@parmanasystems/execution-runtime 1.71.5 → 1.71.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.js +9 -4
  2. package/dist/index.js.map +1 -1
  3. package/package.json +2 -2
package/dist/index.js CHANGED
@@ -5,7 +5,8 @@ import {
5
5
  getRuntimeManifest,
6
6
  evaluatePolicy,
7
7
  loadPolicy,
8
- canonicalizeForSigning
8
+ canonicalizeForSigning,
9
+ validateSignalsStrict
9
10
  } from "@parmanasystems/execution";
10
11
  import crypto from "crypto";
11
12
  async function executeFromSignals(input, signer, verifier, replayStore) {
@@ -13,6 +14,10 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
13
14
  input.policyId,
14
15
  input.policyVersion
15
16
  );
17
+ validateSignalsStrict(
18
+ input.signals,
19
+ policy
20
+ );
16
21
  const decision = evaluatePolicy(
17
22
  policy,
18
23
  input.signals
@@ -29,7 +34,7 @@ async function executeFromSignals(input, signer, verifier, replayStore) {
29
34
  signals: input.signals
30
35
  })
31
36
  ).digest("hex");
32
- replayStore.markExecuted(
37
+ await replayStore.markExecuted(
33
38
  execution_fingerprint
34
39
  );
35
40
  const runtimeManifest = getRuntimeManifest();
@@ -223,14 +228,14 @@ function getAllTasks() {
223
228
  import {
224
229
  evaluatePolicy as evaluatePolicy2,
225
230
  loadPolicy as loadPolicy2,
226
- validateSignalsStrict
231
+ validateSignalsStrict as validateSignalsStrict2
227
232
  } from "@parmanasystems/execution";
228
233
  function evaluateDryRun(policyId, policyVersion, signals, governed_time = (/* @__PURE__ */ new Date()).toISOString()) {
229
234
  const policy = loadPolicy2(
230
235
  policyId,
231
236
  policyVersion
232
237
  );
233
- validateSignalsStrict(
238
+ validateSignalsStrict2(
234
239
  signals,
235
240
  policy
236
241
  );
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/execute-from-signals.ts","../src/execute-with-redis.ts","../src/execute-batch.ts","../src/redis-replay-store.ts","../src/memory-replay-store.ts","../src/resolve-override.ts","../src/review-store.ts","../src/dry-run.ts"],"sourcesContent":["import {\r\n executeDecision,\r\n issueToken,\r\n getRuntimeManifest,\r\n evaluatePolicy,\r\n loadPolicy,\r\n canonicalizeForSigning\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionAttestation,\r\n Signer,\r\n Verifier,\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport crypto from \"crypto\";\r\n\r\nexport async function executeFromSignals(\r\n input: {\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n },\r\n\r\n signer: Signer,\r\n verifier: Verifier,\r\n replayStore: ReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n input.policyId,\r\n input.policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // Evaluate policy\r\n // -----------------------------\r\n const decision =\r\n evaluatePolicy(\r\n policy,\r\n input.signals\r\n );\r\n\r\n if (\r\n decision.status !== \"decided\"\r\n ) {\r\n\r\n throw new Error(\r\n \"[SYS-006] Policy evaluation returned undecided\"\r\n );\r\n }\r\n\r\n // -----------------------------\r\n // Deterministic execution identity\r\n // -----------------------------\r\n const execution_fingerprint =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n signals:\r\n input.signals\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n // -----------------------------\r\n // Replay protection\r\n // -----------------------------\r\n replayStore.markExecuted(\r\n execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Runtime manifest\r\n // -----------------------------\r\n const runtimeManifest =\r\n getRuntimeManifest();\r\n\r\n // -----------------------------\r\n // Deterministic governance token\r\n // -----------------------------\r\n const token =\r\n issueToken({\r\n\r\n executionId:\r\n execution_fingerprint,\r\n\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n runtimeVersion:\r\n runtimeManifest.runtimeVersion,\r\n\r\n decision_payload:\r\n decision.outcome,\r\n\r\n signalsHash:\r\n