@parmanasystems/execution 1.0.19

package/dist/index.js

@@ -0,0 +1,1063 @@
+// src/issue-token.ts
+function issueToken(input) {
+  const {
+    execution_id,
+    policy_id,
+    decision_payload,
+    schema_version,
+    runtime_version
+  } = input;
+  if (!schema_version) {
+    throw new Error("Invalid token: schema_version missing");
+  }
+  if (!runtime_version) {
+    throw new Error("Invalid token: runtime_version missing");
+  }
+  const token = {
+    execution_id,
+    policy_id,
+    decision_payload,
+    schema_version,
+    runtime_version
+  };
+  return canonicalize(token);
+}
+function canonicalize(obj) {
+  if (Array.isArray(obj)) {
+    return obj.map(canonicalize);
+  }
+  if (obj !== null && typeof obj === "object") {
+    return Object.keys(obj).sort().reduce((acc, key) => {
+      acc[key] = canonicalize(obj[key]);
+      return acc;
+    }, {});
+  }
+  return obj;
+}
+
+// src/canonical-signing.ts
+import {
+  canonicalize as canonicalize2
+} from "@parmanasystems/bundle";
+function canonicalizeForSigning(value) {
+  return canonicalize2(value);
+}
+
+// src/sign-token.ts
+function signExecutionToken(token, signer) {
+  const canonical = canonicalizeForSigning(token);
+  console.log("SIGN TOKEN:", canonical);
+  return signer.sign(canonical);
+}
+
+// src/verify-token.ts
+function verifyExecutionToken(token, signature, verifier) {
+  const canonical = canonicalizeForSigning(token);
+  console.log("VERIFY TOKEN:", canonical);
+  return verifier.verify(
+    canonical,
+    signature
+  );
+}
+
+// src/verify-runtime.ts
+import {
+  validatePolicy
+} from "@parmanasystems/governance";
+function verifyRuntimePolicy(policyId) {
+  const valid = validatePolicy(
+    policyId
+  );
+  if (!valid) {
+    throw new Error(
+      `Runtime verification failed for policy: ${policyId}`
+    );
+  }
+}
+
+// src/pipeline.ts
+function stageVerify(token, token_signature, verifier, runtime_manifest, runtime_requirements) {
+  const valid = verifier.verify(
+    Buffer.from(canonicalizeForSigning(token)),
+    Buffer.from(token_signature, "base64")
+  );
+  if (!valid) {
+    throw new Error("Invalid token signature");
+  }
+  if (!runtime_requirements?.supported_runtime_versions || !runtime_requirements.supported_runtime_versions.includes(
+    runtime_manifest.runtime_version
+  )) {
+    throw new Error("Unsupported runtime version");
+  }
+  for (const cap of runtime_requirements?.required_capabilities || []) {
+    if (!runtime_manifest.capabilities.includes(cap)) {
+      throw new Error(`Missing required capability: ${cap}`);
+    }
+  }
+  if (!runtime_requirements?.supported_schema_versions || !runtime_requirements.supported_schema_versions.includes(
+    token.schema_version
+  )) {
+    throw new Error("Unsupported schema version");
+  }
+}
+function stageExecute(token) {
+}
+function stageSign(payload, signer, runtime_hash) {
+  const message = Buffer.from(
+    JSON.stringify({
+      execution_id: payload.execution_id,
+      decision: payload.decision,
+      execution_state: payload.execution_state,
+      runtime_hash
+    })
+  );
+  const signature = signer.sign(message);
+  return {
+    execution_id: payload.execution_id,
+    decision: payload.decision,
+    execution_state: payload.execution_state,
+    signature: Buffer.from(signature).toString("base64"),
+    runtime_hash
+  };
+}
+
