Skip to main content
[AVAILABLE]. packages/envelope-verifier. Zero third-party runtime dependencies, only @parmana/shared and @parmana/crypto.

Purpose

Lets a receiving system verify a signed execution authorization without trusting Parmana’s runtime process or database, only Parmana’s public key and the envelope itself. This is what The gateway composes and adds exactly one more check to (businessTransactionHash).

Install

npm install @parmana/envelope-verifier

Key exports

ExportStability
EnvelopeVerifier[AVAILABLE]. new EnvelopeVerifier({ publicKey, nonceStore }), .verify(authorization): Promise<VerificationResult>. Checks version, signature, expiry, TTL policy, and nonce, in that order, side-effect-free checks first. Does not check businessTransactionHash, that’s the gateway’s job.
NonceStore (interface)[AVAILABLE]. { hasSeen(nonce), markSeen(nonce) }.
MemoryNonceStore[AVAILABLE]. The only implementation shipped. Scoped to one process, loses state on restart, multiple independent instances each accept the same nonce once (CLAIMS.md 3.2).
requireParmanaAuthorization(verifier)[AVAILABLE]. Express middleware, @parmana/envelope-verifier/express entry point (kept separate so consumers who don’t use Express never pull in Express types). Reads req.body.authorization, verifies it, calls next() or responds 401/403.

VerificationResult shape

interface VerificationResult {
  readonly valid: boolean;
  readonly checks: {
    readonly versionSupported: boolean;
    readonly signatureVerified: boolean;
    readonly notExpired: boolean;
    readonly ttlWithinPolicy: boolean;
    readonly nonceUnseen: boolean;
  };
}
Each check is reported independently, a caller can distinguish “forged” from “expired” rather than getting one opaque false, verified live in Detect tampering.

Minimal example

import { EnvelopeVerifier, MemoryNonceStore } from "@parmana/envelope-verifier";

const verifier = new EnvelopeVerifier({ publicKey, nonceStore: new MemoryNonceStore() });
const result = await verifier.verify(authorization);
// result.checks.signatureVerified === false if forged, distinct from result.checks.notExpired

Next

Detect tampering

A forged signature and a reused nonce, both caught, run live.

@parmana/execution-gateway

What composes this package and adds the content-hash check.