[AVAILABLE] for credential isolation, wired into the default server. [PARTIAL] for the separate
ExecutionPermit model described below, real and tested, not reachable from packages/api or packages/runtime today.Purpose
Authenticates a calling gateway, issues single-use session credentials, and routes a verified release to a connector, auditing every step. See Credential isolation and Gateway attestation for the concepts.Install
Key exports: the wired credential-isolation path
| Export | Stability |
|---|---|
ExecutionControlService | [AVAILABLE]. Authenticates a gateway, opens a session, routes to a connector, audits each step. |
SessionCredentialExecutionControl | [AVAILABLE]. Wraps ExecutionControlService so no session can be created without a valid, request-bound gateway attestation. |
GatewayAttestationSigner / GatewayAttestation | [AVAILABLE]. See Gateway attestation. |
SignedTokenConnectorAuthenticator | [AVAILABLE]. Verifies a GatewayAttestation’s signature and that it’s bound to the request’s authorizationId. |
SessionCredentialVault, InMemorySessionCredentialVault | [AVAILABLE]. Single-use, time-bounded credential leases. See Issue and verify session credentials. |
SessionCredentialSecureConnector | [AVAILABLE]. Wraps a raw executor so it only runs after policy, attestation, and session checks all pass. |
Clock, SystemClock, IdGenerator, RandomIdGenerator | [AVAILABLE]. See Determinism and clocks for their real, narrow scope. |
MemoryExecutionAuditSink | [AVAILABLE]. In-memory only, records session.created / execution.completed / execution.rejected events. |
ConnectorRegistry, ConnectorAuthenticator, CredentialVault, GatewaySessionStore, ConnectorPolicy, SecureConnector (interfaces) | [AVAILABLE]. The seams @parmana/connector-sdk implements. |
A second, separate model in this package: ExecutionPermit
Minimal example
Next
Issue and verify session credentials
Issue, consume, expire, reuse-reject, and revoke, run live.
@parmana/receipt
The other half of the unwired
ExecutionPermit path.