+// src/memory-replay-store.ts
+var MemoryReplayStore = class {
+  constructor() {
+    this.store = /* @__PURE__ */ new Set();
+  }
+  markExecuted(execution_id) {
+    if (this.store.has(execution_id)) {
+      throw new Error("Replay attack detected");
+    }
+    this.store.add(execution_id);
+  }
+};
+
+// src/execute.ts
+function executeDecision(context, replayStore) {
+  const {
+    token,
+    token_signature,
+    signer,
+    verifier,
+    runtime_manifest,
+    runtime_requirements
+  } = context;
+  stageVerify(
+    token,
+    token_signature,
+    verifier,
+    runtime_manifest,
+    runtime_requirements
+  );
+  const store = replayStore ?? new MemoryReplayStore();
+  store.markExecuted(token.execution_id);
+  stageExecute(token);
+  const decision = token.decision_payload;
+  const execution_state = decision.requires_override ? "pending_override" : decision.action === "approve" ? "completed" : "blocked";
+  return stageSign(
+    {
+      execution_id: token.execution_id,
+      decision,
+      execution_state
+    },
+    signer,
+    runtime_manifest.runtime_hash
+  );
+}
+
+// src/verify-audit.ts
+function verifyAuditEntry(entry, signature, verifier) {
+  return verifier.verify(
+    canonicalizeForSigning(entry),
+    signature
+  );
+}
+function verifyAuditChain() {
+  return true;
+}
+
+// src/hash-runtime.ts
+import crypto from "crypto";
+import {
+  canonicalize as canonicalize3
+} from "@parmanasystems/bundle";
+var runtimeManifestDefinition = {
+  runtime_version: "1.0.0",
+  supported_schema_versions: [
+    "1.0.0"
+  ],
+  capabilities: [
+    "deterministic-evaluation",
+    "attestation-signing",
+    "replay-protection",
+    "bundle-verification"
+  ]
+};
+function hashRuntime() {
+  return crypto.createHash(
+    "sha256"
+  ).update(
+    canonicalize3(
+      runtimeManifestDefinition
+    )
+  ).digest(
+    "hex"
+  );
+}
+
+// src/runtime-manifest.ts
+function getRuntimeManifest() {
+  return {
+    runtime_hash: hashRuntime(),
+    ...runtimeManifestDefinition
+  };
+}
+
+// src/sign-runtime-manifest.ts
+import {
+  canonicalize as canonicalize4
+} from "@parmanasystems/bundle";
+function signRuntimeManifest(manifest, signer) {
+  return signer.sign(
+    canonicalize4(manifest)
+  );
+}
+
+// src/verify-runtime-manifest.ts
+function verifyRuntimeManifest(manifest, signature, verifier) {
+  return verifier.verify(
+    canonicalizeForSigning(manifest),
+    signature
+  );
+}
+
+// src/local-signer.ts
+import crypto2 from "crypto";
+var LocalSigner = class {
+  /**
+   * @param privateKey - PEM-encoded Ed25519 private key (PKCS8 format).
+   */
+  constructor(privateKey) {
+    this.privateKey = privateKey;
+  }
+  /**
+   * Signs `payload` (UTF-8) with the Ed25519 private key and returns a
+   * base64-encoded signature.
+   */
+  sign(payload) {
+    return crypto2.sign(
+      null,
+      Buffer.from(
+        payload,
+        "utf8"
+      ),
+      this.privateKey
+    ).toString(
+      "base64"
+    );
+  }
+};
+
+// src/local-verifier.ts
+import crypto3 from "crypto";
+var LocalVerifier = class {
+  /**
+   * @param publicKey - PEM-encoded Ed25519 public key (SPKI format).
+   */
+  constructor(publicKey) {
+    this.publicKey = publicKey;
+  }
+  /**
+   * Verifies that `signature` (base64 Ed25519) was produced over the UTF-8
+   * `payload` by the holder of the corresponding private key.
