@parmanasystems/verifier 1.0.19

package/README.md

@@ -0,0 +1,122 @@
+# @parmanasystems/verifier
+
+Independent attestation verification for the parmanasystems governance runtime.
+
+[![npm](https://img.shields.io/npm/v/@parmanasystems/verifier)](https://www.npmjs.com/package/@parmanasystems/verifier)
+
+## Overview
+
+`@parmanasystems/verifier` performs portable, independent verification of governance attestations. It has no trust dependency on the runtime that produced the attestation — any party with the signer's public key can verify.
+
+Verification is a **four-check process**:
+
+1. **Signature** — the attestation was signed by the trusted governance key
+2. **Runtime hash** — the attestation was produced by the expected runtime version
+3. **Schema compatibility** — the schema version is supported by the runtime
+4. **Governed** — the `governed: true` field was in the signature scope (INV-008)
+
+## Installation
+
+```bash
+npm install @parmanasystems/verifier
+```
+
+## Quick start
+
+```typescript
+import { verifyAttestation } from "@parmanasystems/verifier";
+import { getRuntimeManifest, LocalVerifier } from "@parmanasystems/execution";
+
+const verifier = new LocalVerifier(publicKeyPem);
+const manifest = getRuntimeManifest();
+
+const result = verifyAttestation(attestation, verifier, manifest);
+
+console.log(result.valid);
+// true
+
+console.log(result.checks);
+// {
+//   signature_verified: true,
+//   runtime_verified:   true,
+//   schema_compatible:  true,
+//   governed:           true,
+// }
+```
+
+## API
+
+### `verifyAttestation(attestation, verifier, manifest): VerificationResult`
+
+Runs all four checks and returns a structured result. `valid` is `true` only when all checks pass.
+
+```typescript
+import { verifyAttestation } from "@parmanasystems/verifier";
+
+const { valid, checks } = verifyAttestation(attestation, verifier, manifest);
+```
+
+### `verifyBundle(manifestPath, signaturePath): Promise<boolean>`
+
+Verifies a signed governance policy bundle — hash integrity and Ed25519 signature.
+
+```typescript
+import { verifyBundle } from "@parmanasystems/verifier";
+
+const ok = await verifyBundle(
+  "./policies/claims-approval/v1/bundle.manifest.json",
+  "./policies/claims-approval/v1/bundle.sig"
+);
+```
+
+### `verifyRuntime(manifest1, manifest2): boolean`
+
+Compares two runtime manifests for equality.
+
+### `verifyRuntimeCompatibility(manifest, requirements): boolean`
+
+Checks whether a runtime manifest satisfies a set of `RuntimeRequirements` (version + capabilities).
+
+### `verifyExecutionRequirements(manifest, requirements): boolean`
+
+Checks whether a runtime manifest satisfies a set of execution-level requirements.
+
+## Types
+
+### VerificationResult
+
+```typescript
+interface VerificationResult {
+  valid: boolean;
+  checks: {
+    signature_verified: boolean;
+    runtime_verified:   boolean;
+    schema_compatible:  boolean;
+    governed:           boolean;
+  };
+}
+```
+
+## Independent verification
+
+Verification is designed to run outside the production runtime with no network calls or service dependencies:
+
+```typescript
+// In a separate process, auditor's environment, or third-party system:
+import { verifyAttestation } from "@parmanasystems/verifier";
+
+// All you need: the attestation, the public key, and the expected runtime manifest.
+const result = verifyAttestation(attestation, verifier, manifest);
+```
+
+The `Verifier` interface accepts any implementation — `LocalVerifier` (Ed25519), custom AWS KMS verifiers, or any compatible implementation:
+
+```typescript
+interface Verifier {
+  verify(payload: string, signature: string): boolean;
+}
+```
+
+## License
+
+Apache-2.0

package/dist/index.d.ts

@@ -0,0 +1,133 @@
+import { ExecutionAttestation, Verifier, RuntimeManifest } from '@parmanasystems/execution';
+import { RuntimeRequirements } from '@parmanasystems/governance';
+
+/**
+ * Structured result of an attestation verification.