execution_fingerprint\r\n });\r\n\r\n// -----------------------------\r\n// Explicit cryptographic signing\r\n// -----------------------------\r\nconst token_signature =\r\n signer.sign(\r\n canonicalizeForSigning(\r\n token\r\n )\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision({\r\n\r\n token,\r\n\r\n execution_fingerprint,\r\n\r\n token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n runtimeManifest,\r\n\r\n runtime_requirements: {\r\n\r\n supported_runtimeVersions: [\r\n runtimeManifest.runtimeVersion\r\n ],\r\n\r\n supported_schemaVersions:\r\n runtimeManifest\r\n .supported_schemaVersions\r\n }\r\n });\r\n}","import {\r\n executeDecision\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🟢 ASYNC ADAPTER\r\n * Handles distributed replay protection\r\n * while preserving deterministic execution core.\r\n */\r\nexport async function executeWithRedis(\r\n context: ExecutionContext,\r\n redisStore: AsyncReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Distributed replay protection\r\n // -----------------------------\r\n await redisStore.markExecuted(\r\n context.execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision(\r\n context\r\n );\r\n}","import type {\r\n Signer,\r\n Verifier,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport {\r\n executeFromSignals,\r\n} from \"./execute-from-signals.js\";\r\n\r\n/**\r\n * Executes multiple records sequentially.\r\n *\r\n * Each record is processed independently.\r\n * Errors are captured per-record (fail-isolated).\r\n */\r\nexport async function executeBatch(\r\n records: Array<{\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n governed_time: string;\r\n }>,\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier,\r\n\r\n replayStore: AsyncReplayStore\r\n) {\r\n\r\n const outputs = [];\r\n\r\n for (const record of records) {\r\n\r\n try {\r\n\r\n const output =\r\n await executeFromSignals(\r\n record,\r\n signer,\r\n verifier,\r\n replayStore\r\n );\r\n\r\n outputs.push({\r\n input: record,\r\n output\r\n });\r\n\r\n } catch (err: unknown) {\r\n\r\n outputs.push({\r\n input: record,\r\n\r\n output: {\r\n status: \"error\",\r\n\r\n error:\r\n err instanceof Error\r\n ? err.message\r\n : \"Unknown error\"\r\n }\r\n });\r\n\r\n }\r\n }\r\n\r\n return outputs;\r\n}","import Redis from \"ioredis\";\r\n\r\nimport type {\r\n Redis as RedisClient\r\n} from \"ioredis\";\r\n\r\nimport type {\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 Distributed replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class RedisReplayStore\r\n implements AsyncReplayStore {\r\n\r\n private client: RedisClient;\r\n\r\n constructor(\r\n url: string\r\n ) {\r\n\r\n this.client =\r\n new (Redis as any)(url);\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n const res =\r\n await this.client.exists(\r\n `exec:${execution_fingerprint}`\r\n );\r\n\r\n return res === 1;\r\n }\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n const result =\r\n await this.client.set(\r\n `exec:${execution_fingerprint}`,\r\n \"1\",\r\n \"NX\"\r\n );\r\n\r\n if (result !== \"OK\") {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n }\r\n\r\n async get(\r\n key: string\r\n ): Promise<string | null> {\r\n\r\n return this.client.get(key);\r\n }\r\n\r\n async set(\r\n key: string,\r\n value: string\r\n ): Promise<void> {\r\n\r\n await this.client.set(\r\n key,\r\n value\r\n );\r\n }\r\n\r\n async del(\r\n key: string\r\n ): Promise<void> {\r\n\r\n await this.client.del(key);\r\n }\r\n\r\n async close(): Promise<void> {\r\n\r\n await this.client.quit();\r\n }\r\n}","import type {\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 In-memory replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class MemoryReplayStore\r\n implements ReplayStore {\r\n\r\n private store =\r\n new Set<string>();\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n if (\r\n this.store.has(\r\n execution_fingerprint\r\n )\r\n ) {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n\r\n this.store.add(\r\n execution_fingerprint\r\n );\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n return this.store.has(\r\n execution_fingerprint\r\n );\r\n }\r\n}","import {\r\n executeWithRedis\r\n} from \"./execute-with-redis.js\";\r\n\r\nimport type {\r\n AsyncReplayStore,\r\n Signer,\r\n Verifier\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport async function resolveOverride(\r\n executionId: string,\r\n\r\n replayStore: AsyncReplayStore & {\r\n get: (\r\n key: string\r\n ) => Promise<string | null>;\r\n\r\n del: (\r\n key: string\r\n ) => Promise<void>;\r\n },\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier\r\n) {\r\n\r\n // -----------------------------\r\n // 1. Load pending execution\r\n // -----------------------------\r\n const raw =\r\n await replayStore.get(\r\n `pending:${executionId}`\r\n );\r\n\r\n if (!raw) {\r\n\r\n throw new Error(\r\n `[SYS-021] No pending execution found for ${executionId}`\r\n );\r\n }\r\n\r\n const stored =\r\n JSON.parse(raw);\r\n\r\n // -----------------------------\r\n // 2. Execute approved override\r\n // -----------------------------\r\n const execution =\r\n await executeWithRedis(\r\n {\r\n token:\r\n stored.token,\r\n\r\n execution_fingerprint:\r\n stored.token.executionId,\r\n\r\n token_signature:\r\n stored.token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n stored.runtime_manifest,\r\n\r\n runtime_requirements:\r\n stored.runtime_requirements\r\n },\r\n\r\n replayStore\r\n );\r\n\r\n // -----------------------------\r\n // 3. Remove pending state\r\n // -----------------------------\r\n await replayStore.del(\r\n `pending:${executionId}`\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return deterministic result\r\n // -----------------------------\r\n return {\r\n\r\n status:\r\n \"success\" as const,\r\n\r\n executionId,\r\n\r\n signature:\r\n execution.signature,\r\n\r\n resolved:\r\n true\r\n };\r\n}","import * as fs from \"node:fs\";\r\n\r\nconst FILE = \"./review-queue.json\";\r\n\r\nexport function addReviewTask(task: any) {\r\n let data: any[] = [];\r\n\r\n if (fs.existsSync(FILE)) {\r\n data = JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n }\r\n\r\n data.push(task);\r\n\r\n fs.writeFileSync(FILE, JSON.stringify(data, null, 2));\r\n}\r\n\r\nexport function getAllTasks() {\r\n if (!fs.existsSync(FILE)) return [];\r\n return JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n}\r\n","import {\r\n evaluatePolicy,\r\n loadPolicy,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n DecisionResult\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport interface DryRunResult {\r\n\r\n policyId: string;\r\n\r\n policyVersion: string;\r\n\r\n schemaVersion: string;\r\n\r\n decision: DecisionResult;\r\n\r\n rule_trace: string[];\r\n\r\n governed: false;\r\n\r\n dry_run: true;\r\n\r\n evaluated_at: string;\r\n}\r\n\r\nexport function evaluateDryRun(\r\n policyId: string,\r\n policyVersion: string,\r\n signals: Record<string, unknown>,\r\n governed_time = new Date().toISOString()\r\n): DryRunResult {\r\n\r\n // -----------------------------\r\n // 1. Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n policyId,\r\n policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // 2. Validate signals\r\n // -----------------------------\r\n validateSignalsStrict(\r\n signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // 3. Evaluate policy\r\n // -----------------------------\r\n const decision: DecisionResult =\r\n evaluatePolicy(\r\n policy,\r\n signals\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return dry-run result\r\n // -----------------------------\r\n return {\r\n\r\n policyId,\r\n\r\n policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n decision,\r\n\r\n rule_trace: [],\r\n\r\n governed: false,\r\n\r\n dry_run: true,\r\n\r\n evaluated_at:\r\n governed_time\r\n };\r\n}"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASP,OAAO,YAAY;AAEnB,eAAsB,mBACpB,OAMA,QACA,UACA,aAC+B;AAK/B,QAAM,SACJ;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAKF,QAAM,WACJ;AAAA,IACE;AAAA,IACA,MAAM;AAAA,EACR;AAEF,MACE,SAAS,WAAW,WACpB;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAKA,QAAM,wBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb,UACE,MAAM;AAAA,MAER,eACE,MAAM;AAAA,MAER,SACE,MAAM;AAAA,IACV,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAKjB,cAAY;AAAA,IACV;AAAA,EACF;AAKA,QAAM,kBACJ,mBAAmB;AAKrB,QAAM,QACJ,WAAW;AAAA,IAET,aACE;AAAA,IAEF,UACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,eACE,OAAO;AAAA,IAET,gBACE,gBAAgB;AAAA,IAElB,kBACE,SAAS;AAAA,IAEX,aACE;AAAA,EACJ,CAAC;AAKL,QAAM,kBACJ,OAAO;AAAA,IACL;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAKA,SAAO,gBAAgB;AAAA,IAErB;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA,kBACE;AAAA,IAEF,sBAAsB;AAAA,MAEpB,2BAA2B;AAAA,QACzB,gBAAgB;AAAA,MAClB;AAAA,MAEA,0BACE,gBACG;AAAA,IACP;AAAA,EACF,CAAC;AACH;;;AC7JA;AAAA,EACE,mBAAAA;AAAA,OACK;AAaP,eAAsB,iBACpB,SACA,YAC+B;AAK/B,QAAM,WAAW;AAAA,IACf,QAAQ;AAAA,EACV;AAKA,SAAOA;AAAA,IACL;AAAA,EACF;AACF;;;ACjBA,eAAsB,aACpB,SAOA,QAEA,UAEA,aACA;AAEA,QAAM,UAAU,CAAC;AAEjB,aAAW,UAAU,SAAS;AAE5B,QAAI;AAEF,YAAM,SACJ,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEF,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,KAAc;AAErB,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QAEP,QAAQ;AAAA,UACN,QAAQ;AAAA,UAER,OACE,eAAe,QACX,IAAI,UACJ;AAAA,QACR;AAAA,MACF,CAAC;AAAA,IAEH;AAAA,EACF;AAEA,SAAO;AACT;;;ACrEA,OAAO,WAAW;AAiBX,IAAM,mBAAN,MACuB;AAAA,EAI5B,YACE,KACA;AAEA,SAAK,SACH,IAAK,MAAc,GAAG;AAAA,EAC1B;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,UAAM,MACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,IAC/B;AAEF,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,aACJ,uBACe;AAEf,UAAM,SACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,MAC7B;AAAA,MACA;AAAA,IACF;AAEF,QAAI,WAAW,MAAM;AAEnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACwB;AAExB,WAAO,KAAK,OAAO,IAAI,GAAG;AAAA,EAC5B;AAAA,EAEA,MAAM,IACJ,KACA,OACe;AAEf,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACe;AAEf,UAAM,KAAK,OAAO,IAAI,GAAG;AAAA,EAC3B;AAAA,EAEA,MAAM,QAAuB;AAE3B,UAAM,KAAK,OAAO,KAAK;AAAA,EACzB;AACF;;;AC/EO,IAAM,oBAAN,MACkB;AAAA,EADlB;AAGL,SAAQ,QACN,oBAAI,IAAY;AAAA;AAAA,EAElB,MAAM,aACJ,uBACe;AAEf,QACE,KAAK,MAAM;AAAA,MACT;AAAA,IACF,GACA;AAEA,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,SAAK,MAAM;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,WAAO,KAAK,MAAM;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AACF;;;ACnCA,eAAsB,gBACpB,aAEA,aAUA,QAEA,UACA;AAKA,QAAM,MACJ,MAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAEF,MAAI,CAAC,KAAK;AAER,UAAM,IAAI;AAAA,MACR,4CAA4C,WAAW;AAAA,IACzD;AAAA,EACF;AAEA,QAAM,SACJ,KAAK,MAAM,GAAG;AAKhB,QAAM,YACJ,MAAM;AAAA,IACJ;AAAA,MACE,OACE,OAAO;AAAA,MAET,uBACE,OAAO,MAAM;AAAA,MAEf,iBACE,OAAO;AAAA,MAET;AAAA,MAEA;AAAA,MAEA,kBACE,OAAO;AAAA,MAET,sBACE,OAAO;AAAA,IACX;AAAA,IAEA;AAAA,EACF;AAKF,QAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAKA,SAAO;AAAA,IAEL,QACE;AAAA,IAEF;AAAA,IAEA,WACE,UAAU;AAAA,IAEZ,UACE;AAAA,EACJ;AACF;;;AClGA,YAAY,QAAQ;AAEpB,IAAM,OAAO;AAEN,SAAS,cAAc,MAAW;AACvC,MAAI,OAAc,CAAC;AAEnB,MAAO,cAAW,IAAI,GAAG;AACvB,WAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAAA,EAClD;AAEA,OAAK,KAAK,IAAI;AAEd,EAAG,iBAAc,MAAM,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACtD;AAEO,SAAS,cAAc;AAC5B,MAAI,CAAI,cAAW,IAAI,EAAG,QAAO,CAAC;AAClC,SAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAClD;;;ACnBA;AAAA,EACE,kBAAAC;AAAA,EACA,cAAAC;AAAA,EACA;AAAA,OACK;AAyBA,SAAS,eACd,UACA,eACA,SACA,iBAAgB,oBAAI,KAAK,GAAE,YAAY,GACzB;AAKd,QAAM,SACJA;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKA,QAAM,WACJD;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,SAAO;AAAA,IAEL;AAAA,IAEA;AAAA,IAEA,eACE,OAAO;AAAA,IAET;AAAA,IAEA,YAAY,CAAC;AAAA,IAEb,UAAU;AAAA,IAEV,SAAS;AAAA,IAET,cACE;AAAA,EACJ;AACF;","names":["executeDecision","evaluatePolicy","loadPolicy"]}
