@parmanasystems/execution-runtime 1.71.22 → 1.71.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts +14 -2
  2. package/dist/index.js +109 -27
  3. package/dist/index.js.map +1 -1
  4. package/package.json +2 -2
package/dist/index.d.ts CHANGED
@@ -58,12 +58,18 @@ declare class RedisReplayStore implements AsyncReplayStore {
58
58
  constructor(url: string);
59
59
  hasExecuted(execution_fingerprint: string): Promise<boolean>;
60
60
  markExecuted(execution_fingerprint: string): Promise<void>;
61
+ reserve(execution_fingerprint: string): Promise<void>;
62
+ confirm(execution_fingerprint: string): Promise<void>;
61
63
  get(key: string): Promise<string | null>;
62
64
  set(key: string, value: string): Promise<void>;
63
65
  del(key: string): Promise<void>;
64
66
  close(): Promise<void>;
65
67
  }
66
68
 
69
+ interface MemoryReplayStoreOptions {
70
+ warnInProduction?: boolean;
71
+ maxSize?: number;
72
+ }
67
73
  /**
68
74
  * 🔒 In-memory replay protection
69
75
  *
@@ -72,9 +78,15 @@ declare class RedisReplayStore implements AsyncReplayStore {
72
78
  * operational execution IDs.
73
79
  */
74
80
  declare class MemoryReplayStore implements ReplayStore {
75
- private store;
81
+ private reserved;
82
+ private confirmed;
83
+ private maxSize;
84
+ constructor(options?: MemoryReplayStoreOptions);
85
+ reserve(execution_fingerprint: string): Promise<void>;
86
+ confirm(execution_fingerprint: string): Promise<void>;
76
87
  markExecuted(execution_fingerprint: string): Promise<void>;
77
88
  hasExecuted(execution_fingerprint: string): Promise<boolean>;
89
+ private checkMaxSize;
78
90
  }
79
91
 
80
92
  declare function resolveOverride(executionId: string, replayStore: AsyncReplayStore & {
@@ -102,4 +114,4 @@ interface DryRunResult {
102
114
  }
103
115
  declare function evaluateDryRun(policyId: string, policyVersion: string, signals: Record<string, unknown>, governed_time?: string): DryRunResult;
104
116
 
105
- export { type DryRunResult, MemoryReplayStore, RedisReplayStore, addReviewTask, evaluateDryRun, executeBatch, executeFromSignals, executeWithRedis, getAllTasks, resolveOverride };
117
+ export { type DryRunResult, MemoryReplayStore, type MemoryReplayStoreOptions, RedisReplayStore, addReviewTask, evaluateDryRun, executeBatch, executeFromSignals, executeWithRedis, getAllTasks, resolveOverride };
package/dist/index.js CHANGED
@@ -6,8 +6,7 @@ import {
6
6
  evaluatePolicy,
7
7
  loadPolicy,
8
8
  canonicalizeForSigning,
9
- validateSignalsStrict,
10
- violate
9
+ validateSignalsStrict
11
10
  } from "@parmanasystems/execution";
12
11
  import crypto from "crypto";
13
12
  async function executeFromSignals(input, signer, verifier, replayStore) {
@@ -35,20 +34,23 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
35
34
  signals: input.signals
36
35
  })
37
36
  ).digest("hex");
38
- const hasRun = await replayStore.hasExecuted(
39
- execution_fingerprint
40
- );
41
- if (hasRun) {
42
- violate(
43
- "INV-013",
44
- "replay",
45
- `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`,
37
+ if (replayStore.reserve) {
38
+ await replayStore.reserve(
39
+ execution_fingerprint
40
+ );
41
+ } else {
42
+ const alreadyExecuted = await replayStore.hasExecuted(
43
+ execution_fingerprint
44
+ );
45
+ if (alreadyExecuted) {
46
+ throw new Error(
47
+ `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
48
+ );
49
+ }
50
+ await replayStore.markExecuted(
46
51
  execution_fingerprint
47
52
  );
48
53
  }
49
- await replayStore.markExecuted(
50
- execution_fingerprint
51
- );
52
54
  const runtimeManifest = getRuntimeManifest();
53
55
  const token = issueToken({
54
56
  executionId: execution_fingerprint,
@@ -64,7 +66,7 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
64
66
  token
65
67
  )
66
68
  );
67
- return executeDecision({
69
+ const attestation = await executeDecision({
68
70
  token,
69
71
  execution_fingerprint,
70
72
  token_signature,
@@ -78,6 +80,19 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
78
80
  supported_schemaVersions: runtimeManifest.supported_schemaVersions
79
81
  }
80
82
  });
83
+ if (replayStore.confirm) {
84
+ try {
85
+ await replayStore.confirm(
86
+ execution_fingerprint
87
+ );
88
+ } catch (err) {
89
+ console.warn(
90
+ "[PARMANA WARNING] Failed to confirm execution fingerprint after successful execution:",
91
+ err
92
+ );
93
+ }
94
+ }
95
+ return attestation;
81
96
  }
82
97
 
83
98
  // src/execute-with-redis.ts
@@ -128,10 +143,15 @@ var RedisReplayStore = class {
128
143
  this.client = new Redis(url);
129
144
  }
130
145
  async hasExecuted(execution_fingerprint) {
131
- const res = await this.client.exists(
132
- `exec:${execution_fingerprint}`
133
- );
134
- return res === 1;
146
+ const [confirmed, pending] = await Promise.all([
147
+ this.client.exists(
148
+ `exec:${execution_fingerprint}`
149
+ ),
150
+ this.client.exists(
151
+ `exec:pending:${execution_fingerprint}`
152
+ )
153
+ ]);
154
+ return confirmed === 1 || pending === 1;
135
155
  }
136
156
  async markExecuted(execution_fingerprint) {
137
157
  const result = await this.client.set(
@@ -145,6 +165,35 @@ var RedisReplayStore = class {
145
165
  );
146
166
  }
147
167
  }
168
+ async reserve(execution_fingerprint) {
169
+ const alreadyConfirmed = await this.client.exists(
170
+ `exec:${execution_fingerprint}`
171
+ );
172
+ if (alreadyConfirmed === 1) {
173
+ throw new Error(
174
+ `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
175
+ );
176
+ }
177
+ const result = await this.client.set(
178
+ `exec:pending:${execution_fingerprint}`,
179
+ "1",
180
+ "NX"
181
+ );
182
+ if (result !== "OK") {
183
+ throw new Error(
184
+ `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
185
+ );
186
+ }
187
+ }
188
+ async confirm(execution_fingerprint) {
189
+ await this.client.set(
190
+ `exec:${execution_fingerprint}`,
191
+ "1"
192
+ );
193
+ await this.client.del(
194
+ `exec:pending:${execution_fingerprint}`
195
+ );
196
+ }
148
197
  async get(key) {
149
198
  return this.client.get(key);
150
199
  }
@@ -163,26 +212,59 @@ var RedisReplayStore = class {
163
212
  };
164
213
 
165
214
  // src/memory-replay-store.ts
215
+ var DEFAULT_MAX_SIZE = 1e6;
166
216
  var MemoryReplayStore = class {
167
- constructor() {
168
- this.store = /* @__PURE__ */ new Set();
217
+ constructor(options = {}) {
218
+ this.reserved = /* @__PURE__ */ new Set();
219
+ this.confirmed = /* @__PURE__ */ new Set();
220
+ const {
221
+ warnInProduction = true,
222
+ maxSize = DEFAULT_MAX_SIZE
223
+ } = options;
224
+ this.maxSize = maxSize;
225
+ if (warnInProduction && process.env["NODE_ENV"] === "production") {
226
+ console.warn(
227
+ "[PARMANA WARNING] MemoryReplayStore is not suitable for production. It loses all replay protection on process restart and does not work across multiple processes. Use RedisReplayStore in production."
