Skip to main content
Within a scope that’s now the default, yes, see Content Binding & TOCTOU and The gateway. As of commit 651497a, the default local server wires the Execution Gateway unconditionally, every POST /execute gets independent content-binding re-verification, and the one registered connector runs behind credential isolation, so the calling AI never holds that connector’s credential. What’s still scoped: only one connector is registered by default, adding another today is a bootstrap code change, and Parmana enforces nothing at the network level, this is a property of a gateway-integrated system, not a network guarantee. That’s the explicit subject of the Roadmap’s three “unavoidability” moves.
Today it’s a PEM file on disk, read by FileKeyProvider, the only implemented key provider. There’s a live incident on record: an earlier committed key was publicly exposed and is permanently compromised (rotated 2026-07-05). KMS/HSM custody is designed but not built, see Cryptography and Roadmap.
Python, without much hesitation right now. It’s [AVAILABLE]: real tests, structured errors that actually raise, generated models with a drift guard. The TypeScript SDK is [PARTIAL], real client code, but its test suite is currently empty and its HTTP transport doesn’t raise on 4xx/5xx. See Python SDK and TypeScript SDK.
Not via an SDK, none exists. Call the REST API directly; it’s 14 small, documented routes. See Other Languages.
Yes, ML-DSA-65 (FIPS 204), selectable via PRIMARY_SIGNATURE_PROVIDER=dilithium3, real and tested. Requires Node ≥ 24. Its signatures are randomized, not deterministic, don’t build tooling that assumes otherwise. See Cryptography.
Two different things share the name, and neither is what you might assume. See Replay, this is worth reading in full before relying on either.
Not anymore, under that name. An early prototype used it; it was deleted the same session it was replaced by the current SignedExecutionAuthorization + Execution Gateway architecture, which is what actually ships. See Glossary.
No. No auth middleware exists on any route today. See Security.