+ *
+ * `valid` is `true` only when all four checks pass.  Individual check flags
+ * allow callers to produce precise diagnostic messages on failure.
+ */
+interface VerificationResult {
+    /** `true` when all checks — governed, signature, runtime, and schema — pass. */
+    valid: boolean;
+    checks: {
+        /** `true` when the attestation signature is cryptographically valid. */
+        signature_verified: boolean;
+        /** `true` when the attestation's runtime hash and version match the provided manifest. */
+        runtime_verified: boolean;
+        /** `true` when the attestation's schema version is supported by the runtime manifest. */
+        schema_compatible: boolean;
+        /**
+         * True when attestation.result.governed === true.
+         * A governed attestation must have this field as the literal true.
+         * Enforces: META-001, INV-014.
+         */
+        governed: boolean;
+    };
+}
+
+/**
+ * Verifies an ExecutionAttestation.
+ *
+ * Checks:
+ * 1. Signature correctness
+ * 2. Runtime integrity (runtime_hash match)
+ *
+ * NOTE:
+ * Payload MUST exactly match what was signed during execution.
+ */
+declare function verifyAttestation(attestation: ExecutionAttestation, verifier: Verifier, runtimeManifest: RuntimeManifest): VerificationResult;
+
+/** Detailed result of a {@link verifyBundle} call. */
+interface BundleVerificationResult {
+    /** `true` when both the manifest content hashes and the cryptographic signature are valid. */
+    valid: boolean;
+    /** `true` when the content hash commitment in the manifest is consistent. */
+    manifest_verified: boolean;
+    /** `true` when the manifest signature passes cryptographic verification. */
+    signature_verified: boolean;
+    /** `true` when the on-disk directory content matches the manifest's artifact hashes. */
+    bundle_verified: boolean;
+}
+/**
+ * Performs a full, standalone bundle verification:
+ * 1. Re-hashes every artifact in the bundle directory and validates the manifest commitment.
+ * 2. Verifies the Ed25519 signature in `signaturePath` against the manifest.
+ *
+ * Both checks must pass for `valid` to be `true`.
+ *
+ * @param manifestPath  - Path to `bundle.manifest.json`.
+ * @param signaturePath - Path to `bundle.sig` (base64 Ed25519 signature file).
+ */
+declare function verifyBundle(manifestPath: string, signaturePath: string): BundleVerificationResult;
+
+/** Result of verifying that a runtime manifest declares a required set of capabilities. */
+interface RuntimeVerificationResult {
+    /** `true` when the runtime declares all required capabilities. */
+    valid: boolean;
+    /** Capability strings that are required but not declared by the runtime. */
+    missing_capabilities: string[];
+}
+/**
+ * Checks that `manifest.capabilities` contains every entry in `requiredCapabilities`.
+ *
+ * @param manifest             - The runtime manifest to check.
+ * @param requiredCapabilities - The capability strings that must be present.
+ */
+declare function verifyRuntime(manifest: RuntimeManifest, requiredCapabilities: string[]): RuntimeVerificationResult;
+
+/**
+ * Full compatibility result produced by {@link verifyRuntimeCompatibility}.
+ * Separates capability gaps from version incompatibilities so each dimension
+ * can be reported or acted on independently.
+ */
+interface RuntimeCompatibilityResult {
+    /** `true` when the runtime satisfies all capability, version, and schema requirements. */
+    valid: boolean;
+    /** Capability strings required by the bundle but absent from the runtime. */
+    missing_capabilities: string[];
+    /** `true` when the runtime version is not in `requirements.supported_runtime_versions`. */
+    unsupported_runtime_version: boolean;
+    /**
+     * `true` when none of the schema versions supported by the runtime appear in
+     * `requirements.supported_schema_versions`.
+     */
+    unsupported_schema_version: boolean;
+}
+/**
+ * Performs a comprehensive compatibility check between a runtime manifest and
+ * the requirements declared by a bundle.  Checks capabilities, runtime version,
+ * and schema version overlap in a single pass.