+   */
+  verify(payload, signature) {
+    return crypto3.verify(
+      null,
+      Buffer.from(
+        payload,
+        "utf8"
+      ),
+      this.publicKey,
+      Buffer.from(
+        signature,
+        "base64"
+      )
+    );
+  }
+};
+
+// src/evaluator.ts
+function evaluateCondition(condition, signals) {
+  if ("all" in condition) {
+    return condition.all.every((c) => evaluateCondition(c, signals));
+  }
+  if ("any" in condition) {
+    return condition.any.some((c) => evaluateCondition(c, signals));
+  }
+  const { signal, equals, greater_than, less_than } = condition;
+  if (!(signal in signals)) {
+    throw new Error(`Signal not found: ${signal}`);
+  }
+  const actual = signals[signal];
+  if (equals !== void 0) {
+    if (typeof actual !== typeof equals) {
+      throw new Error(`Type mismatch for ${signal}`);
+    }
+    return actual === equals;
+  }
+  if (greater_than !== void 0) {
+    if (typeof actual !== "number") {
+      throw new Error(`Expected number for ${signal}`);
+    }
+    return actual > greater_than;
+  }
+  if (less_than !== void 0) {
+    if (typeof actual !== "number") {
+      throw new Error(`Expected number for ${signal}`);
+    }
+    return actual < less_than;
+  }
+  return false;
+}
+function validateSchemaVersion(policy) {
+  const supported = ["1.0.0"];
+  if (!supported.includes(policy.schemaVersion)) {
+    throw new Error(
+      `Unsupported schema version: ${policy.schemaVersion}`
+    );
+  }
+}
+function evaluatePolicy(policy, signals) {
+  validateSchemaVersion(policy);
+  for (const rule of policy.rules) {
+    const matched = evaluateCondition(
+      rule.condition,
+      signals
+    );
+    if (matched) {
+      return {
+        status: "decided",
+        outcome: rule.outcome,
+        rule_id: rule.id,
+        source: "rule_match"
+      };
+    }
+  }
+  throw new Error(
+    "[SYS-006] No rule matched \u2014 policy must cover all cases"
+  );
+}
+
+// src/load-policy.ts
+import fs from "fs";
+import path from "path";
+function loadPolicy(policyId, policyVersion, basePath = process.cwd()) {
+  const policyPath = path.resolve(
+    basePath,
+    "policies",
+    policyId,
+    policyVersion,
+    "policy.json"
+  );
+  if (!fs.existsSync(policyPath)) {
+    throw new Error(`Policy not found: ${policyPath}`);
+  }
+  const raw = fs.readFileSync(policyPath, "utf8");
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new Error(
+      `Invalid policy: malformed JSON in ${policyPath}`
+    );
+  }
+  if (!parsed || typeof parsed !== "object") {
+    throw new Error(
+      `Invalid policy: expected object in ${policyPath}`
+    );
+  }
+  if (!parsed.schemaVersion) {
+    throw new Error(
+      `Invalid policy: missing schemaVersion (camelCase only) in ${policyPath}`
+    );
+  }
+  if (parsed.schema_version) {
+    throw new Error(
+      `Invalid policy: use schemaVersion, not schema_version in ${policyPath}`
+    );
+  }
+  if (!parsed.signalsSchema) {
+    throw new Error(
+      `Invalid policy: missing signalsSchema in ${policyPath}`
+    );
+  }
+  if (parsed.signals_schema) {
+    throw new Error(
+      `Invalid policy: use signalsSchema, not signals_schema in ${policyPath}`
+    );
+  }
+  return parsed;
+}
+
+// src/validate-signals.ts
+function validateSignalsStrict(signals, policy) {
+  const schema = policy.signalsSchema;
+  if (!schema || typeof schema !== "object") {
+    throw new Error("[VAL-001] Invalid policy: missing signals schema");
+  }
+  if (!signals || typeof signals !== "object") {
+    throw new Error("[VAL-002] Invalid input: signals must be an object");
+  }
+  for (const key of Object.keys(signals)) {
+    if (!Object.prototype.hasOwnProperty.call(schema, key)) {
+      throw new Error(`[VAL-003] Unknown signal: ${key}`);
