> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parmanasystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Execution Trust Record

> Returns the complete Execution Trust Record for businessTransactionId (looked up by Business Transaction ID, despite the path segment name; there is no separate trustRecordId lookup).




## OpenAPI

````yaml /openapi.bundled.yaml get /trust-records/{businessTransactionId}
openapi: 3.1.0
info:
  title: Parmana API
  version: 1.0.0
  description: >
    Parmana is an Execution Trust Infrastructure that ensures there is no gap
    between what humans decide and what AI systems do. The API enables creation,
    execution, verification, replay, and auditing of Business Transactions
    through cryptographically verifiable Execution Trust Records.


    **Every route requires a caller bearer key, except GET /health.** Send
    `Authorization: Bearer <key>` on every other request. Keys are issued by
    `scripts/generate-api-key.ts` and configured server-side via
    `PARMANA_API_KEYS`; only a hash of each key is ever held by the server,
    verified in constant time. A missing or invalid credential returns 401
    before a Business Transaction is even constructed, independent of Policy
    evaluation and gateway attestation, see
    `packages/api/src/middleware/caller-auth.ts` and
    [Authentication](/api-reference/authentication). Local development may set
    `PARMANA_AUTH_DISABLED=true` to skip this middleware entirely; that flag
    must never be set in a real deployment.
  contact:
    name: Parmana
    email: support@parmana.ai
  license:
    name: Apache-2.0
    identifier: Apache-2.0
servers:
  - url: http://localhost:3000
    description: Local (packages/api, PORT env var, default 3000)
security:
  - bearerAuth: []
tags:
  - name: Execution
    description: >-
      Executes a Business Transaction through the complete Execution Trust
      pipeline
  - name: Transactions
    description: Business Transaction creation and retrieval
  - name: Verification
    description: Deterministic verification of an Execution Trust Record
  - name: Receipts
    description: Cryptographically signed Execution Trust Receipts
  - name: Trust Records
    description: Execution Trust Record retrieval
  - name: Replay
    description: Deterministic replay of a recorded Execution Trust Record
  - name: Policies
    description: Policy existence/readability check
  - name: System
    description: Operational endpoints
paths:
  /trust-records/{businessTransactionId}:
    get:
      tags:
        - Trust Records
      summary: Get Execution Trust Record
      description: >
        Returns the complete Execution Trust Record for businessTransactionId
        (looked up by Business Transaction ID, despite the path segment name;
        there is no separate trustRecordId lookup).
      operationId: getTrustRecord
      parameters:
        - name: businessTransactionId
          in: path
          required: true
          description: >-
            Business Transaction identifier (not the Trust Record's own
            trustRecordId).
          schema:
            type: string
      responses:
        '200':
          description: Execution Trust Record found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/execution-trust-record.schema'
              examples:
                vendor-payment-flow:
                  summary: Real captured response
                  value:
                    trustRecordId: 65fee934-532c-4feb-88d9-72c0cd912a81
                    businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                    transaction:
                      businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                      metadata:
                        businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                        correlationId: cc1ca975-4935-4e9a-a591-8897af6b56fb
                        sourceSystem: vendor-payment-service
                        submittedBy: ap-automation
                        submittedAt: '2026-07-13T17:36:00.835Z'
                      authority:
                        authorityId: db5c5260-bb4c-40a2-a081-2928b5fe7720
                        authorityType: SERVICE
                        principalId: ap-automation-svc
                        displayName: Accounts Payable Automation
                        issuedAt: '2026-07-13T17:36:00.835Z'
                      authorization:
                        authorizationId: 63bdc429-14e4-4ef4-8007-f3c0c9564261
                        authorityId: db5c5260-bb4c-40a2-a081-2928b5fe7720
                        purpose: Authorize vendor payment disbursement
                        issuedAt: '2026-07-13T17:36:00.835Z'
                      intent:
                        intentId: 1e77d0b3-2e57-4e31-b780-03abc92f1b69
                        authorizationId: 63bdc429-14e4-4ef4-8007-f3c0c9564261
                        action: payments:execute
                        target: vendor/V-500
                        parameters:
                          amount: 5000
                          currency: USD
                        createdAt: '2026-07-13T17:36:00.835Z'
                      policy:
                        name: vendor-payment
                        version: 2.0.0
                        schemaVersion: 1.0.0
                      signals:
                        vendorVerified: true
                        invoiceVerified: true
                        paymentApproved: true
                        sufficientFunds: true
                        paymentAmount: 5000
                        riskScore: 12
                      status: RECEIVED
                      createdAt: '2026-07-13T17:36:00.965Z'
                    overrides: []
                    executions:
                      - executionId: 90746492-7721-4228-b244-67bf8a45ca68
                        businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                        decision:
                          decisionId: 8ec880cb-677a-4889-96f1-5a18a4edc1b5
                          intentId: 1e77d0b3-2e57-4e31-b780-03abc92f1b69
                          policy:
                            name: vendor-payment
                            version: 2.0.0
                            schemaVersion: 1.0.0
                          signals:
                            vendorVerified: true
                            invoiceVerified: true
                            paymentApproved: true
                            sufficientFunds: true
                            paymentAmount: 5000
                            riskScore: 12
                          outcome: APPROVED
                          reason: >-
                            Vendor payment authorized. Vendor verification,
                            invoice verification, payment approval, funding, and
                            risk assessment requirements were satisfied.