+ *
+ * Use this before issuing an execution token to surface all incompatibilities
+ * at once rather than discovering them one at a time.
+ *
+ * @param manifest     - The runtime manifest to evaluate.
+ * @param requirements - The bundle's declared runtime requirements.
+ */
+declare function verifyRuntimeCompatibility(manifest: RuntimeManifest, requirements: RuntimeRequirements): RuntimeCompatibilityResult;
+
+/** Result of verifying that a runtime satisfies a set of execution security requirements. */
+interface ExecutionRequirementResult {
+    /** `true` when the runtime satisfies all requirements. */
+    valid: boolean;
+    /** List of capability strings that are required but absent from the runtime. */
+    missing_requirements: string[];
+}
+type ExecutionRequirementsInput = {
+    replay_protection_required?: boolean;
+    attestation_required?: boolean;
+    audit_chain_required?: boolean;
+    [key: string]: boolean | undefined;
+};
+/**
+ * Checks that `manifest.capabilities` satisfies every flag set in
+ * `requirements`.  Returns the list of missing capabilities so callers can
+ * produce actionable error messages.
+ *
+ * @param manifest     - The runtime manifest to test.
+ * @param requirements - The execution security requirements to check against.
+ */
+declare function verifyExecutionRequirements(manifest: RuntimeManifest, requirements: ExecutionRequirementsInput): ExecutionRequirementResult;
+
+export { type BundleVerificationResult, type ExecutionRequirementResult, type RuntimeCompatibilityResult, type RuntimeVerificationResult, type VerificationResult, verifyAttestation, verifyBundle, verifyExecutionRequirements, verifyRuntime, verifyRuntimeCompatibility };

package/dist/index.js

@@ -0,0 +1,134 @@
+// src/verify-attestation.ts
+function verifyAttestation(attestation, verifier, runtimeManifest) {
+  const payloadString = JSON.stringify({
+    execution_id: attestation.execution_id,
+    decision: attestation.decision,
+    execution_state: attestation.execution_state,
+    runtime_hash: attestation.runtime_hash
+  });
+  const signatureVerified = verifier.verify(
+    payloadString,
+    attestation.signature
+  );
+  const runtimeVerified = attestation.runtime_hash === runtimeManifest.runtime_hash;
+  return {
+    valid: signatureVerified && runtimeVerified,
+    checks: {
+      signature_verified: signatureVerified,
+      runtime_verified: runtimeVerified,
+      schema_compatible: true,
+      // no longer used
+      governed: true
+      // implicit in attestation model
+    }
+  };
+}
+
+// src/verify-bundle.ts
+import fs from "fs";
+import path from "path";
+import {
+  readManifest,
+  verifyManifest
+} from "@parmanasystems/bundle";
+import {
+  verifySignature
+} from "@parmanasystems/crypto";
+function verifyBundle(manifestPath, signaturePath) {
+  const signature = fs.readFileSync(
+    signaturePath,
+    "utf8"
+  );
+  const directory = path.dirname(
+    manifestPath
+  );
+  const parsedManifest = readManifest(directory);
+  const bundleVerified = verifyManifest(
+    parsedManifest,
+    directory
+  ).valid;
+  const signatureVerified = verifySignature(
+    manifestPath,
+    signature
+  );
+  return {
+    valid: bundleVerified && signatureVerified,
+    manifest_verified: bundleVerified && signatureVerified,
+    signature_verified: signatureVerified,
+    bundle_verified: bundleVerified
+  };
+}
+
+// src/verify-runtime.ts
+function verifyRuntime(manifest, requiredCapabilities) {
+  const missing = requiredCapabilities.filter(
