Skip to main content
TermMeaningSource
PolicyA named, versioned, ordered list of rules; first match wins, no match rejectsPolicies and the decision
Fail-closedThe absence of a matching rule, a missing connector, or a failed check always denies, there is no default-allow path anywhere in this systemPolicies and the decision
AuthorityThe entity empowered to authorize execution within a trust domainpackages/shared/src/domain/authority.ts
AuthorizationA grant, from an Authority, for a specific business purposepackages/shared/src/domain/authorization.ts
IntentThe specific action + target + parameters an Authority intends to executepackages/shared/src/domain/intent.ts
Business TransactionThe immutable input to policy evaluation, combining Authority + Authorization + Intent + a Policy referencepackages/shared/src/domain/business-transaction.ts
DecisionThe immutable result of evaluating an Intent against a Policy, APPROVED or REJECTEDpackages/shared/src/domain/decision.ts
ExecutionWhat actually happened after a Decision, status, mode, evidencepackages/shared/src/domain/execution.ts
Execution Trust RecordThe canonical, append-only, signed aggregate of a Business Transaction’s complete historyExecution trust records
Signed Execution AuthorizationThe v1 envelope: a signed, content-bound, single-use, time-bounded proof that Parmana authorized one specific executionExecution authorization
Execution PermitTwo different things share this name. An earlier prototype (packages/shared/src/domain/execution-permit.ts, added and deleted the same day) is gone, do not treat old references to it as shipped behavior. A separate, currently real ExecutionPermit exists in @parmana/execution-control, consumed only by @parmana/receipt and tutorials 53-56, disconnected from packages/runtime and packages/api.@parmana/execution-control
businessTransactionHashThe canonical content hash bound into a Signed Execution Authorization’s payload, the mechanism that closes the check-vs-use (TOCTOU) gapContent Binding & TOCTOU
Execution GatewayThe sole boundary that recomputes businessTransactionHash and releases verified content to a Connector. Wired into the default server unconditionally as of commit 651497aThe gateway
Gateway AttestationA request-bound signature proving the gateway itself, not just Parmana’s policy engine, released one specific requestGateway attestation
ConnectorAn interface for an enterprise execution system (SAP, a bank’s payment rail, etc.) integrated behind the Gateway. HttpConnector and MockConnector are reference implementations; four enterprise-named connectors exist as explicit mocks. Only vendor-payment (a MockConnector) is registered in the default server.packages/execution-gateway/src/Connector.ts
Execution ControlGateway-authenticated, session-scoped credential isolation for connectors. Real, tested, and wired into the default server for the one registered connector; not yet a general-purpose claim for arbitrary connectorsCredential isolation
Session CredentialA single-use, time-bounded credential lease issued only after gateway attestation succeeds, consumed exactly once by a connectorCredential isolation
Credential ProviderResolves a connector’s credential from a source (environment variable, static map); never returns a raw value a caller upstream can seeCredential isolation
Connector EvidenceWhat a connector’s execution leaves on the trust record: connector ID, version, capability, sanitized endpoint, a connectorEvidenceHash, never the credential itselfExecution trust records
NonceA single-use value inside an authorization payload; a receiving system must reject a repeatExecution authorization
VerificationThe 3-check process (integrity, signature, authorization binding) confirming an Execution Trust Record’s validityVerification
ReplayTwo unconnected things share this name: a signature recheck (POST /replay) and a disconnected engine (packages/replay) that genuinely re-evaluates the recorded policy decision, scoped to one execution, not reachable from the API.Replay
ReceiptA signed, independently-verifiable attestation of an Execution Trust Record’s statepackages/shared/src/domain/receipt.ts
TOCTOUTime-Of-Check-To-Time-Of-Use, the gap between what was authorized and what was actually executedContent Binding & TOCTOU
TTLTime-to-live; the bounded window an authorization is valid for, capped to limit exposure from other gaps (e.g. an unshared NonceStore)CLAIMS.md 3.2