                          evaluatedAt: '2026-07-13T17:36:00.967Z'
                        status: COMPLETED
                        mode: SYNC
                        startedAt: '2026-07-13T17:36:00.968Z'
                        metadata:
                          authorizationId: dbc09266-2078-4d4e-93d0-f355eb7eebcc
                        evidence:
                          businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                          action: payments:execute
                          target: vendor/V-500
                          parameters:
                            amount: 5000
                            currency: USD
                          success: true
                          executedAt: '2026-07-13T17:36:00.970Z'
                          attributes:
                            connector:
                              connectorId: vendor-payment
                              connectorVersion: 1.0.0
                              capability: payments:execute
                              sanitizedEndpoint: vendor/V-500
                              credentialProviderId: environment
                              requestSummary:
                                businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                                action: payments:execute
                                target: vendor/V-500
                                parameters:
                                  amount: 5000
                                  currency: USD
                              responseSummary:
                                success: true
                                metadata: {}
                              startedAt: '2026-07-13T17:36:00.970Z'
                              completedAt: '2026-07-13T17:36:00.970Z'
                              connectorEvidenceHash: >-
                                c97411026a82b608d9b0f8b137a64e26d8af24bdda09310b639e527e08a9aada
                        completedAt: '2026-07-13T17:36:00.970Z'
                    verifications:
                      - verificationId: e22354e0-7f22-49b2-bd2f-09e47881d788
                        businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                        status: VERIFIED
                        message: Execution Trust Record verified successfully.
                        verifiedAt: '2026-07-13T17:36:00.973Z'
                        trustRecordHash: >-
                          e20a8861864f1a0a6c5fe00e64abca04de18a7d165a82ef9d7beb458c2096b3f
                    receipts:
                      - receiptId: 863947e6-9d36-492e-b9c9-78b0f3e9b6df
                        businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                        trustRecordHash: >-
                          e20a8861864f1a0a6c5fe00e64abca04de18a7d165a82ef9d7beb458c2096b3f
                        receiptHash: >-
                          c9666b08b42bb5ff77650b544c3c2183609f25e4d8dc09359b71a970c57ed3ce
                        issuedAt: '2026-07-13T17:36:00.973Z'
                        algorithm: ed25519
                        signature: >-
                          Pcr42EvbaUbLogvVhYiV3g7uuwvZr82HUJhVptnXRxmTtiEGiz2SCdz5Z80xRDvmvSxpOSG5OnvMAaRzJXncBg==
                    createdAt: '2026-07-13T17:36:00.971Z'
                    updatedAt: '2026-07-13T17:36:00.971Z'
                    trustRecordHash: >-
                      e20a8861864f1a0a6c5fe00e64abca04de18a7d165a82ef9d7beb458c2096b3f
                    signature:
                      algorithm: ed25519
                      keyId: default
                      value: >-
                        gjDYmHUBKIrv7bT3uwAkt3wHeoSwz5uANXQV5MfsFgbUIh83KiufZwxht3F3Een+7K/ZW9SRn0F0J7ACJRLbAg==
                      signedAt: '2026-07-13T17:36:00.972Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          description: Execution Trust Record not found.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/error.schema'
              examples:
                notFound:
                  summary: Real captured response
                  value:
                    error: Execution Trust Record not found.
components:
  schemas:
    execution-trust-record.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/execution-trust-record.schema.json
      title: Execution Trust Record
      description: >-
        Canonical immutable record representing everything Parmana knows about a
        Business Transaction: the authoritative source for replay, verification,
        audit, and receipt generation. One Execution Trust Record exists per
        Business Transaction. overrides, executions, verifications, and receipts
        are append-only: existing entries are never modified or removed.
