Skip to main content
[AVAILABLE], all 60 run in CI on every change via npm run examples (two are excluded from the unattended batch and run individually, noted below). See Detect tampering and Choose a signature provider for guides built directly on several of these.
Run any of them directly: node_modules/.bin/tsx examples/tutorials/<NN-name>/run.ts.

Fundamentals (01-24)

#NameDemonstrates
01Hello WorldConstructing a BusinessTransaction, no execution yet
02Policy EvaluationPolicyEngine.evaluate() in isolation
03Runtime ExecutionFirst full RuntimeFactory execution, using the DefaultExecutionSystem placeholder
04Policy RouterResolving a PolicyReference to a loaded policy
05VerificationFresh verification appended to a trust record’s history
06Replay@parmana/replay’s real, scoped policy re-evaluation, see Replay
07Receipt GenerationThe real, wired Receipt (via @parmana/crypto’s ReceiptCrypto), not @parmana/receipt’s separate model
08Human ApprovalAn Authority / Authorization / Intent chain without executing
09REST APIPOST /transactions over HTTP, excluded from the unattended batch, needs a live server, see Endpoints
10End-to-EndExecute, verify, and receipt in one run, still via DefaultExecutionSystem
11Execution AuthorizationThe SignedExecutionAuthorization envelope itself, printed directly, see Authorize and execute end to end
12Envelope VerificationEnvelopeVerifier’s per-check breakdown on a valid envelope
13Post-Quantum Signaturesconfig.crypto.primarySignatureProvider read and printed
14Custom PolicyWriting and evaluating a policy outside the shipped vendor-payment one, see Write your first policy
15Custom Runtime ComponentExtending RuntimePipeline with a custom RuntimeComponent
16Runtime PipelineThe pipeline’s stage composition, inspected directly
17Multi-Policy RoutingRouting different transactions to different policies
18Runtime HooksRuntimeHook / RuntimeHookRunner lifecycle callbacks
19Runtime CompositionAssembling a Runtime from individual components
20Batch ExecutionMultiple transactions through one runtime instance
21Partial Failure HandlingOne transaction in a batch failing without stopping the rest
22Idempotent ExecutionResubmitting the same businessTransactionId
23Production DeploymentConfiguration shape for a non-local deployment
24SDK Integration PatternsCommon client-side call patterns

Execution authorization and envelope (25-34)

#NameDemonstrates
25Execution Permit GenerationThe @parmana/execution-control ExecutionPermit model, see @parmana/receipt for its real, separate scope
26Execution Authorization VerificationAuthorizationVerifier checking a signature independent of the fuller envelope flow
27Authorization ExpirationAn expired expiresAt rejected by EnvelopeVerifier
28Envelope Replay DetectionA reused nonce rejected on the second check
29Authorization TamperingA mutated payload failing signature verification, per-check breakdown, see Detect tampering
30Policy Version PinningAn authorization bound to one exact policyVersion
31Authorization BindingauthorizationId binding an authorization to one decision
32Execution PipelineThe stages between decision and release, inspected directly
33Execution BoundaryWhere policy evaluation ends and release begins
34Execution GatewayExecutionGateway constructed and exercised directly, see The gateway

Gateway hardening: mutate, verify, watch it fail (35-46)

The same pattern each time: generate something valid, mutate exactly one thing, re-verify, confirm rejection. See Detect tampering for three of these run live with real output.
#NameWhat’s mutated
35Replay AttackThe same authorization submitted twice
36Parameter TamperingA parameter inside the executable content
37Action SubstitutionThe action field
38Target SubstitutionThe target field
39Policy SubstitutionThe referenced policy
40Signature ForgeryThe signature itself, signed by a different key
41Expired AuthorizationThe clock, past expiresAt
42Nonce ReuseThe nonce, submitted a second time
43Stolen AuthorizationA valid envelope replayed by a different party
44Direct API BypassAttempting to skip the gateway entirely
45Connector BypassAttempting to reach a connector without a valid session
46TOCTOU ProtectionThe full check-vs-use gap, end to end

Cryptography (47-52)

#NameDemonstrates
47Canonical JSONCanonicalSerializer’s key-sorted, deterministic output
48Deterministic HashingThe same content hashing identically every time
49Detached SignaturesSigning content without embedding it in the signature artifact
50Ed25519Default signature provider, sign and verify, see Choose a signature provider
51Dilithium3ML-DSA-65 (post-quantum), signing with the pq key, same guide
52Hybrid SignaturesBoth algorithms signing the same artifact at once, same guide

Execution Permit and Receipt: a separate, unwired path (53-56)

None of these four reach packages/api or packages/runtime. They exercise @parmana/execution-control’s ExecutionPermit and @parmana/receipt’s ExecutionReceipt, real and tested, disconnected from the default server. See @parmana/receipt for the precise scope note.
#NameDemonstrates
53Execution PermitBuilding an ExecutionPermit with ExecutionPermitBuilder
54Execution ReceiptExecutionReceiptBuilder.build(permit, trustRecord)
55Execution Receipt VerificationExecutionReceiptVerifier.verify(), a structural check, not cryptographic
56Complete Execution FlowPermit through receipt through verification, one run

Credential isolation (57-60)

#NameDemonstrates
57Credential IsolationThe concept end to end, at the library level
58Session CredentialsIssue, consume, expire, reuse-reject, revoke, see Issue and verify session credentials
59Secure ConnectorsGateway attestation plus a SessionCredentialSecureConnector, including a spoofed-attestation rejection
60End-to-End Enterprise ExecutionThe full credential-isolated path, one run

Scenarios

Three production-shaped scenarios also live in examples/scenarios/, run in the same CI batch: vendor-payment, expense-approval, purchase-order.

Next

Detect tampering

Three of the tutorials above, run live with real output.

Trust and Claims

How every claim on this site, including every line above, maps back to code and tests.