+    }
+  }
+  for (const key of Object.keys(schema)) {
+    const def = schema[key];
+    const value = signals[key];
+    const isRequired = def.required !== false;
+    if (value === void 0) {
+      if (isRequired) {
+        throw new Error(`[VAL-004] Missing required signal: ${key}`);
+      }
+      continue;
+    }
+    if (!def?.type) {
+      throw new Error(`[VAL-005] Invalid schema for signal: ${key}`);
+    }
+    switch (def.type) {
+      case "boolean":
+        if (typeof value !== "boolean") {
+          throw new Error(`[VAL-006] ${key} must be boolean`);
+        }
+        break;
+      case "integer":
+        if (typeof value !== "number" || !Number.isInteger(value)) {
+          throw new Error(`[VAL-007] ${key} must be integer`);
+        }
+        break;
+      case "string":
+        if (typeof value !== "string") {
+          throw new Error(`[VAL-008] ${key} must be string`);
+        }
+        break;
+      case "enum":
+        if (typeof value !== "string") {
+          throw new Error(`[VAL-009] ${key} must be enum string`);
+        }
+        if (!Array.isArray(def.values) || def.values.length === 0) {
+          throw new Error(`[VAL-010] ${key} enum values missing`);
+        }
+        if (!def.values.includes(value)) {
+          throw new Error(
+            `[VAL-011] Invalid value for ${key}: ${value}`
+          );
+        }
+        break;
+      default:
+        throw new Error(`[VAL-012] Unsupported signal type: ${def.type}`);
+    }
+  }
+}
+
+// src/dry-run.ts
+function evaluateDryRun(policyId, policyVersion, signals, governed_time = (/* @__PURE__ */ new Date()).toISOString()) {
+  const policy = loadPolicy(policyId, policyVersion);
+  validateSignalsStrict(signals, policy);
+  const decision = evaluatePolicy(policy, signals);
+  return {
+    policy_id: policyId,
+    policy_version: policyVersion,
+    schema_version: "1.0.0",
+    decision,
+    // ✅ structured
+    rule_trace: [],
+    governed: false,
+    dry_run: true,
+    evaluated_at: governed_time
+  };
+}
+
+// src/invariant-registry.ts
+var INVARIANT_REGISTRY = {
+  "INV-001": {
+    id: "INV-001",
+    description: "Canonical serialization produces identical bytes for identical inputs",
+    boundary: "canonicalize"
+  },
+  "INV-002": {
+    id: "INV-002",
+    description: "Input payload must be structurally valid",
+    boundary: "validate"
+  },
+  "INV-003": {
+    id: "INV-003",
+    description: "Execution token signature must be cryptographically valid",
+    boundary: "verify"
+  },
+  "INV-004": {
+    id: "INV-004",
+    description: "Execution time is injected deterministically \u2014 no wall-clock reads inside the execution scope",
+    boundary: ["canonicalize", "execute"]
+  },
+  "INV-005": {
+    id: "INV-005",
+    description: "Runtime version must be in the set of supported runtime versions",
+    boundary: "verify"
+  },
+  "INV-006": {
+    id: "INV-006",
+    description: "Schema version 1.0.0 must be supported by both runtime manifest and requirements",
+    boundary: "verify"
+  },
+  "INV-007": {
+    id: "INV-007",
+    description: "Execution token must not be expired at governed_time",
+    boundary: "verify"
+  },
+  "INV-008": {
+    id: "INV-008",
+    description: "The governed field is always in signature scope and equals literal true",
+    boundary: "sign"
+  },
+  "INV-009": {
+    id: "INV-009",
+    description: "Signals hash must be a non-empty string binding execution to specific inputs",
+    boundary: "validate"
+  },
+  "INV-010": {
+    id: "INV-010",
+    description: "Policy ID and policy version must be non-empty strings",
+    boundary: "validate"
+  },
+  "INV-011": {
+    id: "INV-011",
+    description: "All required runtime capabilities must be present in the runtime manifest",
