@parmanasystems/verifier

Independent governance verification. Given an ExecutionAttestation and a public key, verifyAttestation recomputes the canonical attestation payload and checks the Ed25519 signature without contacting any server or database. The package also verifies policy bundle manifests, runtime manifest signatures, schema compatibility, and execution requirement constraints. All verification is portable: it runs in any clean-room environment that has access to the attestation and the public key.

Public API

/**
 * Verify an ExecutionAttestation signature and structural integrity.
 * Re-canonicalizes the attestation payload and checks the Ed25519 signature.
 * Returns VerificationResult with valid: boolean and per-check details.
 */
async function verifyAttestation(
  attestation: ExecutionAttestation,
  publicKey: string
): Promise<VerificationResult>

/**
 * Verify an attestation in governed mode: includes runtime manifest verification
 * and schema compatibility checks in addition to signature verification.
 */
async function verifyAttestationGoverned(
  attestation: ExecutionAttestation,
  options: {
    verifier: Verifier;
    runtimeManifest: RuntimeManifest;
    runtimeEnvironment: RuntimeEnvironment;
  }
): Promise<OperationalVerificationResult>

/**
 * Verify a policy bundle manifest and its signature.
 * Checks that all artifact hashes match and the manifest signature is valid.
 */
async function verifyBundle(
  manifestPath: string,
  signaturePath: string,
  publicKey: string
): Promise<BundleVerificationResult>

/**
 * Verify a runtime manifest signature.
 * Returns OperationalVerificationResult indicating whether the runtime is trusted.
 */
async function verifyRuntime(
  runtimeManifest: RuntimeManifest,
  signature: string,
  verifier: Verifier
): Promise<OperationalVerificationResult>

/**
 * Check that the runtime manifest satisfies the execution requirements
 * declared by a policy bundle (supported runtime versions, schema versions).
 */
function verifyRuntimeCompatibility(
  runtimeManifest: RuntimeManifest,
  requirements: RuntimeRequirements
): RuntimeCompatibilityResult

/**
 * Validate that a set of execution requirements is satisfiable by the current runtime.
 */
function verifyExecutionRequirements(
  requirements: RuntimeRequirements,
  runtimeManifest: RuntimeManifest
): VerificationResult

// ── Types ───────────────────────────────────────────────────────────────────

interface VerificationResult {
  valid: boolean;
  errors?: VerificationError[];
}

interface OperationalVerificationResult {
  valid: boolean;
  checks: {
    signature_verified: "verified" | "failed" | "unknown";
    runtime_verified: "verified" | "failed" | "unknown";
    schema_compatible: "verified" | "failed" | "unknown";
  };
}

interface BundleVerificationResult {
  valid: boolean;
  manifestValid: boolean;
  signatureValid: boolean;
}

interface RuntimeCompatibilityResult {
  compatible: boolean;
  unsupportedRuntimeVersions: string[];
  unsupportedSchemaVersions: string[];
}

interface VerificationError {
  code: VerificationErrorCode;
  message: string;
}

type VerificationErrorCode = string
type VerificationMode = "strict" | "lenient"
type SignatureStatus = "verified" | "failed" | "unknown"

interface VerifierConfig {
  mode?: VerificationMode;
  publicKey?: string;
}

interface ProvenanceVerificationInput {
  attestation: ExecutionAttestation;
  expectedProvenance?: Partial<ExecutionAttestation["provenance"]>;
}

Environment variables

None. Verification is stateless and offline.

Package wiring

@parmanasystems/verifier depends on @parmanasystems/execution (for ExecutionAttestation type and canonicalizeAttestation) and @parmanasystems/canonical. The server's POST /verify route calls verifyAttestationGoverned with the runtime's verifier instance. @parmanasystems/audit-db imports OperationalVerificationResult from this package to type the recordVerification input. @parmanasystems/core re-exports the full verification surface.