+    (capability) => !manifest.capabilities.includes(
+      capability
+    )
+  );
+  return {
+    valid: missing.length === 0,
+    missing_capabilities: missing
+  };
+}
+
+// src/verify-runtime-compatibility.ts
+function verifyRuntimeCompatibility(manifest, requirements) {
+  const missingCapabilities = requirements.required_capabilities.filter(
+    (capability) => !manifest.capabilities.includes(
+      capability
+    )
+  );
+  const unsupportedRuntime = !requirements.supported_runtime_versions.includes(
+    manifest.runtime_version
+  );
+  const unsupportedSchema = requirements.supported_schema_versions.every(
+    (schemaVersion) => !manifest.supported_schema_versions.includes(
+      schemaVersion
+    )
+  );
+  return {
+    valid: missingCapabilities.length === 0 && !unsupportedRuntime && !unsupportedSchema,
+    missing_capabilities: missingCapabilities,
+    unsupported_runtime_version: unsupportedRuntime,
+    unsupported_schema_version: unsupportedSchema
+  };
+}
+
+// src/verify-execution-requirements.ts
+function verifyExecutionRequirements(manifest, requirements) {
+  const missing = [];
+  if (requirements.replay_protection_required && !manifest.capabilities.includes(
+    "replay-protection"
+  )) {
+    missing.push(
+      "replay-protection"
+    );
+  }
+  if (requirements.attestation_required && !manifest.capabilities.includes(
+    "attestation-signing"
+  )) {
+    missing.push(
+      "attestation-signing"
+    );
+  }
+  if (requirements.audit_chain_required && !manifest.capabilities.includes(
+    "bundle-verification"
+  )) {
+    missing.push(
+      "bundle-verification"
+    );
+  }
+  return {
+    valid: missing.length === 0,
+    missing_requirements: missing
+  };
+}
+export {
+  verifyAttestation,
+  verifyBundle,
+  verifyExecutionRequirements,
+  verifyRuntime,
+  verifyRuntimeCompatibility
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/verify-attestation.ts","../src/verify-bundle.ts","../src/verify-runtime.ts","../src/verify-runtime-compatibility.ts","../src/verify-execution-requirements.ts"],"sourcesContent":["import type {\n  ExecutionAttestation,\n  RuntimeManifest,\n  Verifier\n} from \"@parmanasystems/execution\";\n\nimport type {\n  VerificationResult,\n} from \"./types\";\n\n/**\n * Verifies an ExecutionAttestation.\n *\n * Checks:\n * 1. Signature correctness\n * 2. Runtime integrity (runtime_hash match)\n *\n * NOTE:\n * Payload MUST exactly match what was signed during execution.\n */\nexport function verifyAttestation(\n  attestation: ExecutionAttestation,\n  verifier: Verifier,\n  runtimeManifest: RuntimeManifest\n): VerificationResult {\n\n  // -----------------------------\n  // Canonical payload (STRING — must match signer)\n  // -----------------------------\n  const payloadString = JSON.stringify({\n    execution_id: attestation.execution_id,\n    decision: attestation.decision,\n    execution_state: attestation.execution_state,\n    runtime_hash: attestation.runtime_hash\n  });\n\n  // -----------------------------\n  // Check 1: Signature\n  // -----------------------------\n  const signatureVerified = verifier.verify(\n    payloadString,\n    attestation.signature\n  );\n\n  // -----------------------------\n  // Check 2: Runtime binding\n  // -----------------------------\n  const runtimeVerified =\n    attestation.runtime_hash ===\n    runtimeManifest.runtime_hash;\n\n  // -----------------------------\n  // Final result\n  // -----------------------------\n  return {\n    valid:\n      signatureVerified &&\n      