+    boundary: "verify"
+  },
+  "INV-013": {
+    id: "INV-013",
+    description: "Replay protection is always enforced \u2014 execution_id is single-use and non-configurable",
+    boundary: "replay"
+  },
+  "INV-014": {
+    id: "INV-014",
+    description: "governed literal true structurally distinguishes ExecutionResult from DryRunResult",
+    boundary: "execute"
+  },
+  "INV-015": {
+    id: "INV-015",
+    description: "Audit record must be written before attestation is issued",
+    boundary: "execute"
+  },
+  "INV-016": {
+    id: "INV-016",
+    description: "Audit records are linearizable via SHA-256 hash chain",
+    boundary: "execute"
+  },
+  "INV-017": {
+    id: "INV-017",
+    description: "Any verification failure causes fail-closed execution \u2014 no partial results",
+    boundary: ["verify", "replay", "execute"]
+  },
+  "INV-020": {
+    id: "INV-020",
+    description: "Runtime capability declarations are truthful and non-negotiable",
+    boundary: "verify"
+  },
+  "INV-022": {
+    id: "INV-022",
+    description: "Every policy decision is derivable from the policy document and input signals",
+    boundary: "execute"
+  },
+  "INV-024": {
+    id: "INV-024",
+    description: "Decision values are semantically unambiguous strings",
+    boundary: "execute"
+  },
+  "INV-025": {
+    id: "INV-025",
+    description: "Schema version and runtime version are present in every ExecutionResult",
+    boundary: "execute"
+  },
+  "INV-030": {
+    id: "INV-030",
+    description: "Every attestation contains a runtime_hash binding it to a specific runtime version",
+    boundary: "execute"
+  },
+  "INV-031": {
+    id: "INV-031",
+    description: "Runtime manifest declares explicit supported_schema_versions and runtime_version",
+    boundary: "verify"
+  },
+  "INV-033": {
+    id: "INV-033",
+    description: "Governance properties (replay, audit, attestation) are structurally enforced \u2014 not configurable",
+    boundary: "execute"
+  },
+  "INV-034": {
+    id: "INV-034",
+    description: "Any verifier holding the correct public key can independently verify an attestation",
+    boundary: "sign"
+  },
+  "INV-035": {
+    id: "INV-035",
+    description: "Verification is reproducible: same attestation + key produces identical outcome",
+    boundary: "sign"
+  },
+  "INV-037": {
+    id: "INV-037",
+    description: "Signatures from different authority keys do not cross-verify \u2014 signing domains are isolated",
+    boundary: "sign"
+  },
+  "INV-038": {
+    id: "INV-038",
+    description: "Cross-key verification failures are consistent: wrong-key always returns false",
+    boundary: "sign"
+  },
+  "INV-040": {
+    id: "INV-040",
+    description: "AI output and governance enforcement are strictly separated \u2014 no AI field in execution scope",
+    boundary: "validate"
+  },
+  "INV-041": {
+    id: "INV-041",
+    description: "Governance boundary is explicit: runtime manifest must declare runtime_version",
+    boundary: "verify"
+  },
+  "INV-047": {
+    id: "INV-047",
+    description: "Canonical serialization uses explicit UTF-8 encoding",
+    boundary: "canonicalize"
+  },
+  "INV-048": {
+    id: "INV-048",
+    description: "Unicode normalization is stable across canonicalization calls",
+    boundary: "canonicalize"
+  },
+  "INV-049": {
+    id: "INV-049",
+    description: "Canonical JSON sorts object keys recursively and preserves array order",
+    boundary: "canonicalize"
+  },
+  "INV-050": {
+    id: "INV-050",
+    description: "Duplicate JSON keys must not appear in governance payloads (gap: documented)",
+    boundary: "canonicalize"
+  },
+  "INV-051": {
+    id: "INV-051",
+    description: "Numeric values canonicalize identically regardless of trailing zeros",