      type: object
      additionalProperties: true
      required:
        - trustRecordId
        - businessTransactionId
        - transaction
        - overrides
        - executions
        - verifications
        - receipts
        - trustRecordHash
        - signature
        - createdAt
        - updatedAt
      properties:
        trustRecordId:
          type: string
          description: Unique Execution Trust Record identifier.
        businessTransactionId:
          type: string
          description: Business Transaction identifier.
        transaction:
          $ref: '#/components/schemas/business-transaction.schema'
        overrides:
          type: array
          description: >-
            Override history. Append-only; empty on every transaction in this
            repository today (no route creates an Override).
          items:
            $ref: '#/components/schemas/override.schema'
        executions:
          type: array
          description: Execution history. Append-only.
          items:
            $ref: '#/components/schemas/execution.schema'
        verifications:
          type: array
          description: Verification history. Append-only.
          items:
            $ref: '#/components/schemas/verification.schema'
        receipts:
          type: array
          description: Receipt history. Append-only.
          items:
            $ref: '#/components/schemas/receipt.schema'
        trustRecordHash:
          type: string
          description: >-
            Canonical hash of the Execution Trust Record, computed over its
            canonical serialized form.
        signature:
          type: object
          description: >-
            Cryptographic signature over the canonical Execution Trust Record,
            proving it was produced by Parmana and has not been modified since
            signing.
          additionalProperties: true
          required:
            - algorithm
            - keyId
            - value
            - signedAt
          properties:
            algorithm:
              type: string
              examples:
                - ed25519
            keyId:
              type: string
              description: Identifier of the signing key.
            value:
              type: string
              description: Base64-encoded signature value.
            signedAt:
              type: string
              format: date-time
        createdAt:
          type: string
          format: date-time
          description: UTC timestamp when the Execution Trust Record was first created.
        updatedAt:
          type: string
          format: date-time
          description: >-
            UTC timestamp when the Execution Trust Record was last extended with
            a new immutable artifact.
      examples:
        - trustRecordId: 759e916e-66d2-48c3-8869-55d557acf155
          businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          transaction:
            businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
            metadata:
              businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
              correlationId: 6b97caca-1605-4711-bf00-7e5a65434d93
              sourceSystem: vendor-payment-service
              submittedBy: ap-automation
              submittedAt: '2026-07-07T16:38:59.285Z'
            authority:
              authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
              authorityType: SERVICE
              principalId: ap-automation-svc
              displayName: Accounts Payable Automation
              issuedAt: '2026-07-07T16:38:59.285Z'
            authorization:
              authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
              authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
              purpose: Authorize vendor payment disbursement
              issuedAt: '2026-07-07T16:38:59.285Z'
            intent:
              intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
              authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
              action: payments:execute
              target: vendor/V-100
              parameters:
                amount: 4500
                currency: USD
              createdAt: '2026-07-07T16:38:59.285Z'
            policy:
              name: vendor-payment
              version: 2.0.0
              schemaVersion: 1.0.0
            signals:
              vendorVerified: true
              invoiceVerified: true
              paymentApproved: true
              sufficientFunds: true
              paymentAmount: 4500
              riskScore: 10
            status: RECEIVED
            createdAt: '2026-07-07T16:38:59.325Z'
          overrides: []
          executions:
            - executionId: 2be38c15-f93c-4621-9a1c-7570c130dea0
              businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
              decision:
                decisionId: 9d69dc0b-333a-4be3-b09f-358fece806f3
                intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
                policy:
                  name: vendor-payment
                  version: 2.0.0
                  schemaVersion: 1.0.0
                signals:
                  vendorVerified: true
                  invoiceVerified: true
                  paymentApproved: true
                  sufficientFunds: true
                  paymentAmount: 4500
                  riskScore: 10
                outcome: APPROVED
                reason: >-
                  Vendor payment authorized. Vendor verification, invoice
                  verification, payment approval, funding, and risk assessment
                  requirements were satisfied.
                evaluatedAt: '2026-07-07T16:38:59.326Z'
              status: COMPLETED
              mode: SYNC
              startedAt: '2026-07-07T16:38:59.328Z'
              metadata:
                authorizationId: 1dc2d137-fde2-4d9c-b298-79e9f8a0d03e
              evidence:
                businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
                action: payments:execute
                target: vendor/V-100
                parameters:
                  amount: 4500
                  currency: USD
                success: true
                executedAt: '2026-07-07T16:38:59.328Z'
                attributes:
                  connector:
                    connectorId: vendor-payment
                    connectorVersion: 1.0.0
                    capability: payments:execute
                    sanitizedEndpoint: vendor/V-100
                    credentialProviderId: environment
                    requestSummary:
                      businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
                      action: payments:execute
                      target: vendor/V-100
                      parameters:
                        amount: 4500
                        currency: USD
                    responseSummary:
                      success: true
                      metadata: {}
                    startedAt: '2026-07-07T16:38:59.328Z'
                    completedAt: '2026-07-07T16:38:59.328Z'
                    connectorEvidenceHash: >-
                      7bcacb3e399a713e44a4f48aa2783de8060ae28591e4fc1256b504bd32cd7aea
              completedAt: '2026-07-07T16:38:59.329Z'
          verifications:
            - verificationId: 0b96c8b4-9cd8-4162-81fc-086575cf0924
              businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
              status: VERIFIED
              message: Execution Trust Record verified successfully.
