Parmana Systems

Deterministic governance infrastructure for high-consequence execution systems.

AI may recommend.
Parmana determines whether execution is allowed.

Why Parmana Exists

Modern AI systems are increasingly capable of making recommendations, triggering workflows, and initiating actions.

However, most systems still struggle to answer critical governance questions:

• Why was an action executed?
• Was execution authorized?
• Which evidence existed at decision time?
• Can the decision be reproduced independently?
• Can auditors verify governance continuity?
• Can replay reconstruction reproduce the same result?
• Can governance survive outside the runtime?

Traditional workflow systems often depend heavily on:

• mutable runtime state
• operational trust
• unverifiable execution history
• centralized infrastructure
• nondeterministic behavior

Parmana exists to provide:

deterministic governance integrity

through:

• append-only lineage
• deterministic replay
• portable verification
• cryptographic continuity
• replay-safe execution
• independent auditability

Core Principle

Parmana intentionally separates:

probabilistic evaluation

from:

deterministic governance enforcement

AI systems may:

• classify
• summarize
• predict
• recommend
• extract signals

Parmana determines whether execution is allowed.

This separation preserves:

• reproducibility
• replay continuity
• auditability
• independent verification
• operational defensibility

What Parmana Does

Parmana governs:

• admissibility
• authorization continuity
• deterministic execution
• replay reconstruction
• append-only lineage
• execution authority
• fail-closed enforcement
• audit continuity
• cryptographic verification
• portable governance proofs

Parmana provides deterministic governance infrastructure around execution systems.

What Parmana Does NOT Do

Parmana does NOT:

• perform AI inference
• determine objective truth
• replace human judgment
• guarantee external reality
• validate medical correctness
• validate financial correctness
• eliminate all operational trust
• replace cybersecurity infrastructure

Parmana verifies:

governance integrity

not:

objective reality

Architecture Overview

Parmana architecture includes:

• Signal Layer
• Governance Layer
• Execution Layer
• Provenance Layer
• Replay Layer
• Verification Layer
• Audit Layer
• Persistence Layer

Core architectural properties:

• deterministic execution
• append-only lineage
• replay-safe semantics
• portable verification
• cryptographic continuity
• independent verification

Portable Verification

Portable verification is a foundational Parmana capability.

Governance evidence remains independently verifiable outside the original runtime environment.

Verification requires only:

• governance proof bundle
• trust-root public key
• deterministic verifier

Verification does NOT require:

• application servers
• runtime APIs
• cloud infrastructure
• operational databases
• runtime operators

This enables:

• regulator audits
• third-party verification
• long-term archival validation
• infrastructure-independent trust

Governance vs Truth

One of the most important Parmana principles is:

governance integrity
!=
objective reality

Parmana can prove:

• deterministic authorization continuity
• admissibility enforcement
• replay integrity
• append-only lineage continuity
• cryptographic consistency

Parmana cannot prove:

• whether a bank balance is objectively correct
• whether an AI hallucinated
• whether a medical diagnosis is factually accurate
• whether external systems are truthful

This boundary is intentional.

Deterministic Replay

Replay reconstruction is central to Parmana.

The same lineage must always reconstruct the same governance state.

Replay determinism enables:

• reproducibility
• independent verification
• audit continuity
• regulator validation
• portable trust proofs

Nondeterministic governance invalidates replay integrity.

Append-Only Lineage

Governance history is append-only.

Lineage events describe:

• authorization
• execution
• reconciliation
• provenance
• escalation
• governance state transitions

Historical mutation invalidates cryptographic continuity.

This provides:

• tamper evidence
• historical continuity
• replay reconstruction
• audit traceability

Independent Verification

Parmana verification intentionally minimizes runtime trust.

Independent verifiers validate:

• signatures
• manifest hashes
• replay integrity
• lineage continuity
• governance invariants

directly from portable governance artifacts.

Verification survives independently from runtime infrastructure.

Example Use Cases

Parmana is designed for systems where execution integrity matters.

Examples include:

• healthcare triage governance
• insurance authorization workflows
• financial approval systems
• AI voice agent escalation
• enterprise approval chains
• compliance workflows
• security operations governance
• regulated automation systems

Parmana is especially valuable when organizations must later prove:

• why execution occurred
• who authorized it
• which evidence existed
• whether governance policy was followed
• whether replay reconstruction succeeds

Quick Example

const lineage = [
  createLineageEvent({
    type: "authorization",
    payload: {
      approved: true,
    },
    previousHash: null,
  }),
];

const replay =
  replayLineage(
    lineage,
  );

const bundle =
  createGovernanceProofBundle(
    {
      lineage,
      replay,
      privateKey,
      keyId: "root-1",
    },
  );

const result =
  verifyGovernanceProof(
    {
      bundle,
      publicKey,
    },
  );

Portable governance verification now succeeds independently from the original runtime environment.

Packages

Core ecosystem packages include:

• @parmanasystems/core
• @parmanasystems/execution
• @parmanasystems/governance
• @parmanasystems/provenance
• @parmanasystems/crypto
• @parmanasystems/verifier
• @parmanasystems/verifier-cli
• @parmanasystems/server
• @parmanasystems/sdk-client
• @parmanasystems/audit-db

Deterministic Guarantees

Parmana is designed around explicit deterministic guarantees:

• same governance input → same governance output
• replay reconstruction remains reproducible
• lineage remains append-only
• verification remains portable
• governance evidence remains tamper-evident
• execution authority remains replay-safe

These guarantees enable reproducible governance integrity.

Threat Model

Parmana is specifically designed to mitigate:

• governance tampering
• replay attacks
• audit mutation
• unverifiable authorization
• mutable operational evidence
• nondeterministic governance execution

through:

• append-only lineage
• deterministic replay
• cryptographic verification
• portable governance proofs
• independent verification

Parmana intentionally does not attempt to solve universal cybersecurity or objective truth determination.

Documentation

Core documentation includes:

• docs/architecture.md
• docs/principles.md
• docs/trust-model.md
• docs/threat-model.md
• docs/portable-verification.md
• docs/governance-vs-truth.md
• docs/use-cases.md
• docs/faq.md

Current Status

Parmana currently includes operational support for:

• deterministic replay reconstruction
• append-only lineage
• execution authority
• replay-safe consumption
• portable proof bundles
• independent verification
• audit reconstruction
• provenance lineage
• admissibility enforcement
• fail-closed governance
• cryptographic signing
• Redis-backed consumption stores
• PostgreSQL lineage persistence

Philosophy

Parmana follows this operational philosophy:

minimize trust.
make assumptions explicit.
cryptographically verify everything possible.

License

Apache-2.0 License.

Runtime Requirements

Parmana Systems packages are ESM-only.

Requirements:

• Node.js >= 20.19
• Native ES module support

Example:

` s import { verifyDecision } from "@parmanasystems/verifier";