1
+ {"version":3,"sources":["../src/execute-from-signals.ts","../src/execute-with-redis.ts","../src/execute-batch.ts","../src/redis-replay-store.ts","../src/memory-replay-store.ts","../src/resolve-override.ts","../src/review-store.ts","../src/dry-run.ts"],"sourcesContent":["import {\r\n executeDecision,\r\n issueToken,\r\n getRuntimeManifest,\r\n evaluatePolicy,\r\n loadPolicy,\r\n canonicalizeForSigning,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionAttestation,\r\n Signer,\r\n Verifier,\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport crypto from \"crypto\";\r\n\r\nexport async function executeFromSignals(\r\n input: {\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n },\r\n\r\n signer: Signer,\r\n verifier: Verifier,\r\n replayStore: ReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n input.policyId,\r\n input.policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // Validate signals against schema\r\n // -----------------------------\r\n validateSignalsStrict(\r\n input.signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // Evaluate policy\r\n // -----------------------------\r\n const decision =\r\n evaluatePolicy(\r\n policy,\r\n input.signals\r\n );\r\n\r\n if (\r\n decision.status !== \"decided\"\r\n ) {\r\n\r\n throw new Error(\r\n \"[SYS-006] Policy evaluation returned undecided\"\r\n );\r\n }\r\n\r\n // -----------------------------\r\n // Deterministic execution identity\r\n // -----------------------------\r\n const execution_fingerprint =\r\n crypto\r\n .createHash(\"sha256\")\r\n .update(\r\n JSON.stringify({\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n signals:\r\n input.signals\r\n })\r\n )\r\n .digest(\"hex\");\r\n\r\n // -----------------------------\r\n // Replay protection\r\n // -----------------------------\r\n await replayStore.markExecuted(\r\n execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Runtime manifest\r\n // -----------------------------\r\n const runtimeManifest =\r\n getRuntimeManifest();\r\n\r\n // -----------------------------\r\n // Deterministic governance token\r\n // -----------------------------\r\n const token =\r\n issueToken({\r\n\r\n executionId:\r\n execution_fingerprint,\r\n\r\n policyId:\r\n input.policyId,\r\n\r\n policyVersion:\r\n input.policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n runtimeVersion:\r\n runtimeManifest.runtimeVersion,\r\n\r\n decision_payload:\r\n decision.outcome,\r\n\r\n signalsHash:\r\n execution_fingerprint\r\n });\r\n\r\n// -----------------------------\r\n// Explicit cryptographic signing\r\n// -----------------------------\r\nconst token_signature =\r\n signer.sign(\r\n canonicalizeForSigning(\r\n token\r\n )\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision({\r\n\r\n token,\r\n\r\n execution_fingerprint,\r\n\r\n token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n runtimeManifest,\r\n\r\n runtime_requirements: {\r\n\r\n supported_runtimeVersions: [\r\n runtimeManifest.runtimeVersion\r\n ],\r\n\r\n supported_schemaVersions:\r\n runtimeManifest\r\n .supported_schemaVersions\r\n }\r\n });\r\n}","import {\r\n executeDecision\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n ExecutionContext,\r\n ExecutionAttestation,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🟢 ASYNC ADAPTER\r\n * Handles distributed replay protection\r\n * while preserving deterministic execution core.\r\n */\r\nexport async function executeWithRedis(\r\n context: ExecutionContext,\r\n redisStore: AsyncReplayStore\r\n): Promise<ExecutionAttestation> {\r\n\r\n // -----------------------------\r\n // Distributed replay protection\r\n // -----------------------------\r\n await redisStore.markExecuted(\r\n context.execution_fingerprint\r\n );\r\n\r\n // -----------------------------\r\n // Deterministic execution\r\n // -----------------------------\r\n return executeDecision(\r\n context\r\n );\r\n}","import type {\r\n Signer,\r\n Verifier,\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport {\r\n executeFromSignals,\r\n} from \"./execute-from-signals.js\";\r\n\r\n/**\r\n * Executes multiple records sequentially.