              verifiedAt: '2026-07-07T16:38:59.331Z'
              trustRecordHash: 989aef83d595202ec02bb338ac00461abec0541098ea065f965b5cde342d3b25
          receipts:
            - receiptId: 3073a598-f927-4caf-8bb8-4f083f62b7e9
              businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
              trustRecordHash: 989aef83d595202ec02bb338ac00461abec0541098ea065f965b5cde342d3b25
              receiptHash: 8a5a0e9255dafef5ec588f0834e3c5b81dc7feb98a59f8bfa7083438fa58e231
              issuedAt: '2026-07-07T16:38:59.331Z'
              algorithm: ed25519
              signature: >-
                vzpykBuJhoy/2BdiR1x02KYZqMtKJu39olRJdzM5veSo9nYmoNSYQnt9HELlb2jlGWf07jPhP8ZXlrQnN4KQBA==
          createdAt: '2026-07-07T16:38:59.329Z'
          updatedAt: '2026-07-07T16:38:59.329Z'
          trustRecordHash: 989aef83d595202ec02bb338ac00461abec0541098ea065f965b5cde342d3b25
          signature:
            algorithm: ed25519
            keyId: default
            value: >-
              l41lr6nCUbrzEfoil/3+gkXd4zEQ9TR1qFaSwLuE70L/9U6cVz3VXdM1lPsDfELKh6RO4qcDrFWF/S3k4CAxAQ==
            signedAt: '2026-07-07T16:38:59.330Z'
    error.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/error.schema.json
      title: Error Response
      description: >-
        Shared error envelope produced by
        packages/api/src/middleware/error-handler.ts and by every route's inline
        validation checks. error is always a plain human-readable string (never
        a nested object). code is present only when the failure was a
        RuntimeError subclass reaching the centralized error handler
        (VerificationFailedError, ReceiptGenerationError, or an uncategorized
        RuntimeError); it is absent from every inline route-level check
        (businessTransactionId format/required checks) and from
        BusinessTransactionValidationError, PolicyValidationError,
        SignalValidationError, PolicyNotFoundError,
        DuplicateBusinessTransactionError, and the generic 500 fallback. POST
        /policies/validate does NOT use this envelope at all. See its own
        response schema. For the triggering condition and recommended caller
        action behind any specific error/code/status combination, see the Error
        catalog at /api-reference/error-catalog.
      type: object
      additionalProperties: false
      required:
        - error
      properties:
        error:
          type: string
          description: Human-readable error message.
        code:
          type: string
          description: >-
            Stable machine-readable error code. Only present for errors that
            reach the handler as a RuntimeError.
          examples:
            - RUNTIME_ERROR
            - VERIFICATION_FAILED
            - RECEIPT_GENERATION_FAILED
      examples:
        - error: businessTransactionId must be a valid UUID.
        - error: >-
            Business Transaction 'eed2a972-1bf5-4166-8472-761f76fbf1b2' already
            exists.
        - error: >-
            Execution rejected: Vendor payment rejected because the assessed
            payment risk exceeds the maximum permitted threshold.
          code: RUNTIME_ERROR
    business-transaction.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/business-transaction.schema.json
      title: Business Transaction
      description: >-
        Canonical immutable business context accepted by Parmana for execution:
        Authority -> Authorization -> Intent -> Business Transaction -> Policy.