228
+ );
229
+ }
169
230
  }
170
- async markExecuted(execution_fingerprint) {
171
- if (this.store.has(
172
- execution_fingerprint
173
- )) {
231
+ async reserve(execution_fingerprint) {
232
+ if (this.reserved.has(execution_fingerprint) || this.confirmed.has(execution_fingerprint)) {
174
233
  throw new Error(
175
234
  `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`
176
235
  );
177
236
  }
178
- this.store.add(
237
+ this.checkMaxSize();
238
+ this.reserved.add(
179
239
  execution_fingerprint
180
240
  );
181
241
  }
182
- async hasExecuted(execution_fingerprint) {
183
- return this.store.has(
242
+ async confirm(execution_fingerprint) {
243
+ this.reserved.delete(
184
244
  execution_fingerprint
185
245
  );
246
+ this.confirmed.add(
247
+ execution_fingerprint
248
+ );
249
+ }
250
+ async markExecuted(execution_fingerprint) {
251
+ await this.reserve(
252
+ execution_fingerprint
253
+ );
254
+ await this.confirm(
255
+ execution_fingerprint
256
+ );
257
+ }
258
+ async hasExecuted(execution_fingerprint) {
259
+ return this.reserved.has(execution_fingerprint) || this.confirmed.has(execution_fingerprint);
260
+ }
261
+ checkMaxSize() {
262
+ const total = this.reserved.size + this.confirmed.size;
263
+ if (total >= this.maxSize) {
264
+ throw new Error(
265
+ `MemoryReplayStore has reached maximum size of ${this.maxSize} entries. Switch to RedisReplayStore for production use.`
266
+ );
267
+ }
186
268
  }
187
269
  };
188
270
 
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/execute-from-signals.ts","../src/execute-with-redis.ts","../src/execute-batch.ts","../src/redis-replay-store.ts","../src/memory-replay-store.ts","../src/resolve-override.ts","../src/review-store.ts","../src/dry-run.ts"],"sourcesContent":["import {\r\n executeDecision,\r\n issueToken,\r\n getRuntimeManifest,\r\n evaluatePolicy,\r\n loadPolicy,\r\n canonicalizeForSigning,\r\n validateSignalsStrict,\r\n violate\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionAttestation,\r\n Signer,\r\n Verifier,\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport crypto from \"crypto\";\r\n\r\nexport async function executeFromSignals(\r\n input: {\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n },\r\n\r\n signer: Signer,\r\n verifier: Verifier,\r\n replayStore: ReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n input.policyId,\r\n input.policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // Validate signals against schema\r\n // -----------------------------\r\n validateSignalsStrict(\r\n input.signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // Evaluate policy\r\n // -----------------------------\r\n const decision =\r\n evaluatePolicy(\r\n policy,\r\n input.signals\r\n );\r\n\r\n if (\r\n decision.status !== \"decided\"\r\n ) {\r\n\r\n throw new Error(\r\n \"[SYS-006] Policy evaluation returned undecided\"\r\n );\r\n }\r\n\r\n // -----------------------------\r\n // Deterministic execution identity\r\n // -----------------------------\r\n const execution_fingerprint =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n signals:\r\n input.signals\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n // -----------------------------\r\n // Replay protection\r\n // -----------------------------\r\n // hasExecuted is NOT wrapped in try/catch — if the store is unavailable\r\n // we cannot confirm uniqueness, so we must block execution (fail-closed).\r\n const hasRun = await replayStore.hasExecuted(\r\n execution_fingerprint\r\n );\r\n if (hasRun) {\r\n violate(\r\n \"INV-013\",\r\n \"replay\",\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`,\r\n execution_fingerprint\r\n );\r\n }\r\n\r\n await replayStore.markExecuted(\r\n execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Runtime manifest\r\n // -----------------------------\r\n const runtimeManifest =\r\n getRuntimeManifest();\r\n\r\n // -----------------------------\r\n // Deterministic governance token\r\n // -----------------------------\r\n const token =\r\n issueToken({\r\n\r\n executionId:\r\n execution_fingerprint,\r\n\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n runtimeVersion:\r\n runtimeManifest.runtimeVersion,\r\n\r\n decision_payload:\r\n decision.outcome,\r\n\r\n signalsHash:\r\n execution_fingerprint\r\n });\r\n\r\n// -----------------------------\r\n// Explicit cryptographic signing\r\n// -----------------------------\r\nconst token_signature =\r\n signer.sign(\r\n canonicalizeForSigning(\r\n token\r\n )\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision({\r\n\r\n token,\r\n\r\n execution_fingerprint,\r\n\r\n token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n runtimeManifest,\r\n\r\n runtime_requirements: {\r\n\r\n supported_runtimeVersions: [\r\n runtimeManifest.runtimeVersion\r\n ],\r\n\r\n supported_schemaVersions:\r\n runtimeManifest\r\n .supported_schemaVersions\r\n }\r\n });\r\n}","import {\r\n executeDecision\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🟢 ASYNC ADAPTER\r\n * Handles distributed replay protection\r\n * while preserving deterministic execution core.