runtimeVerified,\n\n    checks: {\n      signature_verified: signatureVerified,\n      runtime_verified: runtimeVerified,\n      schema_compatible: true, // no longer used\n      governed: true           // implicit in attestation model\n    }\n  };\n}","import fs from \"fs\";\nimport path from \"path\";\n\nimport {\n  readManifest,\n  verifyManifest,\n} from \"@parmanasystems/bundle\";\n\nimport {\n  verifySignature,\n} from \"@parmanasystems/crypto\";\n\n/** Detailed result of a {@link verifyBundle} call. */\nexport interface BundleVerificationResult {\n  /** `true` when both the manifest content hashes and the cryptographic signature are valid. */\n  valid: boolean;\n\n  /** `true` when the content hash commitment in the manifest is consistent. */\n  manifest_verified: boolean;\n\n  /** `true` when the manifest signature passes cryptographic verification. */\n  signature_verified: boolean;\n\n  /** `true` when the on-disk directory content matches the manifest's artifact hashes. */\n  bundle_verified: boolean;\n}\n\n/**\n * Performs a full, standalone bundle verification:\n * 1. Re-hashes every artifact in the bundle directory and validates the manifest commitment.\n * 2. Verifies the Ed25519 signature in `signaturePath` against the manifest.\n *\n * Both checks must pass for `valid` to be `true`.\n *\n * @param manifestPath  - Path to `bundle.manifest.json`.\n * @param signaturePath - Path to `bundle.sig` (base64 Ed25519 signature file).\n */\nexport function verifyBundle(\n  manifestPath: string,\n  signaturePath: string\n): BundleVerificationResult {\n\n  const signature =\n    fs.readFileSync(\n      signaturePath,\n      \"utf8\"\n    );\n\n  const directory =\n    path.dirname(\n      manifestPath\n    );\n\n  const parsedManifest =\n    readManifest(directory);\n\n  const bundleVerified =\n    verifyManifest(\n      parsedManifest,\n      directory\n    ).valid;\n\n  const signatureVerified =\n    verifySignature(\n      manifestPath,\n      signature\n    );\n\n  return {\n    valid:\n      bundleVerified &&\n      signatureVerified,\n\n    manifest_verified:\n      bundleVerified &&\n      signatureVerified,\n\n    signature_verified:\n      signatureVerified,\n\n    bundle_verified:\n      bundleVerified,\n  };\n}\n\n\n\n\n","import type {\n  RuntimeManifest,\n} from \"@parmanasystems/execution\";\n\n/** Result of verifying that a runtime manifest declares a required set of capabilities. */\nexport interface RuntimeVerificationResult {\n  /** `true` when the runtime declares all required capabilities. */\n  valid: boolean;\n\n  /** Capability strings that are required but not declared by the runtime. */\n  missing_capabilities: string[];\n}\n\n/**\n * Checks that `manifest.capabilities` contains every entry in `requiredCapabilities`.\n *\n * @param manifest             - The runtime manifest to check.\n * @param requiredCapabilities - The capability strings that must be present.\n */\nexport function verifyRuntime(\n  manifest: RuntimeManifest,\n  requiredCapabilities: string[]\n): RuntimeVerificationResult {\n\n  const missing =\n    requiredCapabilities.filter(\n      capability =>\n        !manifest.capabilities.includes(\n          capability\n        )\n    );\n\n  return {\n    valid:\n      missing.length === 0,\n\n    missing_capabilities:\n      missing,\n  };\n}\n\n\n\n\n","import type {\n  RuntimeManifest,\n} from \"@parmanasystems/execution\";\n\nimport type {\n  RuntimeRequirements,\n} from \"@parmanasystems/governance\";\n\n/**\n * Full compatibility result produced by {@link verifyRuntimeCompatibility}.