        Every Business Transaction produces exactly one Decision, one Execution,
        and one Execution Trust Record.
      type: object
      additionalProperties: true
      required:
        - businessTransactionId
        - metadata
        - authority
        - authorization
        - intent
        - policy
        - signals
        - status
        - createdAt
      properties:
        businessTransactionId:
          type: string
          format: uuid
          description: >-
            Unique Business Transaction identifier. Same value as
            metadata.businessTransactionId. Must be a valid UUID on both POST
            /execute and POST /transactions (rejected with a 400 otherwise).
        metadata:
          $ref: '#/components/schemas/metadata.schema'
        authority:
          $ref: '#/components/schemas/authority.schema'
        authorization:
          $ref: '#/components/schemas/authorization.schema'
        intent:
          $ref: '#/components/schemas/intent.schema'
        policy:
          $ref: '#/components/schemas/policy.schema'
        signals:
          $ref: '#/components/schemas/signals.schema'
        status:
          type: string
          description: >-
            Current Business Transaction lifecycle state. Always RECEIVED at
            creation on both POST /execute and POST /transactions. Parmana sets
            this field via BusinessTransactionMapper.fromRequest and ignores any
            status the client sends.
          enum:
            - RECEIVED
            - POLICY_EVALUATED
            - APPROVED
            - REJECTED
            - OVERRIDDEN
            - EXECUTING
            - EXECUTED
            - FAILED
            - VERIFIED
        createdAt:
          type: string
          format: date-time
          description: UTC timestamp when the Business Transaction was accepted by Parmana.
      examples:
        - businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          metadata:
            businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
            correlationId: 6b97caca-1605-4711-bf00-7e5a65434d93
            sourceSystem: vendor-payment-service
            submittedBy: ap-automation
            submittedAt: '2026-07-07T16:38:59.285Z'
          authority:
            authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
            authorityType: SERVICE
            principalId: ap-automation-svc
            displayName: Accounts Payable Automation
            issuedAt: '2026-07-07T16:38:59.285Z'
          authorization:
            authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
            authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
            purpose: Authorize vendor payment disbursement
            issuedAt: '2026-07-07T16:38:59.285Z'
          intent:
            intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
            authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
            action: payments:execute
            target: vendor/V-100
            parameters:
              amount: 4500
              currency: USD
            createdAt: '2026-07-07T16:38:59.285Z'
          policy:
            name: vendor-payment
            version: 2.0.0
            schemaVersion: 1.0.0
          signals:
            vendorVerified: true
            invoiceVerified: true
            paymentApproved: true
            sufficientFunds: true
            paymentAmount: 4500
            riskScore: 10
          status: RECEIVED
          createdAt: '2026-07-07T16:38:59.325Z'
    override.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/override.schema.json
      title: Override
      description: >-
        Immutable trust artifact recording an authorized human override for a
        Business Transaction. No API route in this repository currently creates
        an Override; this schema exists only because
        ExecutionTrustRecord.overrides is part of the append-only Trust Record
        shape; every captured example has an empty overrides array.
      type: object
      additionalProperties: true
      required:
        - overrideId
        - businessTransactionId
        - approvedBy
        - reason
        - approvedAt
      properties:
        overrideId:
          type: string
          description: Unique Override identifier.
        businessTransactionId:
          type: string
          description: Business Transaction to which this Override belongs.
        approvedBy:
          type: string
          description: Authorized user or system that approved the Override.
        reason:
          type: string
          description: Human-readable reason for the Override.
        justification:
          type: string
          description: Optional business justification.
        approvedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Override was approved.
    execution.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/execution.schema.json
      title: Execution
      description: >-
        Immutable trust artifact recording what actually happened while
        processing a Business Transaction. Every Execution records exactly one
        Decision produced by deterministic Policy evaluation.
      type: object
      additionalProperties: true
      required:
        - executionId
        - businessTransactionId
        - decision
        - status
        - mode
        - startedAt
      properties:
        executionId:
          type: string
          description: Unique Execution identifier.
        businessTransactionId:
          type: string
          description: Business Transaction to which this Execution belongs.
        decision:
          $ref: '#/components/schemas/decision.schema'
        status:
          type: string
          description: Execution lifecycle state.
          enum:
            - PROCESSING
            - COMPLETED
            - FAILED
        mode:
          type: string
          description: Execution mode.
          enum:
            - SYNC
            - ASYNC
        startedAt:
          type: string
          format: date-time
          description: UTC timestamp when execution started.
        completedAt:
          type: string
          format: date-time
          description: >-
            UTC timestamp when execution completed. Present only for terminal
            executions.
        evidence:
          type: object
          description: >-
            Immutable execution evidence: businessTransactionId, action, target,
            parameters, success, executedAt, and an optional attributes bag for
            execution-system-specific evidence (for example Connector SDK
            evidence, when a Connector executed this Execution).
          additionalProperties: true
        metadata:
          type: object
          description: >-
            Execution-specific metadata. Currently populated with
            authorizationId when the Execution is APPROVED.