\r\n */\r\nexport async function executeWithRedis(\r\n context: ExecutionContext,\r\n redisStore: AsyncReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Distributed replay protection\r\n // -----------------------------\r\n await redisStore.markExecuted(\r\n context.execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision(\r\n context\r\n );\r\n}","import type {\r\n Signer,\r\n Verifier,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport {\r\n executeFromSignals,\r\n} from \"./execute-from-signals.js\";\r\n\r\n/**\r\n * Executes multiple records sequentially.\r\n *\r\n * Each record is processed independently.\r\n * Errors are captured per-record (fail-isolated).\r\n */\r\nexport async function executeBatch(\r\n records: Array<{\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n governed_time: string;\r\n }>,\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier,\r\n\r\n replayStore: AsyncReplayStore\r\n) {\r\n\r\n const outputs = [];\r\n\r\n for (const record of records) {\r\n\r\n try {\r\n\r\n const output =\r\n await executeFromSignals(\r\n record,\r\n signer,\r\n verifier,\r\n replayStore\r\n );\r\n\r\n outputs.push({\r\n input: record,\r\n output\r\n });\r\n\r\n } catch (err: unknown) {\r\n\r\n outputs.push({\r\n input: record,\r\n\r\n output: {\r\n status: \"error\",\r\n\r\n error:\r\n err instanceof Error\r\n ? err.message\r\n : \"Unknown error\"\r\n }\r\n });\r\n\r\n }\r\n }\r\n\r\n return outputs;\r\n}","import Redis from \"ioredis\";\r\n\r\nimport type {\r\n Redis as RedisClient\r\n} from \"ioredis\";\r\n\r\nimport type {\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 Distributed replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class RedisReplayStore\r\n implements AsyncReplayStore {\r\n\r\n private client: RedisClient;\r\n\r\n constructor(\r\n url: string\r\n ) {\r\n\r\n this.client =\r\n new (Redis as any)(url);\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n const res =\r\n await this.client.exists(\r\n `exec:${execution_fingerprint}`\r\n );\r\n\r\n return res === 1;\r\n }\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n const result =\r\n await this.client.set(\r\n `exec:${execution_fingerprint}`,\r\n \"1\",\r\n \"NX\"\r\n );\r\n\r\n if (result !== \"OK\") {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n }\r\n\r\n async get(\r\n key: string\r\n ): Promise<string | null> {\r\n\r\n return this.client.get(key);\r\n }\r\n\r\n async set(\r\n key: string,\r\n value: string\r\n ): Promise<void> {\r\n\r\n await this.client.set(\r\n key,\r\n value\r\n );\r\n }\r\n\r\n async del(\r\n key: string\r\n ): Promise<void> {\r\n\r\n await this.client.del(key);\r\n }\r\n\r\n async close(): Promise<void> {\r\n\r\n await this.client.quit();\r\n }\r\n}","import type {\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 In-memory replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class MemoryReplayStore\r\n implements ReplayStore {\r\n\r\n private store =\r\n new Set<string>();\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n if (\r\n this.store.has(\r\n execution_fingerprint\r\n )\r\n ) {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n\r\n this.store.add(\r\n execution_fingerprint\r\n );\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n return this.store.has(\r\n execution_fingerprint\r\n );\r\n }\r\n}","import {\r\n executeWithRedis\r\n} from \"./execute-with-redis.js\";\r\n\r\nimport type {\r\n AsyncReplayStore,\r\n Signer,\r\n Verifier\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport async function resolveOverride(\r\n executionId: string,\r\n\r\n replayStore: AsyncReplayStore & {\r\n get: (\r\n key: string\r\n ) => Promise<string | null>;\r\n\r\n del: (\r\n key: string\r\n ) => Promise<void>;\r\n },\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier\r\n) {\r\n\r\n // -----------------------------\r\n // 1. Load pending execution\r\n // -----------------------------\r\n const raw =\r\n await replayStore.get(\r\n `pending:${executionId}`\r\n );\r\n\r\n if (!raw) {\r\n\r\n throw new Error(\r\n `[SYS-021] No pending execution found for ${executionId}`\r\n );\r\n }\r\n\r\n const stored =\r\n JSON.parse(raw);\r\n\r\n // -----------------------------\r\n // 2. Execute approved override\r\n // -----------------------------\r\n const execution =\r\n await executeWithRedis(\r\n {\r\n token:\r\n stored.token,\r\n\r\n execution_fingerprint:\r\n stored.token.executionId,\r\n\r\n token_signature:\r\n stored.token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n stored.runtime_manifest,\r\n\r\n runtime_requirements:\r\n stored.runtime_requirements\r\n },\r\n\r\n replayStore\r\n );\r\n\r\n // -----------------------------\r\n // 3. Remove pending state\r\n // -----------------------------\r\n await replayStore.del(\r\n `pending:${executionId}`\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return deterministic result\r\n // -----------------------------\r\n return {\r\n\r\n status:\r\n \"success\" as const,\r\n\r\n executionId,\r\n\r\n signature:\r\n execution.signature,\r\n\r\n resolved:\r\n true\r\n };\r\n}","import * as fs from \"node:fs\";\r\n\r\nconst FILE = \"./review-queue.json\";\r\n\r\nexport function addReviewTask(task: any) {\r\n let data: any[] = [];\r\n\r\n