\n * Separates capability gaps from version incompatibilities so each dimension\n * can be reported or acted on independently.\n */\nexport interface RuntimeCompatibilityResult {\n  /** `true` when the runtime satisfies all capability, version, and schema requirements. */\n  valid: boolean;\n\n  /** Capability strings required by the bundle but absent from the runtime. */\n  missing_capabilities: string[];\n\n  /** `true` when the runtime version is not in `requirements.supported_runtime_versions`. */\n  unsupported_runtime_version: boolean;\n\n  /**\n   * `true` when none of the schema versions supported by the runtime appear in\n   * `requirements.supported_schema_versions`.\n   */\n  unsupported_schema_version: boolean;\n}\n\n/**\n * Performs a comprehensive compatibility check between a runtime manifest and\n * the requirements declared by a bundle.  Checks capabilities, runtime version,\n * and schema version overlap in a single pass.\n *\n * Use this before issuing an execution token to surface all incompatibilities\n * at once rather than discovering them one at a time.\n *\n * @param manifest     - The runtime manifest to evaluate.\n * @param requirements - The bundle's declared runtime requirements.\n */\nexport function verifyRuntimeCompatibility(\n  manifest: RuntimeManifest,\n  requirements: RuntimeRequirements\n): RuntimeCompatibilityResult {\n\n  const missingCapabilities =\n    requirements.required_capabilities.filter(\n      capability =>\n        !manifest.capabilities.includes(\n          capability\n        )\n    );\n\n  const unsupportedRuntime =\n    !requirements.supported_runtime_versions.includes(\n      manifest.runtime_version\n    );\n\n  const unsupportedSchema =\n    requirements.supported_schema_versions.every(\n      (\n        schemaVersion\n      ) =>\n        !manifest.supported_schema_versions.includes(\n          schemaVersion\n        )\n    );\n\n  return {\n    valid:\n      missingCapabilities.length === 0 &&\n      !unsupportedRuntime &&\n      !unsupportedSchema,\n\n    missing_capabilities:\n      missingCapabilities,\n\n    unsupported_runtime_version:\n      unsupportedRuntime,\n\n    unsupported_schema_version:\n      unsupportedSchema,\n  };\n}\n\n\n\n\n","import type {\n  RuntimeManifest,\n} from \"@parmanasystems/execution\";\n\n/** Result of verifying that a runtime satisfies a set of execution security requirements. */\nexport interface ExecutionRequirementResult {\n  /** `true` when the runtime satisfies all requirements. */\n  valid: boolean;\n\n  /** List of capability strings that are required but absent from the runtime. */\n  missing_requirements: string[];\n}\n\ntype ExecutionRequirementsInput = {\n  replay_protection_required?: boolean;\n  attestation_required?: boolean;\n  audit_chain_required?: boolean;\n  [key: string]: boolean | undefined;\n};\n\n/**\n * Checks that `manifest.capabilities` satisfies every flag set in\n * `requirements`.  Returns the list of missing capabilities so callers can\n * produce actionable error messages.\n *\n * @param manifest     - The runtime manifest to test.\n * @param requirements - The execution security requirements to check against.