          additionalProperties: true
      examples:
        - executionId: 90746492-7721-4228-b244-67bf8a45ca68
          businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
          decision:
            decisionId: 8ec880cb-677a-4889-96f1-5a18a4edc1b5
            intentId: 1e77d0b3-2e57-4e31-b780-03abc92f1b69
            policy:
              name: vendor-payment
              version: 2.0.0
              schemaVersion: 1.0.0
            signals:
              vendorVerified: true
              invoiceVerified: true
              paymentApproved: true
              sufficientFunds: true
              paymentAmount: 5000
              riskScore: 12
            outcome: APPROVED
            reason: >-
              Vendor payment authorized. Vendor verification, invoice
              verification, payment approval, funding, and risk assessment
              requirements were satisfied.
            evaluatedAt: '2026-07-13T17:36:00.967Z'
          status: COMPLETED
          mode: SYNC
          startedAt: '2026-07-13T17:36:00.968Z'
          metadata:
            authorizationId: dbc09266-2078-4d4e-93d0-f355eb7eebcc
          evidence:
            businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
            action: payments:execute
            target: vendor/V-500
            parameters:
              amount: 5000
              currency: USD
            success: true
            executedAt: '2026-07-13T17:36:00.970Z'
            attributes:
              connector:
                connectorId: vendor-payment
                connectorVersion: 1.0.0
                capability: payments:execute
                sanitizedEndpoint: vendor/V-500
                credentialProviderId: environment
                requestSummary:
                  businessTransactionId: 44b34a79-e0f2-49d7-a48e-e52fff88182e
                  action: payments:execute
                  target: vendor/V-500
                  parameters:
                    amount: 5000
                    currency: USD
                responseSummary:
                  success: true
                  metadata: {}
                startedAt: '2026-07-13T17:36:00.970Z'
                completedAt: '2026-07-13T17:36:00.970Z'
                connectorEvidenceHash: >-
                  c97411026a82b608d9b0f8b137a64e26d8af24bdda09310b639e527e08a9aada
          completedAt: '2026-07-13T17:36:00.970Z'
    verification.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/verification.schema.json
      title: Verification
      description: >-
        Immutable result of verifying an entire Execution Trust Record:
        recomputed hash matches the stored hash, signature verifies, and every
        APPROVED Execution carries a non-empty authorizationId. All checks
        always run and are reported together in message; a failure in one does
        not skip the others.
      type: object
      additionalProperties: true
      required:
        - verificationId
        - businessTransactionId
        - status
        - verifiedAt
        - trustRecordHash
      properties:
        verificationId:
          type: string
          description: Unique Verification identifier.
        businessTransactionId:
          type: string
          description: Business Transaction being verified.
        status:
          type: string
          description: Verification result.
          enum:
            - VERIFIED
            - FAILED
        message:
          type: string
          description: >-
            Human-readable verification summary: either the success message, or
            every failed check's message joined with "; ".
        verifiedAt:
          type: string
          format: date-time
          description: UTC timestamp when verification completed.
        trustRecordHash:
          type: string
          description: >-
            Hash of the verified Execution Trust Record, proving exactly which
            record was verified.
      examples:
        - verificationId: 0ad69d3f-7fd0-4507-ab38-e386146757ae
          businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          status: VERIFIED
          message: Execution Trust Record verified successfully.
          verifiedAt: '2026-07-07T16:38:59.344Z'
          trustRecordHash: 989aef83d595202ec02bb338ac00461abec0541098ea065f965b5cde342d3b25
    receipt.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/receipt.schema.json
      title: Receipt
      description: >-
        Cryptographically signed, immutable Execution Trust Receipt proving the
        outcome of an Execution Trust Record at the time it was issued.
      type: object
      additionalProperties: true
      required:
        - receiptId
        - businessTransactionId
        - trustRecordHash
        - receiptHash
        - signature
        - algorithm
        - issuedAt
      properties:
        receiptId:
          type: string
          description: Unique Receipt identifier.
        businessTransactionId:
          type: string
          description: Business Transaction represented by this Receipt.
        executionId:
          type: string
          description: >-
            Execution represented by this Receipt. Absent when the Receipt
            represents the latest transaction state; every Receipt currently
            produced by ReceiptService omits this field.
        trustRecordHash:
          type: string
          description: >-
            Canonical hash of the Execution Trust Record, used for independent
            verification.
        receiptHash:
          type: string
          description: Hash of this Receipt.
        signature:
          type: string
          description: Base64-encoded digital signature over the Receipt.
        algorithm:
          type: string
          description: Signing algorithm.
          examples:
            - ed25519
        issuedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Receipt was generated.
      examples:
        - receiptId: 312ce65d-8ec4-4978-ac50-aeb0062ad7be
          businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          trustRecordHash: 989aef83d595202ec02bb338ac00461abec0541098ea065f965b5cde342d3b25
          receiptHash: 2cc963456dd71e0e85f2d2fe743d4475072997287356ac1b9c6a9314b189ea8b
          issuedAt: '2026-07-07T16:38:59.350Z'
          algorithm: ed25519
          signature: >-
            2Z49nDSXubFNTpy0ovPwguGW3IpgvdJuiusCAadMNPS4cqmjRUthZmrfN3kZUO5m7Ku5v/poeLxtjsFKvXe9DA==
    metadata.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/metadata.schema.json
      title: Metadata
      description: >-
        Immutable Business Transaction metadata supplied by the calling
        application. Not evaluated by Policy. businessTransactionId is the only
        required field; it must match the top-level businessTransactionId.