if (fs.existsSync(FILE)) {\r\n data = JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n }\r\n\r\n data.push(task);\r\n\r\n fs.writeFileSync(FILE, JSON.stringify(data, null, 2));\r\n}\r\n\r\nexport function getAllTasks() {\r\n if (!fs.existsSync(FILE)) return [];\r\n return JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n}\r\n","import {\r\n evaluatePolicy,\r\n loadPolicy,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n DecisionResult\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport interface DryRunResult {\r\n\r\n policyId: string;\r\n\r\n policyVersion: string;\r\n\r\n schemaVersion: string;\r\n\r\n decision: DecisionResult;\r\n\r\n rule_trace: string[];\r\n\r\n governed: false;\r\n\r\n dry_run: true;\r\n\r\n evaluated_at: string;\r\n}\r\n\r\nexport function evaluateDryRun(\r\n policyId: string,\r\n policyVersion: string,\r\n signals: Record<string, unknown>,\r\n governed_time = new Date().toISOString()\r\n): DryRunResult {\r\n\r\n // -----------------------------\r\n // 1. Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n policyId,\r\n policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // 2. Validate signals\r\n // -----------------------------\r\n validateSignalsStrict(\r\n signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // 3. Evaluate policy\r\n // -----------------------------\r\n const decision: DecisionResult =\r\n evaluatePolicy(\r\n policy,\r\n signals\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return dry-run result\r\n // -----------------------------\r\n return {\r\n\r\n policyId,\r\n\r\n policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n decision,\r\n\r\n rule_trace: [],\r\n\r\n governed: false,\r\n\r\n dry_run: true,\r\n\r\n evaluated_at:\r\n governed_time\r\n };\r\n}"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASP,OAAO,YAAY;AAEnB,eAAsB,mBACpB,OAMA,QACA,UACA,aAC+B;AAK/B,QAAM,SACJ;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAKF;AAAA,IACE,MAAM;AAAA,IACN;AAAA,EACF;AAKA,QAAM,WACJ;AAAA,IACE;AAAA,IACA,MAAM;AAAA,EACR;AAEF,MACE,SAAS,WAAW,WACpB;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAKA,QAAM,wBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb,UACE,MAAM;AAAA,MAER,eACE,MAAM;AAAA,MAER,SACE,MAAM;AAAA,IACV,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAOjB,QAAM,SAAS,MAAM,YAAY;AAAA,IAC/B;AAAA,EACF;AACA,MAAI,QAAQ;AACV;AAAA,MACE;AAAA,MACA;AAAA,MACA,2DAA2D,qBAAqB;AAAA,MAChF;AAAA,IACF;AAAA,EACF;AAEA,QAAM,YAAY;AAAA,IAChB;AAAA,EACF;AAKA,QAAM,kBACJ,mBAAmB;AAKrB,QAAM,QACJ,WAAW;AAAA,IAET,aACE;AAAA,IAEF,UACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,eACE,OAAO;AAAA,IAET,gBACE,gBAAgB;AAAA,IAElB,kBACE,SAAS;AAAA,IAEX,aACE;AAAA,EACJ,CAAC;AAKL,QAAM,kBACJ,OAAO;AAAA,IACL;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAKA,SAAO,gBAAgB;AAAA,IAErB;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA,kBACE;AAAA,IAEF,sBAAsB;AAAA,MAEpB,2BAA2B;AAAA,QACzB,gBAAgB;AAAA,MAClB;AAAA,MAEA,0BACE,gBACG;AAAA,IACP;AAAA,EACF,CAAC;AACH;;;ACrLA;AAAA,EACE,mBAAAA;AAAA,OACK;AAaP,eAAsB,iBACpB,SACA,YAC+B;AAK/B,QAAM,WAAW;AAAA,IACf,QAAQ;AAAA,EACV;AAKA,SAAOA;AAAA,IACL;AAAA,EACF;AACF;;;ACjBA,eAAsB,aACpB,SAOA,QAEA,UAEA,aACA;AAEA,QAAM,UAAU,CAAC;AAEjB,aAAW,UAAU,SAAS;AAE5B,QAAI;AAEF,YAAM,SACJ,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEF,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,KAAc;AAErB,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QAEP,QAAQ;AAAA,UACN,QAAQ;AAAA,UAER,OACE,eAAe,QACX,IAAI,UACJ;AAAA,QACR;AAAA,MACF,CAAC;AAAA,IAEH;AAAA,EACF;AAEA,SAAO;AACT;;;ACrEA,OAAO,WAAW;AAiBX,IAAM,mBAAN,MACuB;AAAA,EAI5B,YACE,KACA;AAEA,SAAK,SACH,IAAK,MAAc,GAAG;AAAA,EAC1B;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,UAAM,MACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,IAC/B;AAEF,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,aACJ,uBACe;AAEf,UAAM,SACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,MAC7B;AAAA,MACA;AAAA,IACF;AAEF,QAAI,WAAW,MAAM;AAEnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACwB;AAExB,WAAO,KAAK,OAAO,IAAI,GAAG;AAAA,EAC5B;AAAA,EAEA,MAAM,IACJ,KACA,OACe;AAEf,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACe;AAEf,UAAM,KAAK,OAAO,IAAI,GAAG;AAAA,EAC3B;AAAA,EAEA,MAAM,QAAuB;AAE3B,UAAM,KAAK,OAAO,KAAK;AAAA,EACzB;AACF;;;AC/EO,IAAM,oBAAN,MACkB;AAAA,EADlB;AAGL,SAAQ,QACN,oBAAI,IAAY;AAAA;AAAA,EAElB,MAAM,aACJ,uBACe;AAEf,QACE,KAAK,MAAM;AAAA,MACT;AAAA,IACF,GACA;AAEA,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,SAAK,MAAM;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,WAAO,KAAK,MAAM;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AACF;;;ACnCA,eAAsB,gBACpB,aAEA,aAUA,QAEA,UACA;AAKA,QAAM,MACJ,MAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAEF,MAAI,CAAC,KAAK;AAER,UAAM,IAAI;AAAA,MACR,4CAA4C,WAAW;AAAA,IACzD;AAAA,EACF;AAEA,QAAM,SACJ,KAAK,MAAM,GAAG;AAKhB,QAAM,YACJ,MAAM;AAAA,IACJ;AAAA,MACE,OACE,OAAO;AAAA,MAET,uBACE,OAAO,MAAM;AAAA,MAEf,iBACE,OAAO;AAAA,MAET;AAAA,MAEA;AAAA,MAEA,kBACE,OAAO;AAAA,MAET,sBACE,OAAO;AAAA,IACX;AAAA,IAEA;AAAA,EACF;AAKF,QAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAKA,SAAO;AAAA,IAEL,QACE;AAAA,IAEF;AAAA,IAEA,WACE,UAAU;AAAA,IAEZ,UACE;AAAA,EACJ;AACF;;;AClGA,YAAY,QAAQ;AAEpB,IAAM,OAAO;AAEN,SAAS,cAAc,MAAW;AACvC,MAAI,OAAc,CAAC;AAEnB,MAAO,cAAW,IAAI,GAAG;AACvB,WAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAAA,EAClD;AAEA,OAAK,KAAK,IAAI;AAEd,EAAG,iBAAc,MAAM,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACtD;AAEO,SAAS,cAAc;AAC5B,MAAI,CAAI,cAAW,IAAI,EAAG,QAAO,CAAC;AAClC,SAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAClD;;;ACnBA;AAAA,EACE,kBAAAC;AAAA,EACA,cAAAC;AAAA,EACA,yBAAAC;AAAA,OACK;AAyBA,SAAS,eACd,UACA,eACA,SACA,iBAAgB,oBAAI,KAAK,GAAE,YAAY,GACzB;AAKd,QAAM,SACJD;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,EAAAC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKA,QAAM,WACJF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,SAAO;AAAA,IAEL;AAAA,IAEA;AAAA,IAEA,eACE,OAAO;AAAA,IAET;AAAA,IAEA,YAAY,CAAC;AAAA,IAEb,UAAU;AAAA,IAEV,SAAS;AAAA,IAET,cACE;AAAA,EACJ;AACF;","names":["executeDecision","evaluatePolicy","loadPolicy","validateSignalsStrict"]}
1
+ {"version":3,"sources":["../src/execute-from-signals.ts","../src/execute-with-redis.ts","../src/execute-batch.ts","../src/redis-replay-store.ts","../src/memory-replay-store.ts","../src/resolve-override.ts","../src/review-store.ts","../src/dry-run.ts"],"sourcesContent":["import {\r\n executeDecision,\r\n issueToken,\r\n getRuntimeManifest,\r\n evaluatePolicy,\r\n loadPolicy,\r\n canonicalizeForSigning,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionAttestation,\r\n Signer,\r\n Verifier,\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport crypto from \"crypto\";\r\n\r\nexport async function executeFromSignals(\r\n input: {\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n },\r\n\r\n signer: Signer,\r\n verifier: Verifier,\r\n replayStore: ReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n input.policyId,\r\n input.policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // Validate signals\r\n // -----------------------------\r\n validateSignalsStrict(\r\n input.signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // Evaluate policy\r\n // -----------------------------\r\n const decision =\r\n evaluatePolicy(\r\n policy,\r\n input.signals\r\n );\r\n\r\n if (\r\n decision.status !== \"decided\"\r\n ) {\r\n\r\n throw new Error(\r\n \"[SYS-006] Policy evaluation returned undecided\"\r\n );\r\n }\r\n\r\n // -----------------------------\r\n // Deterministic execution identity\r\n // -----------------------------\r\n const execution_fingerprint =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n signals:\r\n input.signals\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n // -----------------------------\r\n // Replay protection (two-phase commit)\r\n // -----------------------------\r\n if (replayStore.reserve) {\r\n await replayStore.reserve(\r\n execution_fingerprint\r\n );\r\n } else {\r\n const alreadyExecuted =\r\n await replayStore.hasExecuted(\r\n execution_fingerprint\r\n );\r\n\r\n if (alreadyExecuted) {\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n\r\n await replayStore.markExecuted(\r\n execution_fingerprint\r\n );\r\n }\r\n\r\n // -----------------------------\r\n // Runtime manifest\r\n // -----------------------------\r\n const runtimeManifest =\r\n getRuntimeManifest();\r\n\r\n // -----------------------------\r\n // Deterministic governance token\r\n // -----------------------------\r\n const token =\r\n issueToken({\r\n\r\n executionId:\r\n execution_fingerprint,\r\n\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n runtimeVersion:\r\n runtimeManifest.runtimeVersion,\r\n\r\n decision_payload:\r\n decision.outcome,\r\n\r\n signalsHash:\r\n execution_fingerprint\r\n });\r\n\r\n // -----------------------------\r\n // Explicit cryptographic signing\r\n // -----------------------------\r\n const token_signature =\r\n signer.sign(\r\n canonicalizeForSigning(\r\n token\r\n )\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n const attestation =\r\n await executeDecision({\r\n\r\n token,\r\n\r\n execution_fingerprint,\r\n\r\n token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n runtimeManifest,\r\n\r\n runtime_requirements: {\r\n\r\n supported_runtimeVersions: [\r\n runtimeManifest.runtimeVersion\r\n ],\r\n\r\n supported_schemaVersions:\r\n runtimeManifest\r\n .supported_schemaVersions\r\n }\r\n });\r\n\r\n // -----------------------------\r\n // 2PC confirm\r\n // -----------------------------\r\n if (replayStore.confirm) {\r\n try {\r\n await replayStore.confirm(\r\n execution_fingerprint\r\n );\r\n } catch (err) {\r\n console.warn(\r\n \"[PARMANA WARNING] Failed to confirm execution fingerprint after successful execution:\",\r\n err\r\n );\r\n }\r\n }\r\n\r\n return attestation;\r\n}","import {\r\n executeDecision\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🟢 ASYNC ADAPTER\r\n * Handles distributed replay protection\r\n * while preserving deterministic execution core.\r\n */\r\nexport async function executeWithRedis(\r\n context: ExecutionContext,\r\n redisStore: AsyncReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Distributed replay protection\r\n // -----------------------------\r\n await redisStore.markExecuted(\r\n context.execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision(\r\n context\r\n );\r\n}","import type {\r\n Signer,\r\n Verifier,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport {\r\n executeFromSignals,\r\n} from \"./execute-from-signals.js\";\r\n\r\n/**\r\n * Executes multiple records sequentially.