> ## Documentation Index
> Fetch the complete documentation index at: https://docs.parmanasystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Welcome

> Parmana is Execution Trust Infrastructure: AI proposes an action, Parmana authorizes it, your systems execute it.

<Info>
  **Last verified against commit `651497a`, 2026-07-12**, including a live local run. Every
  `[AVAILABLE]` claim on this site cites the source file or test that proves it. See
  [Contributing](/contributing) for the rule this site follows.
</Info>

## What Parmana is

Increasingly, the system proposing a business action, a payment, a database change, a
production deployment, is an AI agent rather than a person clicking a button. Parmana doesn't
care whether the proposer is a human, a script, or an LLM agent: it treats every caller
identically. What it cares about is what happens next.

Think of how a card network authorizes a purchase. Visa doesn't stock the shelves or move the
money itself. It decides, quickly and cryptographically, whether the transaction is allowed,
then hands the merchant's bank a signed authorization to act on. **Parmana plays that role for
automated business actions.** An agent proposes an action. Parmana's policy engine decides,
deterministically, whether it's allowed. If approved, Parmana issues a signed, single-use,
time-bounded authorization. Your own systems, through a Connector, are what actually execute
it. Parmana never touches your systems directly, the same way a card network never touches
the goods on the shelf.

## The trust chain, at a glance

```
Caller (AI agent, script, or person)
     │  proposes a Business Transaction
     ▼
Policy Engine  ──deterministic decision──►  APPROVED or REJECTED
     │  (no matching rule denies by default: fail closed)
     ▼  if APPROVED
Signed Execution Authorization  (single-use, time-bounded, content-bound)
     │
     ▼
Execution Gateway  ──independently re-verifies the signed envelope──►
     │
     ├─►  Session Credential Vault  (issues a scoped, single-use credential)
     ▼
Connector  (your system: an HTTP call, or a reference mock today)
     │
     ▼
Execution Trust Record  (signed, independently verifiable)
```

Every stage in that chain is real, tested code, not a diagram of intent. The default local
server (`packages/api/src/server.ts`) wires the Execution Gateway unconditionally: there is no
code path where a request skips it. See [How Parmana thinks](/how-parmana-thinks) for what
each stage guarantees and why.

## Status tags used throughout this site

<CardGroup cols={3}>
  <Card title="[AVAILABLE]" icon="circle-check">
    Built and tested in this repo today. Cites the source file(s) and/or test(s) that prove it.
  </Card>

  <Card title="[PARTIAL]" icon="circle-half-stroke">
    Exists, but incomplete. States exactly what works and what doesn't.
  </Card>

  <Card title="[ROADMAP]" icon="signpost">
    Designed, not yet built. Says so in the first sentence, never documented as if it ships.
  </Card>
</CardGroup>

A page or section with no tag is a bug in this site, [file it as such](/contributing).

## Where to go next

<CardGroup cols={2}>
  <Card title="Quickstart" icon="rocket" href="/quickstart">
    Install to first authorized execution in under 10 minutes, using the in-memory server.
  </Card>

  <Card title="How Parmana thinks" icon="brain" href="/how-parmana-thinks">
    The concepts behind the diagram above: policy, authorization, the gateway, trust records.
  </Card>

  <Card title="Architecture" icon="sitemap" href="/architecture/overview">
    Every package, what it actually does, and its current status.
  </Card>

  <Card title="Roadmap" icon="map" href="/roadmap">
    What's designed but not yet built, stated plainly: KMS custody, real enterprise connectors, more.
  </Card>
</CardGroup>
