;AACpB,UAAI,GAAG,IAAI,SAAS,MAAM,GAAG,CAAC;AAC9B,aAAO;AAAA,IACT,GAAG,CAAC,CAA4B;AAAA,EACpC;AAEA,SAAO;AACT;AASO,SAAS,aAAa,OAAwB;AACnD,SAAO,KAAK,UAAU,SAAS,KAAK,CAAC;AACvC;;;ACzBO,SAAS,qBACd,OACS;AACT,SACE,OAAO,UAAU,YACjB,MAAM,KAAK,EAAE,SAAS;AAE1B;AAGO,SAAS,YACd,OACS;AACT,SAAO,MAAM,QAAQ,KAAK;AAC5B;AAEA,SAAS,WACP,OACA,iBAES;AAET,MACE,OAAO,UAAU,YACjB,UAAU,MACV;AACA,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM;AAAA,MACX,CAAC,SACC;AAAA,QACE;AAAA,QACA;AAAA,MACF;AAAA,IACJ;AAAA,EACF;AAEA,aACQ,CAAC,KAAK,MAAM,KACf,OAAO,QAAQ,KAAK,GACvB;AAEA,QACE,gBAAgB;AAAA,MACd;AAAA,IACF,GACA;AACA,aAAO;AAAA,IACT;AAEA,QACE,CAAC;AAAA,MACC;AAAA,MACA;AAAA,IACF,GACA;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAYO,SAAS,4BACd,SACA,iBAES;AAET,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;AC7EO,IAAM,+BAA+B;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;;;ACcO,IAAM,iBAAN,MAAqB;AAAA,EAET;AAAA;AAAA;AAAA;AAAA;AAAA,EAOjB,YACE,SAA0B,CAAC,GAC3B;AACA,SAAK,SAAS;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEQ,4BACN,UACS;AACT,WAAO,SAAS;AAAA,EAClB;AAAA;AAAA,EAGA,kBACE,UACS;AAET,WACE,OAAO,aAAa,YACpB,aAAa,QACb,aAAa,YACb,eAAe,YACf,OAAO,SAAS,cAAc;AAAA,EAElC;AAAA;AAAA,EAGA,kBACE,SACS;AAET,QAAI;AAEF,mBAAa,OAAO;AAEpB,aAAO;AAAA,IAET,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,0BACE,UACS;AAET,QAAI;AAEF,YAAM,mBACJ;AAAA,QACE,KAAK;AAAA,UACH;AAAA,QACF;AAAA,MACF;AAEF,YAAM,oBACJ,aAAa;AAAA,QACX,SACE,KAAK;AAAA,UACH;AAAA,QACF;AAAA,MACJ,CAAC;AAEH,aACE,qBACA;AAAA,IAGJ,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SACE,UACkB;AAElB,UAAM,YACJ,KAAK;AAAA,MACH;AAAA,IACF;AAEF,UAAM,YACJ,aACA,KAAK;AAAA,MACH,SAAS;AAAA,IACX;AAEF,UAAM,gBACJ,aACA;AAAA,MACE,SAAS;AAAA,MACT,KAAK,OACF,gCACD,CAAC;AAAA,IACL;AAEF,UAAM,oBACJ,aACA,KAAK;AAAA,MACH;AAAA,IACF;AAEF,UAAM,gBACJ;AAEF,UAAM,SACJ,CAAC;AAEH,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,WAAW;AACd,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,eAAe;AAClB,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmB;AACtB,aAAO;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,OACE,aACA,aACA,iBACA,qBACA;AAAA,MAEF,UACE;AAAA,MAEF,QAAQ;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MAEA;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@parmanasystems/core",
-  "version": "1.55.0",
+  "version": "1.59.0",
   "private": false,
   "type": "module",
   "scripts": {
@@ -18,12 +18,12 @@
   ],
   "sideEffects": false,
   "dependencies": {
-    "@parmanasystems/audit-db": "^1.55.0",
-    "@parmanasystems/bundle": "^1.55.0",
-    "@parmanasystems/crypto": "^1.55.0",
-    "@parmanasystems/execution": "^1.55.0",
-    "@parmanasystems/governance": "^1.55.0",
-    "@parmanasystems/verifier": "^1.55.0"
+    "@parmanasystems/audit-db": "^1.59.0",
+    "@parmanasystems/bundle": "^1.59.0",
+    "@parmanasystems/crypto": "^1.59.0",
+    "@parmanasystems/execution": "^1.59.0",
+    "@parmanasystems/governance": "^1.59.0",
+    "@parmanasystems/verifier": "^1.59.0"
   },
   "description": "Public orchestration and SDK surface for parmanasystems deterministic governance infrastructure.",
   "license": "Apache-2.0",