\r\n *\r\n * Each record is processed independently.\r\n * Errors are captured per-record (fail-isolated).\r\n */\r\nexport async function executeBatch(\r\n records: Array<{\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n governed_time: string;\r\n }>,\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier,\r\n\r\n replayStore: AsyncReplayStore\r\n) {\r\n\r\n const outputs = [];\r\n\r\n for (const record of records) {\r\n\r\n try {\r\n\r\n const output =\r\n await executeFromSignals(\r\n record,\r\n signer,\r\n verifier,\r\n replayStore\r\n );\r\n\r\n outputs.push({\r\n input: record,\r\n output\r\n });\r\n\r\n } catch (err: unknown) {\r\n\r\n outputs.push({\r\n input: record,\r\n\r\n output: {\r\n status: \"error\",\r\n\r\n error:\r\n err instanceof Error\r\n ? err.message\r\n : \"Unknown error\"\r\n }\r\n });\r\n\r\n }\r\n }\r\n\r\n return outputs;\r\n}","import Redis from \"ioredis\";\r\n\r\nimport type {\r\n Redis as RedisClient\r\n} from \"ioredis\";\r\n\r\nimport type {\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 Distributed replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class RedisReplayStore\r\n implements AsyncReplayStore {\r\n\r\n private client: RedisClient;\r\n\r\n constructor(\r\n url: string\r\n ) {\r\n\r\n this.client =\r\n new (Redis as any)(url);\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n const [confirmed, pending] =\r\n await Promise.all([\r\n this.client.exists(\r\n `exec:${execution_fingerprint}`\r\n ),\r\n this.client.exists(\r\n `exec:pending:${execution_fingerprint}`\r\n )\r\n ]);\r\n\r\n return confirmed === 1 || pending === 1;\r\n }\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n const result =\r\n await this.client.set(\r\n `exec:${execution_fingerprint}`,\r\n \"1\",\r\n \"NX\"\r\n );\r\n\r\n if (result !== \"OK\") {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n }\r\n\r\n async reserve(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n const alreadyConfirmed =\r\n await this.client.exists(\r\n `exec:${execution_fingerprint}`\r\n );\r\n\r\n if (alreadyConfirmed === 1) {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n\r\n const result =\r\n await this.client.set(\r\n `exec:pending:${execution_fingerprint}`,\r\n \"1\",\r\n \"NX\"\r\n );\r\n\r\n if (result !== \"OK\") {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n }\r\n\r\n async confirm(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n await this.client.set(\r\n `exec:${execution_fingerprint}`,\r\n \"1\"\r\n );\r\n\r\n await this.client.del(\r\n `exec:pending:${execution_fingerprint}`\r\n );\r\n }\r\n\r\n async get(\r\n key: string\r\n ): Promise<string | null> {\r\n\r\n return this.client.get(key);\r\n }\r\n\r\n async set(\r\n key: string,\r\n value: string\r\n ): Promise<void> {\r\n\r\n await this.client.set(\r\n key,\r\n value\r\n );\r\n }\r\n\r\n async del(\r\n key: string\r\n ): Promise<void> {\r\n\r\n await this.client.del(key);\r\n }\r\n\r\n async close(): Promise<void> {\r\n\r\n await this.client.quit();\r\n }\r\n}","import type {\n ReplayStore\n} from \"@parmanasystems/execution\";\n\nexport interface MemoryReplayStoreOptions {\n warnInProduction?: boolean;\n maxSize?: number;\n}\n\nconst DEFAULT_MAX_SIZE = 1_000_000;\n\n/**\n * 🔒 In-memory replay protection\n *\n * Replay protection operates on deterministic\n * semantic execution fingerprints rather than\n * operational execution IDs.\n */\nexport class MemoryReplayStore\n implements ReplayStore {\n\n private reserved =\n new Set<string>();\n\n private confirmed =\n new Set<string>();\n\n private maxSize: number;\n\n constructor(\n options: MemoryReplayStoreOptions = {}\n ) {\n\n const {\n warnInProduction = true,\n maxSize = DEFAULT_MAX_SIZE\n } = options;\n\n this.maxSize = maxSize;\n\n if (\n warnInProduction &&\n process.env[\"NODE_ENV\"] === \"production\"\n ) {\n\n console.warn(\n \"[PARMANA WARNING] MemoryReplayStore is not suitable for production. \" +\n \"It loses all replay protection on process restart and does not \" +\n \"work across multiple processes. Use RedisReplayStore in production.\"\n );\n }\n }\n\n async reserve(\n execution_fingerprint: string\n ): Promise<void> {\n\n if (\n this.reserved.has(execution_fingerprint) ||\n this.confirmed.has(execution_fingerprint)\n ) {\n\n throw new Error(\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\n );\n }\n\n this.checkMaxSize();\n\n this.reserved.add(\n execution_fingerprint\n );\n }\n\n async confirm(\n execution_fingerprint: string\n ): Promise<void> {\n\n this.reserved.delete(\n execution_fingerprint\n );\n\n this.confirmed.add(\n execution_fingerprint\n );\n }\n\n async markExecuted(\n execution_fingerprint: string\n ): Promise<void> {\n\n await this.reserve(\n execution_fingerprint\n );\n\n await this.confirm(\n execution_fingerprint\n );\n }\n\n async hasExecuted(\n execution_fingerprint: string\n ): Promise<boolean> {\n\n return (\n this.reserved.has(execution_fingerprint) ||\n this.confirmed.has(execution_fingerprint)\n );\n }\n\n private checkMaxSize(): void {\n\n const total =\n this.reserved.size +\n this.confirmed.size;\n\n if (total >= this.maxSize) {\n\n throw new Error(\n `MemoryReplayStore has reached maximum size of ${this.maxSize} entries. ` +\n `Switch to RedisReplayStore for production use.