        Parmana rejects a mismatch with a 400.
      type: object
      additionalProperties: true
      required:
        - businessTransactionId
      properties:
        businessTransactionId:
          type: string
          format: uuid
          description: Unique Business Transaction identifier. Must be a valid UUID.
        correlationId:
          type: string
          description: Optional correlation identifier used by the calling application.
        tenantId:
          type: string
          description: Optional tenant identifier for multi-tenant deployments.
        sourceSystem:
          type: string
          description: Originating application or service.
        submittedBy:
          type: string
          description: Identity of the calling application or principal.
        submittedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Business Transaction was submitted.
      examples:
        - businessTransactionId: eed2a972-1bf5-4166-8472-761f76fbf1b2
          correlationId: 6b97caca-1605-4711-bf00-7e5a65434d93
          sourceSystem: vendor-payment-service
          submittedBy: ap-automation
          submittedAt: '2026-07-07T16:38:59.285Z'
    authority.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/authority.schema.json
      title: Authority
      description: >-
        Entity empowered to authorize execution within a trust domain. Immutable
        once issued.
      type: object
      additionalProperties: true
      required:
        - authorityId
        - authorityType
        - principalId
        - issuedAt
      properties:
        authorityId:
          type: string
          description: Unique Authority identifier.
        authorityType:
          type: string
          description: Type of authority.
          enum:
            - USER
            - ROLE
            - SERVICE
            - ORGANIZATION
        principalId:
          type: string
          description: Principal identifier.
        displayName:
          type: string
          description: Human-readable display name.
        issuedAt:
          type: string
          format: date-time
          description: UTC timestamp when Authority became effective.
      examples:
        - authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
          authorityType: SERVICE
          principalId: ap-automation-svc
          displayName: Accounts Payable Automation
          issuedAt: '2026-07-07T16:38:59.285Z'
    authorization.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/authorization.schema.json
      title: Authorization
      description: >-
        Immutable trust artifact proving that an Authority granted approval for
        an intended execution.
      type: object
      additionalProperties: true
      required:
        - authorizationId
        - authorityId
        - purpose
        - issuedAt
      properties:
        authorizationId:
          type: string
          description: Unique Authorization identifier.
        authorityId:
          type: string
          description: >-
            Authority issuing this Authorization. Must match
            authority.authorityId. Parmana rejects a mismatch with a 400.
        purpose:
          type: string
          description: Business purpose for which the Authorization was granted.
        issuedAt:
          type: string
          format: date-time
          description: UTC timestamp when the Authorization was issued.
        expiresAt:
          type: string
          format: date-time
          description: >-
            Optional expiration timestamp. After this time the Authorization is
            no longer valid.
      examples:
        - authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
          authorityId: c0c01c23-04a2-45f2-a821-ef24bfca02d3
          purpose: Authorize vendor payment disbursement
          issuedAt: '2026-07-07T16:38:59.285Z'
    intent.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/intent.schema.json
      title: Intent
      description: >-
        Immutable declaration of the action an Authority intends to be executed
        under an Authorization.
      type: object
      additionalProperties: true
      required:
        - intentId
        - authorizationId
        - action
        - target
        - parameters
        - createdAt
      properties:
        intentId:
          type: string
          description: Unique Intent identifier.
        authorizationId:
          type: string
          description: >-
            Authorization under which this Intent was created. Must match
            authorization.authorizationId. Parmana rejects a mismatch with a
            400.
        action:
          type: string
          description: >-
            Business action being requested. Required and non-empty. Parmana
            rejects an empty action with a 400.
          examples:
            - VendorPayment
            - TransferFunds
            - DeployApplication
        target:
          type: string
          description: Target of the intended action.
          examples:
            - vendor/V-100
            - account/12345
        parameters:
          type: object
          description: >-
            Immutable business parameters describing the intended action. Not
            evaluated by policy, see signals.
          additionalProperties: true
        createdAt:
          type: string
          format: date-time
          description: UTC timestamp when the Intent was created.