+    boundary: "canonicalize"
+  },
+  "INV-052": {
+    id: "INV-052",
+    description: "Object insertion order does not affect canonical form or content-address hash",
+    boundary: "canonicalize"
+  },
+  "INV-053": {
+    id: "INV-053",
+    description: "Array element order is preserved through canonicalization",
+    boundary: "canonicalize"
+  },
+  "INV-054": {
+    id: "INV-054",
+    description: "JSON type closure: NaN and Infinity serialize to null; undefined fields are omitted",
+    boundary: "canonicalize"
+  },
+  "INV-057": {
+    id: "INV-057",
+    description: "Content-address (SHA-256) is stable for identical content across calls",
+    boundary: "canonicalize"
+  },
+  "INV-059": {
+    id: "INV-059",
+    description: "Replay domain is explicit: every execution_id in the store was consumed by a real execution",
+    boundary: "replay"
+  },
+  "INV-060": {
+    id: "INV-060",
+    description: "Attestation verification is idempotent: same inputs always produce identical results",
+    boundary: "sign"
+  },
+  "INV-061": {
+    id: "INV-061",
+    description: "Runtime capability declarations are immutable after build",
+    boundary: "verify"
+  },
+  "INV-072": {
+    id: "INV-072",
+    description: "Dry-run path produces no side effects: no replay store write, no audit record, no signature",
+    boundary: "execute"
+  },
+  "INV-073": {
+    id: "INV-073",
+    description: "Canonical evaluation source files contain no network calls",
+    boundary: "execute"
+  },
+  "INV-074": {
+    id: "INV-074",
+    description: "Every governed executeDecision call produces exactly one audit record",
+    boundary: "execute"
+  },
+  "INV-075": {
+    id: "INV-075",
+    description: "Execution IDs (UUIDv4) are unique per issuance \u2014 governance identity is non-reusable",
+    boundary: "execute"
+  },
+  "INV-077": {
+    id: "INV-077",
+    description: "All failure modes are deterministic: same invalid input always produces the same error",
+    boundary: ["verify", "replay", "execute"]
+  },
+  "INV-078": {
+    id: "INV-078",
+    description: "Operational metadata fields must not contaminate deterministic signing scope",
+    boundary: "validate"
+  },
+  "INV-080": {
+    id: "INV-080",
+    description: "Unsupported schema and runtime versions fail explicitly with a descriptive error",
+    boundary: "verify"
+  },
+  "META-001": {
+    id: "META-001",
+    description: "Every governed execution produces a signed, independently verifiable attestation",
+    boundary: "sign"
+  },
+  "META-004": {
+    id: "META-004",
+    description: "Invariant violations always fail closed \u2014 no partial results are emitted on violation",
+    boundary: ["verify", "replay", "execute", "sign"]
+  }
+};
+
+// src/violation.ts
+import crypto4 from "crypto";
+var _seq = 0;
+var InvariantViolation = class extends Error {
+  constructor(report) {
+    super(`[${report.invariant_id}@${report.boundary}] ${report.reason}`);
+    this.name = "InvariantViolation";
+    this.report = report;
+  }
+};
+function hashInput(value) {
+  const bytes = typeof value === "string" ? value : JSON.stringify(value) ?? "";
+  return crypto4.createHash("sha256").update(bytes, "utf8").digest("hex");
+}
+function violate(invariant_id, boundary, reason, input) {
+  throw new InvariantViolation({
+    invariant_id,
+    boundary,
+    reason,
+    input_hash: hashInput(input),
+    timestamp_seq: ++_seq
+  });
+}
+
+// src/sealed-vm.ts
+var FORBIDDEN_GLOBALS = [
+  "Date.now",
+  "Math.random"
+];
+var SEALED_SCOPE_FILES = [
+  "packages/execution/src/execute.ts",
+  "packages/execution/src/pipeline.ts",
+  "packages/execution/src/canonical-signing.ts",
+  "packages/bundle/src/canonicalize.ts",
+  "packages/bundle/src/hash.ts"
+];