`\n );\n }\n }\n}\n","import {\r\n executeWithRedis\r\n} from \"./execute-with-redis.js\";\r\n\r\nimport type {\r\n AsyncReplayStore,\r\n Signer,\r\n Verifier\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport async function resolveOverride(\r\n executionId: string,\r\n\r\n replayStore: AsyncReplayStore & {\r\n get: (\r\n key: string\r\n ) => Promise<string | null>;\r\n\r\n del: (\r\n key: string\r\n ) => Promise<void>;\r\n },\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier\r\n) {\r\n\r\n // -----------------------------\r\n // 1. Load pending execution\r\n // -----------------------------\r\n const raw =\r\n await replayStore.get(\r\n `pending:${executionId}`\r\n );\r\n\r\n if (!raw) {\r\n\r\n throw new Error(\r\n `[SYS-021] No pending execution found for ${executionId}`\r\n );\r\n }\r\n\r\n const stored =\r\n JSON.parse(raw);\r\n\r\n // -----------------------------\r\n // 2. Execute approved override\r\n // -----------------------------\r\n const execution =\r\n await executeWithRedis(\r\n {\r\n token:\r\n stored.token,\r\n\r\n execution_fingerprint:\r\n stored.token.executionId,\r\n\r\n token_signature:\r\n stored.token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n stored.runtime_manifest,\r\n\r\n runtime_requirements:\r\n stored.runtime_requirements\r\n },\r\n\r\n replayStore\r\n );\r\n\r\n // -----------------------------\r\n // 3. Remove pending state\r\n // -----------------------------\r\n await replayStore.del(\r\n `pending:${executionId}`\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return deterministic result\r\n // -----------------------------\r\n return {\r\n\r\n status:\r\n \"success\" as const,\r\n\r\n executionId,\r\n\r\n signature:\r\n execution.signature,\r\n\r\n resolved:\r\n true\r\n };\r\n}","import * as fs from \"node:fs\";\r\n\r\nconst FILE = \"./review-queue.json\";\r\n\r\nexport function addReviewTask(task: any) {\r\n let data: any[] = [];\r\n\r\n if (fs.existsSync(FILE)) {\r\n data = JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n }\r\n\r\n data.push(task);\r\n\r\n fs.writeFileSync(FILE, JSON.stringify(data, null, 2));\r\n}\r\n\r\nexport function getAllTasks() {\r\n if (!fs.existsSync(FILE)) return [];\r\n return JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n}\r\n","import {\r\n evaluatePolicy,\r\n loadPolicy,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n DecisionResult\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport interface DryRunResult {\r\n\r\n policyId: string;\r\n\r\n policyVersion: string;\r\n\r\n schemaVersion: string;\r\n\r\n decision: DecisionResult;\r\n\r\n rule_trace: string[];\r\n\r\n governed: false;\r\n\r\n dry_run: true;\r\n\r\n evaluated_at: string;\r\n}\r\n\r\nexport function evaluateDryRun(\r\n policyId: string,\r\n policyVersion: string,\r\n signals: Record<string, unknown>,\r\n governed_time = new Date().toISOString()\r\n): DryRunResult {\r\n\r\n // -----------------------------\r\n // 1. Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n policyId,\r\n policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // 2. Validate signals\r\n // -----------------------------\r\n validateSignalsStrict(\r\n signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // 3. Evaluate policy\r\n // -----------------------------\r\n const decision: DecisionResult =\r\n evaluatePolicy(\r\n policy,\r\n signals\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return dry-run result\r\n // -----------------------------\r\n return {\r\n\r\n policyId,\r\n\r\n policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n decision,\r\n\r\n rule_trace: [],\r\n\r\n governed: false,\r\n\r\n dry_run: true,\r\n\r\n evaluated_at:\r\n governed_time\r\n };\r\n}"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASP,OAAO,YAAY;AAEnB,eAAsB,mBACpB,OAMA,QACA,UACA,aAC+B;AAK/B,QAAM,SACJ;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAKF;AAAA,IACE,MAAM;AAAA,IACN;AAAA,EACF;AAKA,QAAM,WACJ;AAAA,IACE;AAAA,IACA,MAAM;AAAA,EACR;AAEF,MACE,SAAS,WAAW,WACpB;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAKA,QAAM,wBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb,UACE,MAAM;AAAA,MAER,eACE,MAAM;AAAA,MAER,SACE,MAAM;AAAA,IACV,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAKjB,MAAI,YAAY,SAAS;AACvB,UAAM,YAAY;AAAA,MAChB;AAAA,IACF;AAAA,EACF,OAAO;AACL,UAAM,kBACJ,MAAM,YAAY;AAAA,MAChB;AAAA,IACF;AAEF,QAAI,iBAAiB;AACnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,UAAM,YAAY;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAKA,QAAM,kBACJ,mBAAmB;AAKrB,QAAM,QACJ,WAAW;AAAA,IAET,aACE;AAAA,IAEF,UACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,eACE,OAAO;AAAA,IAET,gBACE,gBAAgB;AAAA,IAElB,kBACE,SAAS;AAAA,IAEX,aACE;AAAA,EACJ,CAAC;AAKH,QAAM,kBACJ,OAAO;AAAA,IACL;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAKF,QAAM,cACJ,MAAM,gBAAgB;AAAA,IAEpB;