[AVAILABLE], this is what actually runs. Cloud/KMS/multi-instance/HA deployment is [ROADMAP], see Roadmap.
What runs today
One Express process (packages/api/src/server.ts), single instance, no load balancer or
orchestration assumed. Signing keys are local PEM files read by FileKeyProvider. Storage
is either fully in-process (memory, non-persistent) or Supabase.
Configuration
Real.env keys (from this repo, values redacted):
PARMANA_KEY_DIR is a single directory containing every keypair FileKeyProvider reads:
default.*.pem (authorization signing/verification) and gateway.*.pem (gateway
attestation, see Gateway attestation). They are
deliberately separate keys in the same directory, not one key used for two purposes.
PARMANA_GATEWAY_KEY_ID lets you point the gateway at a differently-named key pair (for
example during rotation, run both gateway and gateway-v2 side by side, then flip the
env var) without touching default.*.pem at all.
Running it
npm run generate:gateway-keys, see
Quickstart step 2. Without it, the server refuses to start: the gateway is
wired unconditionally (see The gateway), there is no code path that
skips needing this key.
What this deployment does not give you
- No authentication. Every route is open.
- No KMS/HSM. Your private keys, both
default.private.pemandgateway.private.pem, are files on disk, exactly the exposure that produced the incident noted on Security. - Single process, single instance. No shared
NonceStoreacross replicas, no HA. A fleet of these processes would each accept the same authorization once, not once fleet-wide (CLAIMS.md 3.2). - Only one connector registered.
vendor-payment, a reference mock. See The gateway for what adding another requires today.
Node version
Rootpackage.json requires Node ≥ 22. ML-DSA-65 (post-quantum signing) specifically
requires Node ≥ 24 for native node:crypto support (CLAIMS.md 2.14).