+function governingTime(provided) {
+  if (provided && provided.length > 0) {
+    return provided;
+  }
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+
+// src/execute-from-signals.ts
+import * as crypto5 from "crypto";
+
+// src/execute-with-redis.ts
+async function executeWithRedis(context, redisStore) {
+  await redisStore.markExecuted(
+    context.token.execution_id
+  );
+  const memoryStore = new MemoryReplayStore();
+  return executeDecision(context, memoryStore);
+}
+
+// src/canonical-json.ts
+function canonicalize5(value) {
+  return JSON.stringify(sortValue(value));
+}
+function sortValue(value) {
+  if (Array.isArray(value)) {
+    return value.map(sortValue);
+  }
+  if (value && typeof value === "object") {
+    const sorted = {};
+    for (const key of Object.keys(value).sort()) {
+      sorted[key] = sortValue(value[key]);
+    }
+    return sorted;
+  }
+  return value;
+}
+
+// src/execute-from-signals.ts
+async function executeFromSignals(input, signer, verifier, replayStore) {
+  try {
+    const policy = loadPolicy(
+      input.policyId,
+      input.policyVersion
+    );
+    validateSignalsStrict(input.signals, policy);
+    const decision = evaluatePolicy(policy, input.signals);
+    if (decision.status !== "decided" || !decision.outcome) {
+      throw new Error(
+        "[SYS-004] Invalid policy: execution must resolve to decided"
+      );
+    }
+    if (!decision.rule_id) {
+      throw new Error(
+        "[SYS-005] Invalid decision: rule_id required"
+      );
+    }
+    const canonicalSignals = canonicalize5(input.signals);
+    const executionId = crypto5.createHash("sha256").update(
+      JSON.stringify({
+        policyId: input.policyId,
+        policyVersion: input.policyVersion,
+        signals: canonicalSignals
+      })
+    ).digest("hex");
+    const runtimeManifest = getRuntimeManifest();
+    const token = issueToken({
+      execution_id: executionId,
+      policy_id: input.policyId,
+      decision_payload: decision.outcome,
+      schema_version: policy.schemaVersion,
+      runtime_version: runtimeManifest.runtime_version
+    });
+    const tokenSignature = signExecutionToken(token, signer);
+    const runtimeRequirements = {
+      required_capabilities: [],
+      supported_runtime_versions: [
+        runtimeManifest.runtime_version
+      ],
+      supported_schema_versions: [
+        policy.schemaVersion
+      ]
+    };
+    const action = decision.outcome.action;
+    const requiresOverride = decision.outcome.requires_override;
+    let execution_state;
+    if (requiresOverride) {
+      execution_state = "pending_override";
+    } else {
+      execution_state = action === "approve" ? "completed" : "blocked";
+    }
+    if (execution_state === "pending_override") {
+      if (!replayStore.set) {
+        throw new Error(
+          "[SYS-020] Store does not support pending execution storage"
+        );
+      }
+      await replayStore.set(
+        `pending:${executionId}`,
+        JSON.stringify({
+          token,
+          token_signature: tokenSignature,
+          runtime_manifest: runtimeManifest,
+          runtime_requirements: runtimeRequirements
+        })
+      );
+      return {
+        status: "pending_override",
+        execution_id: executionId,
+        decision,
+        requires_override: true
+      };
+    }
+    let execution;
+    try {
+      execution = await executeWithRedis(
+        {
+          token,
+          token_signature: tokenSignature,
+          signer,
+          verifier,
+          runtime_manifest: runtimeManifest,
+          runtime_requirements: runtimeRequirements
+        },
+        replayStore
+      );
+    } catch (err) {
+      const message = err instanceof Error ? err.message : "Unknown error";