\n */\nexport function verifyExecutionRequirements(\n  manifest: RuntimeManifest,\n  requirements: ExecutionRequirementsInput\n): ExecutionRequirementResult {\n\n  const missing: string[] = [];\n\n  if (\n    requirements.replay_protection_required &&\n    !manifest.capabilities.includes(\n      \"replay-protection\"\n    )\n  ) {\n    missing.push(\n      \"replay-protection\"\n    );\n  }\n\n  if (\n    requirements.attestation_required &&\n    !manifest.capabilities.includes(\n      \"attestation-signing\"\n    )\n  ) {\n    missing.push(\n      \"attestation-signing\"\n    );\n  }\n\n  if (\n    requirements.audit_chain_required &&\n    !manifest.capabilities.includes(\n      \"bundle-verification\"\n    )\n  ) {\n    missing.push(\n      \"bundle-verification\"\n    );\n  }\n\n  return {\n    valid:\n      missing.length === 0,\n\n    missing_requirements:\n      missing,\n  };\n}\n\n\n\n"],"mappings":";AAoBO,SAAS,kBACd,aACA,UACA,iBACoB;AAKpB,QAAM,gBAAgB,KAAK,UAAU;AAAA,IACnC,cAAc,YAAY;AAAA,IAC1B,UAAU,YAAY;AAAA,IACtB,iBAAiB,YAAY;AAAA,IAC7B,cAAc,YAAY;AAAA,EAC5B,CAAC;AAKD,QAAM,oBAAoB,SAAS;AAAA,IACjC;AAAA,IACA,YAAY;AAAA,EACd;AAKA,QAAM,kBACJ,YAAY,iBACZ,gBAAgB;AAKlB,SAAO;AAAA,IACL,OACE,qBACA;AAAA,IAEF,QAAQ;AAAA,MACN,oBAAoB;AAAA,MACpB,kBAAkB;AAAA,MAClB,mBAAmB;AAAA;AAAA,MACnB,UAAU;AAAA;AAAA,IACZ;AAAA,EACF;AACF;;;AClEA,OAAO,QAAQ;AACf,OAAO,UAAU;AAEjB;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAEP;AAAA,EACE;AAAA,OACK;AA2BA,SAAS,aACd,cACA,eAC0B;AAE1B,QAAM,YACJ,GAAG;AAAA,IACD;AAAA,IACA;AAAA,EACF;AAEF,QAAM,YACJ,KAAK;AAAA,IACH;AAAA,EACF;AAEF,QAAM,iBACJ,aAAa,SAAS;AAExB,QAAM,iBACJ;AAAA,IACE;AAAA,IACA;AAAA,EACF,EAAE;AAEJ,QAAM,oBACJ;AAAA,IACE;AAAA,IACA;AAAA,EACF;AAEF,SAAO;AAAA,IACL,OACE,kBACA;AAAA,IAEF,mBACE,kBACA;AAAA,IAEF,oBACE;AAAA,IAEF,iBACE;AAAA,EACJ;AACF;;;AChEO,SAAS,cACd,UACA,sBAC2B;AAE3B,QAAM,UACJ,qBAAqB;AAAA,IACnB,gBACE,CAAC,SAAS,aAAa;AAAA,MACrB;AAAA,IACF;AAAA,EACJ;AAEF,SAAO;AAAA,IACL,OACE,QAAQ,WAAW;AAAA,IAErB,sBACE;AAAA,EACJ;AACF;;;ACEO,SAAS,2BACd,UACA,cAC4B;AAE5B,QAAM,sBACJ,aAAa,sBAAsB;AAAA,IACjC,gBACE,CAAC,SAAS,aAAa;AAAA,MACrB;AAAA,IACF;AAAA,EACJ;AAEF,QAAM,qBACJ,CAAC,aAAa,2BAA2B;AAAA,IACvC,SAAS;AAAA,EACX;AAEF,QAAM,oBACJ,aAAa,0BAA0B;AAAA,IACrC,CACE,kBAEA,CAAC,SAAS,0BAA0B;AAAA,MAClC;AAAA,IACF;AAAA,EACJ;AAEF,SAAO;AAAA,IACL,OACE,oBAAoB,WAAW,KAC/B,CAAC,sBACD,CAAC;AAAA,IAEH,sBACE;AAAA,IAEF,6BACE;AAAA,IAEF,4BACE;AAAA,EACJ;AACF;;;ACxDO,SAAS,4BACd,UACA,cAC4B;AAE5B,QAAM,UAAoB,CAAC;AAE3B,MACE,aAAa,8BACb,CAAC,SAAS,aAAa;AAAA,IACrB;AAAA,EACF,GACA;AACA,YAAQ;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,MACE,aAAa,wBACb,CAAC,SAAS,aAAa;AAAA,IACrB;AAAA,EACF,GACA;AACA,YAAQ;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,MACE,aAAa,wBACb,CAAC,SAAS,aAAa;AAAA,IACrB;AAAA,EACF,GACA;AACA,YAAQ;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OACE,QAAQ,WAAW;AAAA,IAErB,sBACE;AAAA,EACJ;AACF;","names":[]}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@parmanasystems/verifier",
+  "version": "1.0.19",
+  "private": false,
+  "type": "module",
+  "scripts": {
+    "build": "tsup"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "sideEffects": false,
+  "dependencies": {
+    "@parmanasystems/crypto": "^1.0.19",
+    "@parmanasystems/execution": "^1.0.19",
+    "@parmanasystems/governance": "^1.0.19"
+  },
+  "description": "Independent governance verification infrastructure for deterministic parmanasystems workflows.",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pavancharak/parmanasystems-core.git"
+  },
+  "homepage": "https://github.com/pavancharak/parmanasystems-core",
+  "bugs": {
+    "url": "https://github.com/pavancharak/parmanasystems-core/issues"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "keywords": [
+    "verification",
+    "attestation",
+    "provenance",
+    "trust",
+    "auditability",
+    "governance"
+  ],
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts"
+}