\r\n *\r\n * Each record is processed independently.\r\n * Errors are captured per-record (fail-isolated).\r\n */\r\nexport async function executeBatch(\r\n records: Array<{\r\n policyId: string;\r\n policyVersion: string;\r\n signals: Record<string, unknown>;\r\n governed_time: string;\r\n }>,\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier,\r\n\r\n replayStore: AsyncReplayStore\r\n) {\r\n\r\n const outputs = [];\r\n\r\n for (const record of records) {\r\n\r\n try {\r\n\r\n const output =\r\n await executeFromSignals(\r\n record,\r\n signer,\r\n verifier,\r\n replayStore\r\n );\r\n\r\n outputs.push({\r\n input: record,\r\n output\r\n });\r\n\r\n } catch (err: unknown) {\r\n\r\n outputs.push({\r\n input: record,\r\n\r\n output: {\r\n status: \"error\",\r\n\r\n error:\r\n err instanceof Error\r\n ? err.message\r\n : \"Unknown error\"\r\n }\r\n });\r\n\r\n }\r\n }\r\n\r\n return outputs;\r\n}","import Redis from \"ioredis\";\r\n\r\nimport type {\r\n Redis as RedisClient\r\n} from \"ioredis\";\r\n\r\nimport type {\r\n AsyncReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 Distributed replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class RedisReplayStore\r\n implements AsyncReplayStore {\r\n\r\n private client: RedisClient;\r\n\r\n constructor(\r\n url: string\r\n ) {\r\n\r\n this.client =\r\n new (Redis as any)(url);\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n const res =\r\n await this.client.exists(\r\n `exec:${execution_fingerprint}`\r\n );\r\n\r\n return res === 1;\r\n }\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n const result =\r\n await this.client.set(\r\n `exec:${execution_fingerprint}`,\r\n \"1\",\r\n \"NX\"\r\n );\r\n\r\n if (result !== \"OK\") {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n }\r\n\r\n async get(\r\n key: string\r\n ): Promise<string | null> {\r\n\r\n return this.client.get(key);\r\n }\r\n\r\n async set(\r\n key: string,\r\n value: string\r\n ): Promise<void> {\r\n\r\n await this.client.set(\r\n key,\r\n value\r\n );\r\n }\r\n\r\n async del(\r\n key: string\r\n ): Promise<void> {\r\n\r\n await this.client.del(key);\r\n }\r\n\r\n async close(): Promise<void> {\r\n\r\n await this.client.quit();\r\n }\r\n}","import type {\r\n ReplayStore\r\n} from \"@parmanasystems/execution\";\r\n\r\n/**\r\n * 🔒 In-memory replay protection\r\n *\r\n * Replay protection operates on deterministic\r\n * semantic execution fingerprints rather than\r\n * operational execution IDs.\r\n */\r\nexport class MemoryReplayStore\r\n implements ReplayStore {\r\n\r\n private store =\r\n new Set<string>();\r\n\r\n async markExecuted(\r\n execution_fingerprint: string\r\n ): Promise<void> {\r\n\r\n if (\r\n this.store.has(\r\n execution_fingerprint\r\n )\r\n ) {\r\n\r\n throw new Error(\r\n `[INV-013@replay] Replay detected: execution_fingerprint ${execution_fingerprint} has already been consumed`\r\n );\r\n }\r\n\r\n this.store.add(\r\n execution_fingerprint\r\n );\r\n }\r\n\r\n async hasExecuted(\r\n execution_fingerprint: string\r\n ): Promise<boolean> {\r\n\r\n return this.store.has(\r\n execution_fingerprint\r\n );\r\n }\r\n}","import {\r\n executeWithRedis\r\n} from \"./execute-with-redis.js\";\r\n\r\nimport type {\r\n AsyncReplayStore,\r\n Signer,\r\n Verifier\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport async function resolveOverride(\r\n executionId: string,\r\n\r\n replayStore: AsyncReplayStore & {\r\n get: (\r\n key: string\r\n ) => Promise<string | null>;\r\n\r\n del: (\r\n key: string\r\n ) => Promise<void>;\r\n },\r\n\r\n signer: Signer,\r\n\r\n verifier: Verifier\r\n) {\r\n\r\n // -----------------------------\r\n // 1. Load pending execution\r\n // -----------------------------\r\n const raw =\r\n await replayStore.get(\r\n `pending:${executionId}`\r\n );\r\n\r\n if (!raw) {\r\n\r\n throw new Error(\r\n `[SYS-021] No pending execution found for ${executionId}`\r\n );\r\n }\r\n\r\n const stored =\r\n JSON.parse(raw);\r\n\r\n // -----------------------------\r\n // 2. Execute approved override\r\n // -----------------------------\r\n const execution =\r\n await executeWithRedis(\r\n {\r\n token:\r\n stored.token,\r\n\r\n execution_fingerprint:\r\n stored.token.executionId,\r\n\r\n token_signature:\r\n stored.token_signature,\r\n\r\n signer,\r\n\r\n verifier,\r\n\r\n runtime_manifest:\r\n stored.runtime_manifest,\r\n\r\n runtime_requirements:\r\n stored.runtime_requirements\r\n },\r\n\r\n replayStore\r\n );\r\n\r\n // -----------------------------\r\n // 3. Remove pending state\r\n // -----------------------------\r\n await replayStore.del(\r\n `pending:${executionId}`\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return deterministic result\r\n // -----------------------------\r\n return {\r\n\r\n status:\r\n \"success\" as const,\r\n\r\n executionId,\r\n\r\n signature:\r\n execution.signature,\r\n\r\n resolved:\r\n true\r\n };\r\n}","import * as fs from \"node:fs\";\r\n\r\nconst FILE = \"./review-queue.json\";\r\n\r\nexport function addReviewTask(task: any) {\r\n let data: any[] = [];\r\n\r\n if (fs.existsSync(FILE)) {\r\n data = JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n }\r\n\r\n data.push(task);\r\n\r\n fs.writeFileSync(FILE, JSON.stringify(data, null, 2));\r\n}\r\n\r\nexport function getAllTasks() {\r\n if (!fs.existsSync(FILE)) return [];\r\n return JSON.parse(fs.readFileSync(FILE, \"utf-8\"));\r\n}\r\n","import {\r\n evaluatePolicy,\r\n loadPolicy,\r\n validateSignalsStrict\r\n} from \"@parmanasystems/execution\";\r\n\r\nimport type {\r\n DecisionResult\r\n} from \"@parmanasystems/execution\";\r\n\r\nexport interface DryRunResult {\r\n\r\n policyId: string;\r\n\r\n policyVersion: string;\r\n\r\n schemaVersion: string;\r\n\r\n decision: DecisionResult;\r\n\r\n rule_trace: string[];\r\n\r\n governed: false;\r\n\r\n dry_run: true;\r\n\r\n evaluated_at: string;\r\n}\r\n\r\nexport function evaluateDryRun(\r\n policyId: string,\r\n policyVersion: string,\r\n signals: Record<string, unknown>,\r\n governed_time = new Date().toISOString()\r\n): DryRunResult {\r\n\r\n // -----------------------------\r\n // 1. Load policy\r\n // -----------------------------\r\n const policy =\r\n loadPolicy(\r\n policyId,\r\n policyVersion\r\n );\r\n\r\n // -----------------------------\r\n // 2. Validate signals\r\n // -----------------------------\r\n validateSignalsStrict(\r\n signals,\r\n policy\r\n );\r\n\r\n // -----------------------------\r\n // 3. Evaluate policy\r\n // -----------------------------\r\n const decision: DecisionResult =\r\n evaluatePolicy(\r\n policy,\r\n signals\r\n );\r\n\r\n // -----------------------------\r\n // 4. Return dry-run result\r\n // -----------------------------\r\n return {\r\n\r\n policyId,\r\n\r\n policyVersion,\r\n\r\n schemaVersion:\r\n policy.schemaVersion,\r\n\r\n decision,\r\n\r\n rule_trace: [],\r\n\r\n governed: false,\r\n\r\n dry_run: true,\r\n\r\n evaluated_at:\r\n governed_time\r\n };\r\n}"],"mappings":";AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AASP,OAAO,YAAY;AAEnB,eAAsB,mBACpB,OAMA,QACA,UACA,aAC+B;AAK/B,QAAM,SACJ;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,EACR;AAKF;AAAA,IACE,MAAM;AAAA,IACN;AAAA,EACF;AAKA,QAAM,WACJ;AAAA,IACE;AAAA,IACA,MAAM;AAAA,EACR;AAEF,MACE,SAAS,WAAW,WACpB;AAEA,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAKA,QAAM,wBACJ,OACG,WAAW,QAAQ,EACnB;AAAA,IACC,KAAK,UAAU;AAAA,MACb,UACE,MAAM;AAAA,MAER,eACE,MAAM;AAAA,MAER,SACE,MAAM;AAAA,IACV,CAAC;AAAA,EACH,EACC,OAAO,KAAK;AAKjB,QAAM,YAAY;AAAA,IAChB;AAAA,EACF;AAKA,QAAM,kBACJ,mBAAmB;AAKrB,QAAM,QACJ,WAAW;AAAA,IAET,aACE;AAAA,IAEF,UACE,MAAM;AAAA,IAER,eACE,MAAM;AAAA,IAER,eACE,OAAO;AAAA,IAET,gBACE,gBAAgB;AAAA,IAElB,kBACE,SAAS;AAAA,IAEX,aACE;AAAA,EACJ,CAAC;AAKL,QAAM,kBACJ,OAAO;AAAA,IACL;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAKA,SAAO,gBAAgB;AAAA,IAErB;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA;AAAA,IAEA,kBACE;AAAA,IAEF,sBAAsB;AAAA,MAEpB,2BAA2B;AAAA,QACzB,gBAAgB;AAAA,MAClB;AAAA,MAEA,0BACE,gBACG;AAAA,IACP;AAAA,EACF,CAAC;AACH;;;ACtKA;AAAA,EACE,mBAAAA;AAAA,OACK;AAaP,eAAsB,iBACpB,SACA,YAC+B;AAK/B,QAAM,WAAW;AAAA,IACf,QAAQ;AAAA,EACV;AAKA,SAAOA;AAAA,IACL;AAAA,EACF;AACF;;;ACjBA,eAAsB,aACpB,SAOA,QAEA,UAEA,aACA;AAEA,QAAM,UAAU,CAAC;AAEjB,aAAW,UAAU,SAAS;AAE5B,QAAI;AAEF,YAAM,SACJ,MAAM;AAAA,QACJ;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAEF,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QACP;AAAA,MACF,CAAC;AAAA,IAEH,SAAS,KAAc;AAErB,cAAQ,KAAK;AAAA,QACX,OAAO;AAAA,QAEP,QAAQ;AAAA,UACN,QAAQ;AAAA,UAER,OACE,eAAe,QACX,IAAI,UACJ;AAAA,QACR;AAAA,MACF,CAAC;AAAA,IAEH;AAAA,EACF;AAEA,SAAO;AACT;;;ACrEA,OAAO,WAAW;AAiBX,IAAM,mBAAN,MACuB;AAAA,EAI5B,YACE,KACA;AAEA,SAAK,SACH,IAAK,MAAc,GAAG;AAAA,EAC1B;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,UAAM,MACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,IAC/B;AAEF,WAAO,QAAQ;AAAA,EACjB;AAAA,EAEA,MAAM,aACJ,uBACe;AAEf,UAAM,SACJ,MAAM,KAAK,OAAO;AAAA,MAChB,QAAQ,qBAAqB;AAAA,MAC7B;AAAA,MACA;AAAA,IACF;AAEF,QAAI,WAAW,MAAM;AAEnB,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACwB;AAExB,WAAO,KAAK,OAAO,IAAI,GAAG;AAAA,EAC5B;AAAA,EAEA,MAAM,IACJ,KACA,OACe;AAEf,UAAM,KAAK,OAAO;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IACJ,KACe;AAEf,UAAM,KAAK,OAAO,IAAI,GAAG;AAAA,EAC3B;AAAA,EAEA,MAAM,QAAuB;AAE3B,UAAM,KAAK,OAAO,KAAK;AAAA,EACzB;AACF;;;AC/EO,IAAM,oBAAN,MACkB;AAAA,EADlB;AAGL,SAAQ,QACN,oBAAI,IAAY;AAAA;AAAA,EAElB,MAAM,aACJ,uBACe;AAEf,QACE,KAAK,MAAM;AAAA,MACT;AAAA,IACF,GACA;AAEA,YAAM,IAAI;AAAA,QACR,2DAA2D,qBAAqB;AAAA,MAClF;AAAA,IACF;AAEA,SAAK,MAAM;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,YACJ,uBACkB;AAElB,WAAO,KAAK,MAAM;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AACF;;;ACnCA,eAAsB,gBACpB,aAEA,aAUA,QAEA,UACA;AAKA,QAAM,MACJ,MAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAEF,MAAI,CAAC,KAAK;AAER,UAAM,IAAI;AAAA,MACR,4CAA4C,WAAW;AAAA,IACzD;AAAA,EACF;AAEA,QAAM,SACJ,KAAK,MAAM,GAAG;AAKhB,QAAM,YACJ,MAAM;AAAA,IACJ;AAAA,MACE,OACE,OAAO;AAAA,MAET,uBACE,OAAO,MAAM;AAAA,MAEf,iBACE,OAAO;AAAA,MAET;AAAA,MAEA;AAAA,MAEA,kBACE,OAAO;AAAA,MAET,sBACE,OAAO;AAAA,IACX;AAAA,IAEA;AAAA,EACF;AAKF,QAAM,YAAY;AAAA,IAChB,WAAW,WAAW;AAAA,EACxB;AAKA,SAAO;AAAA,IAEL,QACE;AAAA,IAEF;AAAA,IAEA,WACE,UAAU;AAAA,IAEZ,UACE;AAAA,EACJ;AACF;;;AClGA,YAAY,QAAQ;AAEpB,IAAM,OAAO;AAEN,SAAS,cAAc,MAAW;AACvC,MAAI,OAAc,CAAC;AAEnB,MAAO,cAAW,IAAI,GAAG;AACvB,WAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAAA,EAClD;AAEA,OAAK,KAAK,IAAI;AAEd,EAAG,iBAAc,MAAM,KAAK,UAAU,MAAM,MAAM,CAAC,CAAC;AACtD;AAEO,SAAS,cAAc;AAC5B,MAAI,CAAI,cAAW,IAAI,EAAG,QAAO,CAAC;AAClC,SAAO,KAAK,MAAS,gBAAa,MAAM,OAAO,CAAC;AAClD;;;ACnBA;AAAA,EACE,kBAAAC;AAAA,EACA,cAAAC;AAAA,EACA,yBAAAC;AAAA,OACK;AAyBA,SAAS,eACd,UACA,eACA,SACA,iBAAgB,oBAAI,KAAK,GAAE,YAAY,GACzB;AAKd,QAAM,SACJD;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,EAAAC;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKA,QAAM,WACJF;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAKF,SAAO;AAAA,IAEL;AAAA,IAEA;AAAA,IAEA,eACE,OAAO;AAAA,IAET;AAAA,IAEA,YAAY,CAAC;AAAA,IAEb,UAAU;AAAA,IAEV,SAAS;AAAA,IAET,cACE;AAAA,EACJ;AACF;","names":["executeDecision","evaluatePolicy","loadPolicy","validateSignalsStrict"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@parmanasystems/execution-runtime",
3
- "version": "1.71.5",
3
+ "version": "1.71.12",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "description": "Runtime orchestration layer for Parmana Systems.",
@@ -20,7 +20,7 @@
20
20
  "build": "tsup"
21
21
  },
22
22
  "dependencies": {
23
- "@parmanasystems/execution": "^1.71.5",
23
+ "@parmanasystems/execution": "^1.71.12",
24
24
  "ioredis": "^5.4.1"
25
25
  },
26
26
  "devDependencies": {