      examples:
        - intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
          authorizationId: 6e9d6aa6-6d20-40a8-b05d-383516365cc7
          action: payments:execute
          target: vendor/V-100
          parameters:
            amount: 4500
            currency: USD
          createdAt: '2026-07-07T16:38:59.285Z'
    policy.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/policy.schema.json
      title: Policy Reference
      description: >-
        Exact Policy to evaluate. The client explicitly supplies name, version,
        and schemaVersion; Parmana does not automatically discover or select a
        policy. If no matching policy file exists at
        policies/{name}/{version}/policy.json, the request fails with a 404
        (policyId/policyVersion on POST /policies/validate) or a RUNTIME_ERROR
        (name/version elsewhere, from PolicyNotFoundError not otherwise mapped
        by the shared error handler in every route, see the error envelope
        note).
      type: object
      additionalProperties: true
      required:
        - name
        - version
        - schemaVersion
      properties:
        name:
          type: string
          description: >-
            Policy name. Required and non-empty. Parmana rejects an empty name
            with a 400.
          minLength: 1
        version:
          type: string
          description: >-
            Business policy version. Required and non-empty. Parmana rejects an
            empty version with a 400.
          minLength: 1
          examples:
            - 2.0.0
            - 1.0.0
        schemaVersion:
          type: string
          description: Signals schema version expected by the policy.
          examples:
            - 1.0.0
      examples:
        - name: vendor-payment
          version: 2.0.0
          schemaVersion: 1.0.0
    signals.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/signals.schema.json
      title: Signals
      description: >-
        Opaque runtime facts evaluated by the resolved Policy's rules. Parmana
        assigns no business meaning to these values and does not statically
        validate them beyond the Policy's own signalsSchema declaration (see
        policies/{name}/{version}/policy.json). Scaled integers, not floats, for
        numeric signals such as amounts (house convention across every reference
        policy).
      type: object
      additionalProperties: true
      examples:
        - vendorVerified: true
          invoiceVerified: true
          paymentApproved: true
          sufficientFunds: true
          paymentAmount: 4500
          riskScore: 10
    decision.schema:
      $schema: https://json-schema.org/draft/2020-12/schema
      $id: https://schemas.parmana.ai/common/decision.schema.json
      title: Decision
      description: >-
        Immutable result of evaluating an Intent against a Policy. Decision does
        not create authority, grant authorization, or modify Intent; it only
        records the outcome of deterministic Policy evaluation.
      type: object
      additionalProperties: true
      required:
        - decisionId
        - intentId
        - policy
        - signals
        - outcome
        - evaluatedAt
      properties:
        decisionId:
          type: string
          description: Unique Decision identifier.
        intentId:
          type: string
          description: Intent evaluated by this Decision.
        policy:
          $ref: '#/components/schemas/policy.schema'
        signals:
          $ref: '#/components/schemas/signals.schema'
        outcome:
          type: string
          description: >-
            Policy evaluation outcome. There are no intermediate states: a
            Decision is always exactly one of these two values.
          enum:
            - APPROVED
            - REJECTED
        reason:
          type: string
          description: >-
            Human-readable explanation, taken from the matching Policy rule's
            outcome.reason.
        evaluatedAt:
          type: string
          format: date-time
          description: UTC timestamp when policy evaluation completed.
      examples:
        - decisionId: 9d69dc0b-333a-4be3-b09f-358fece806f3
          intentId: ae5865f6-181b-409a-90ec-1b4b8b8414ba
          policy:
            name: vendor-payment
            version: 2.0.0
            schemaVersion: 1.0.0
          signals:
            vendorVerified: true
            invoiceVerified: true
            paymentApproved: true
            sufficientFunds: true
            paymentAmount: 4500
            riskScore: 10
          outcome: APPROVED
          reason: >-
            Vendor payment authorized. Vendor verification, invoice
            verification, payment approval, funding, and risk assessment
            requirements were satisfied.
          evaluatedAt: '2026-07-07T16:38:59.326Z'
  responses:
    Unauthorized:
      description: >-
        Missing or invalid caller credential (StaticKeyAuthenticator returned no
        identity). Real captured response,
        packages/api/src/middleware/caller-auth.ts.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/error.schema'
          examples:
            authRequired:
              summary: Real captured response, missing or invalid Authorization header
              value:
                error: authentication required
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: >
        Caller API key issued by scripts/generate-api-key.ts. Sent as
        Authorization: Bearer <key>. Verified against a stored SHA-256 hash in
        constant time by packages/api/src/auth/StaticKeyAuthenticator.ts.
        Required on every route except GET /health. See
        /api-reference/authentication.

````