Skip to main content
[PARTIAL], and more precisely split than the name suggests. There are two unconnected things called “replay” in the current codebase. Conflating them would overclaim what either one does.

1. POST /replay (what the SDKs and HTTP API expose)

This is what client.replay.replay(transaction_id) actually calls. Its real implementation, ExecutionTrustApplication.replay() (packages/runtime/src/ExecutionTrustApplication.ts:142-171):
async replay(businessTransactionId: string): Promise<{
  businessTransactionId: string;
  trustRecordHash: string;
  verified: boolean;
}> {
  const trustRecord = await this.trustRecords.findByTransactionId(businessTransactionId);
  if (!trustRecord) throw new Error("Execution Trust Record not found.");
  const verified = await this.crypto.verify(trustRecord);
  return { businessTransactionId, trustRecordHash: trustRecord.trustRecordHash, verified };
}
This re-verifies the Trust Record’s cryptographic signature, it does not reconstruct or re-execute anything. [AVAILABLE], but narrower than “replay” implies: it’s a signature recheck with a replay-shaped response, not deterministic execution reconstruction.

2. packages/replay (the deterministic reconstruction engine)

A separate, real package: ReplayEngine, ReplayPipeline, ReplayExecutor, ReplayBuilder, proven deterministic regardless of input order (ReplayDeterminism.test.ts, “should produce identical output regardless of input order”; ReplayEngine.test.ts; 9 tests total). This corrects a previous version of this page: ReplayEngine.replay() genuinely re-evaluates the original policy against the recorded signals, using a real PolicyEngine, not just a signature or hash recheck:
// packages/replay/src/ReplayEngine.ts:38-62 (abridged, real source)
const policyDecision = this.policyEngine.evaluate(policy, signals);
const replayedDecision = { ...recordedDecision, outcome: policyDecision.outcome, ... };
const matches = recordedDecision.outcome === replayedDecision.outcome;
Verified live, examples/tutorials/06-replay/run.ts: it prints a Recorded Decision and a Replayed Decision and reports Replay Match: true when they agree. This is real semantic re-evaluation, scoped to one execution’s decision outcome, not the fuller claim below.
Still confirmed disconnected: nothing in packages/api or packages/runtime imports @parmana/replay. This engine is not reachable through POST /replay or any other route today, and it only handles trustRecord.executions[0], one execution, not the whole record. It’s real, tested, standalone library code, not yet wired into the runtime or the HTTP surface.

What CLAIMS.md’s “semantic verification” Future Claim still withholds

CLAIMS.md §4 lists “Replay semantically verifies every trust artifact” as a Future Claim, not a Supported one. That claim is broader than what ReplayEngine does today: “every trust artifact” implies re-evaluating every execution across a record and every artifact type, not one execution’s decision outcome. ReplayEngine’s real, narrower behavior above doesn’t contradict CLAIMS.md, it’s evidence toward a scoped piece of that future claim, not the whole of it. See Roadmap.