+      if (message.includes("Replay attack detected")) {
+        return {
+          status: "success",
+          execution_id: executionId,
+          decision,
+          execution_state,
+          requires_override: false,
+          replay: true
+        };
+      }
+      throw err;
+    }
+    return {
+      status: "success",
+      execution_id: executionId,
+      decision,
+      execution_state,
+      requires_override: false,
+      signature: execution.signature
+    };
+  } catch (err) {
+    return {
+      status: "error",
+      error: err instanceof Error ? err.message : "Unknown error"
+    };
+  }
+}
+
+// src/execute-batch.ts
+async function executeBatch(records, signer, verifier, replayStore) {
+  const outputs = [];
+  for (const record of records) {
+    try {
+      const output = await executeFromSignals(
+        record,
+        signer,
+        verifier,
+        replayStore
+      );
+      outputs.push({
+        input: record,
+        output
+      });
+    } catch (err) {
+      outputs.push({
+        input: record,
+        output: {
+          status: "error",
+          error: err instanceof Error ? err.message : "Unknown error"
+        }
+      });
+    }
+  }
+  return outputs;
+}
+
+// src/redis-replay-store.ts
+import Redis from "ioredis";
+var RedisReplayStore = class {
+  constructor(url) {
+    this.client = new Redis(url);
+  }
+  // -----------------------------
+  // Replay protection
+  // -----------------------------
+  async hasExecuted(executionId) {
+    const res = await this.client.exists(`exec:${executionId}`);
+    return res === 1;
+  }
+  async markExecuted(executionId) {
+    const result = await this.client.set(
+      `exec:${executionId}`,
+      "1",
+      "NX"
+    );
+    if (result !== "OK") {
+      throw new Error(
+        `[INV-013@replay] Replay detected: execution_id ${executionId} has already been consumed`
+      );
+    }
+  }
+  // -----------------------------
+  // KV storage (for override)
+  // -----------------------------
+  async get(key) {
+    return this.client.get(key);
+  }
+  async set(key, value) {
+    await this.client.set(key, value);
+  }
+  async del(key) {
+    await this.client.del(key);
+  }
+  async close() {
+    await this.client.quit();
+  }
+};
+
+// src/resolve-override.ts
+async function resolveOverride(executionId, replayStore, signer, verifier) {
+  const raw = await replayStore.get(`pending:${executionId}`);
+  if (!raw) {
+    throw new Error(
+      `[SYS-021] No pending execution found for ${executionId}`
+    );
+  }
+  const stored = JSON.parse(raw);
+  const execution = await executeWithRedis(
+    {
+      token: stored.token,
+      token_signature: stored.token_signature,
+      signer,
+      verifier,
+      runtime_manifest: stored.runtime_manifest,
+      runtime_requirements: stored.runtime_requirements
+    },
+    replayStore
+  );
+  await replayStore.del(`pending:${executionId}`);
+  return {
+    status: "success",
+    execution_id: executionId,
+    signature: execution.signature,
+    resolved: true
+  };
+}
+export {
+  FORBIDDEN_GLOBALS,
+  INVARIANT_REGISTRY,
+  InvariantViolation,
+  LocalSigner,
+  LocalVerifier,
+  MemoryReplayStore,
+  RedisReplayStore,
+  SEALED_SCOPE_FILES,
+  canonicalize5 as canonicalize,
+  evaluateDryRun,
+  evaluatePolicy,
+  executeBatch,
+  executeDecision,
+  executeFromSignals,
+  getRuntimeManifest,
+  governingTime,
+  hashInput,
+  hashRuntime,
+  issueToken,
+  loadPolicy,
+  resolveOverride,
+  runtimeManifestDefinition,
+  signExecutionToken,
+  signRuntimeManifest,
+  stageExecute,
+  stageSign,
+  stageVerify,
+  verifyAuditChain,
+  verifyAuditEntry,
+  verifyExecutionToken,
+  verifyRuntimeManifest,
+  verifyRuntimePolicy,
+  violate
+};
+//# sourceMappingURL=index.js.map