Skip to main content
[AVAILABLE], this is what actually runs. Cloud/KMS/multi-instance/HA deployment is [ROADMAP], see Roadmap.

What runs today

One Express process (packages/api/src/server.ts), single instance, no load balancer or orchestration assumed. Signing keys are local PEM files read by FileKeyProvider. Storage is either fully in-process (memory, non-persistent) or Supabase.

Configuration

Real .env keys (from this repo, values redacted):
NODE_ENV=...
PORT=3000
PARMANA_STORAGE=supabase     # or: memory
HASH_PROVIDER=sha256
PRIMARY_SIGNATURE_PROVIDER=ed25519   # or: dilithium3 (needs Node >= 24)
KEY_PROVIDER=local
PARMANA_KEY_DIR=./keys
PARMANA_GATEWAY_KEY_ID=gateway       # optional, defaults to "gateway"
TRUST_PROFILE=v1
LOG_LEVEL=...                # read into config; no logger currently consumes it, see Roadmap
PARMANA_POLICY_DIR=...
VENDOR_PAYMENT_TOKEN=...     # credential for the one wired connector, see below
PARMANA_KEY_DIR is a single directory containing every keypair FileKeyProvider reads: default.*.pem (authorization signing/verification) and gateway.*.pem (gateway attestation, see Gateway attestation). They are deliberately separate keys in the same directory, not one key used for two purposes. PARMANA_GATEWAY_KEY_ID lets you point the gateway at a differently-named key pair (for example during rotation, run both gateway and gateway-v2 side by side, then flip the env var) without touching default.*.pem at all.

Running it

PARMANA_STORAGE=memory \
  PARMANA_POLICY_DIR=/absolute/path/to/policies \
  VENDOR_PAYMENT_TOKEN=quickstart-demo-token \
  npm run dev
Generate the gateway keypair first if you haven’t, npm run generate:gateway-keys, see Quickstart step 2. Without it, the server refuses to start: the gateway is wired unconditionally (see The gateway), there is no code path that skips needing this key.

What this deployment does not give you

  • No authentication. Every route is open.
  • No KMS/HSM. Your private keys, both default.private.pem and gateway.private.pem, are files on disk, exactly the exposure that produced the incident noted on Security.
  • Single process, single instance. No shared NonceStore across replicas, no HA. A fleet of these processes would each accept the same authorization once, not once fleet-wide (CLAIMS.md 3.2).
  • Only one connector registered. vendor-payment, a reference mock. See The gateway for what adding another requires today.

Node version

Root package.json requires Node ≥ 22. ML-DSA-65 (post-quantum signing) specifically requires Node ≥ 24 for native node:crypto support (CLAIMS.md 2.14).