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA,kBACE;AAAA,IAEF,sBAAsB;AAAA,MAEpB,2BAA2B;AAAA,QACzB,gBAAgB;AAAA,MAClB;AAAA,MAEA,0BACE,gBACG;AAAA,IACP;AAAA,EACF,CAAC;AAKH,MAAI,YAAY,SAAS;AACvB,QAAI;AACF,YAAM,YAAY;AAAA,QAChB;AAAA,MACF;AAAA,IACF,SAAS,KAAK;AACZ,cAAQ;AAAA,QACN;AAAA,QACA;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;;;AC1MA;AAAA,EACE,mBAAAA;AAAA,OACK;AAaP,eAAsB,iBACpB,SACA,YAC+B;AAK/B,QAAM,WAAW;AAAA,IACf,QAAQ;AAAA,EACV;AAKA,SAAOA;AAAA,IACL;AAAA,EACF;AACF;;;ACjBA,eAAsB,aACpB,SAOA,QAEA,UAEA,aACA;AAEA,QAAM,UAAU,CAAC;AAEjB,aAAW,UAAU,SAAS;AAE5B,QAAI;AAEF,YAAM,SACJ,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEF,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,KAAc;AAErB,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QAEP,QAAQ;AAAA,UACN,QAAQ;AAAA,UAER,OACE,eAAe,QACX,IAAI,UACJ;AAAA,QACR;AAAA,MACF,CAAC;AAAA,IAEH;AAAA,EACF;AAEA,SAAO;AACT;;;ACrEA,OAAO,WAAW;AAiBX,IAAM,mBAAN,MACuB;AAAA,EAI5B,YACE,KACA;AAEA,SAAK,SACH,IAAK,MAAc,GAAG;AAAA,EAC1B;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,UAAM,CAAC,WAAW,OAAO,IACvB,MAAM,QAAQ,IAAI;AAAA,MAChB,KAAK,OAAO;AAAA,QACV,QAAQ,qBAAqB;AAAA,MAC/B;AAAA,MACA,KAAK,OAAO;AAAA,QACV,gBAAgB,qBAAqB;AAAA,MACvC;AAAA,IACF,CAAC;AAEH,WAAO,cAAc,KAAK,YAAY;AAAA,EACxC;AAAA,EAEA,MAAM,aACJ,uBACe;AAEf,UAAM,SACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,MAC7B;AAAA,MACA;AAAA,IACF;AAEF,QAAI,WAAW,MAAM;AAEnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,QACJ,uBACe;AAEf,UAAM,mBACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,IAC/B;AAEF,QAAI,qBAAqB,GAAG;AAE1B,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,UAAM,SACJ,MAAM,KAAK,OAAO;AAAA,MAChB,gBAAgB,qBAAqB;AAAA,MACrC;AAAA,MACA;AAAA,IACF;AAEF,QAAI,WAAW,MAAM;AAEnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,QACJ,uBACe;AAEf,UAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,MAC7B;AAAA,IACF;AAEA,UAAM,KAAK,OAAO;AAAA,MAChB,gBAAgB,qBAAqB;AAAA,IACvC;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACwB;AAExB,WAAO,KAAK,OAAO,IAAI,GAAG;AAAA,EAC5B;AAAA,EAEA,MAAM,IACJ,KACA,OACe;AAEf,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACe;AAEf,UAAM,KAAK,OAAO,IAAI,GAAG;AAAA,EAC3B;AAAA,EAEA,MAAM,QAAuB;AAE3B,UAAM,KAAK,OAAO,KAAK;AAAA,EACzB;AACF;;;ACnIA,IAAM,mBAAmB;AASlB,IAAM,oBAAN,MACkB;AAAA,EAUvB,YACE,UAAoC,CAAC,GACrC;AAVF,SAAQ,WACN,oBAAI,IAAY;AAElB,SAAQ,YACN,oBAAI,IAAY;AAQhB,UAAM;AAAA,MACJ,mBAAmB;AAAA,MACnB,UAAU;AAAA,IACZ,IAAI;AAEJ,SAAK,UAAU;AAEf,QACE,oBACA,QAAQ,IAAI,UAAU,MAAM,cAC5B;AAEA,cAAQ;AAAA,QACN;AAAA,MAGF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,QACJ,uBACe;AAEf,QACE,KAAK,SAAS,IAAI,qBAAqB,KACvC,KAAK,UAAU,IAAI,qBAAqB,GACxC;AAEA,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,SAAK,aAAa;AAElB,SAAK,SAAS;AAAA,MACZ;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,QACJ,uBACe;AAEf,SAAK,SAAS;AAAA,MACZ;AAAA,IACF;AAEA,SAAK,UAAU;AAAA,MACb;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,aACJ,uBACe;AAEf,UAAM,KAAK;AAAA,MACT;AAAA,IACF;AAEA,UAAM,KAAK;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,WACE,KAAK,SAAS,IAAI,qBAAqB,KACvC,KAAK,UAAU,IAAI,qBAAqB;AAAA,EAE5C;AAAA,EAEQ,eAAqB;AAE3B,UAAM,QACJ,KAAK,SAAS,OACd,KAAK,UAAU;AAEjB,QAAI,SAAS,KAAK,SAAS;AAEzB,YAAM,IAAI;AAAA,QACR,iDAAiD,KAAK,OAAO;AAAA,MAE/D;AAAA,IACF;AAAA,EACF;AACF;;;AClHA,eAAsB,gBACpB,aAEA,aAUA,QAEA,UACA;AAKA,QAAM,MACJ,MAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAEF,MAAI,CAAC,KAAK;AAER,UAAM,IAAI;AAAA,MACR,4CAA4C,WAAW;AAAA,IACzD;AAAA,EACF;AAEA,QAAM,SACJ,KAAK,MAAM,GAAG;AAKhB,QAAM,YACJ,MAAM;AAAA,IACJ;AAAA,MACE,OACE,OAAO;AAAA,MAET,uBACE,OAAO,MAAM;AAAA,MAEf,iBACE,OAAO;AAAA,MAET;AAAA,MAEA;AAAA,MAEA,kBACE,OAAO;AAAA,MAET,sBACE,OAAO;AAAA,IACX;AAAA,IAEA;AAAA,EACF;AAKF,QAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAKA,SAAO;AAAA,IAEL,QACE;AAAA,IAEF;AAAA,IAEA,WACE,UAAU;AAAA,IAEZ,UACE;AAAA,EACJ;AACF;;;AClGA,YAAY,QAAQ;AAEpB,IAAM,OAAO;AAEN,SAAS,cAAc,MAAW;AACvC,MAAI,OAAc,CAAC;AAEnB,MAAO,cAAW,IAAI,GAAG;AACvB,WAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAAA,EAClD;AAEA,OAAK,KAAK,IAAI;AAEd,EAAG,iBAAc,MAAM,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACtD;AAEO,SAAS,cAAc;AAC5B,MAAI,CAAI,cAAW,IAAI,EAAG,QAAO,CAAC;AAClC,SAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAClD;;;ACnBA;AAAA,EACE,kBAAAC;AAAA,EACA,cAAAC;AAAA,EACA,yBAAAC;AAAA,OACK;AAyBA,SAAS,eACd,UACA,eACA,SACA,iBAAgB,oBAAI,KAAK,GAAE,YAAY,GACzB;AAKd,QAAM,SACJD;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,EAAAC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKA,QAAM,WACJF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,SAAO;AAAA,IAEL;AAAA,IAEA;AAAA,IAEA,eACE,OAAO;AAAA,IAET;AAAA,IAEA,YAAY,CAAC;AAAA,IAEb,UAAU;AAAA,IAEV,SAAS;AAAA,IAET,cACE;AAAA,EACJ;AACF;","names":["executeDecision","evaluatePolicy","loadPolicy","validateSignalsStrict"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@parmanasystems/execution-runtime",
3
- "version": "1.71.22",
3
+ "version": "1.71.26",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Runtime orchestration layer for Parmana Systems.",
@@ -20,7 +20,7 @@
20
20
  "build": "tsup"
21
21
  },
22
22
  "dependencies": {
23
- "@parmanasystems/execution": "^1.71.22",
23
+ "@parmanasystems/execution": "^1.71.26",
24
24
  "ioredis": "^5.4.1"
25
25
  },
26
26
  "devDependencies": {