Portable signed proof for agent, API, and MCP interactions
Publish machine-readable terms, return signed interaction records, and verify them offline.
Website · Spec Index · Discussions · Releases
PEAC is an open standard for publishing machine-readable terms, returning signed interaction records, and verifying them offline. It is the evidence layer: portable proof across organizational boundaries, without replacing auth, payment rails, or observability.
For API providers, MCP tool hosts, agent operators, platforms, and auditors who need proof that crosses boundaries.
1. Publish terms at /.well-known/peac.txt
2. Return PEAC-Receipt with signed proof
3. Verify offline with the issuer's public key
What a governed HTTP response looks like:
HTTP/1.1 200 OK
PEAC-Receipt: eyJhbGciOiJFZERTQSIsInR5cCI6ImludGVyYWN0aW9uLXJlY29yZCtqd3QifQ...
Link: </.well-known/peac-issuer.json>; rel="issuer"
Requirements: Node 24 (tested); Node 22+ (compatible)
pnpm add @peac/protocol @peac/cryptoimport { verifyLocal } from '@peac/protocol';
const receipt = response.headers.get('PEAC-Receipt');
const result = await verifyLocal(receipt, publicKey, {
issuer: 'https://api.example.com',
});
if (result.valid) {
console.log(result.claims.iss, result.claims.kind, result.claims.type);
}Or from the CLI:
peac verify 'eyJhbGciOiJFZERTQSIsInR5cCI6ImludGVyYWN0aW9uLXJlY29yZCtqd3QifQ...'import { generateKeypair } from '@peac/crypto';
import { issue } from '@peac/protocol';
const { privateKey, publicKey } = await generateKeypair();
const { jws } = await issue({
iss: 'https://api.example.com',
kind: 'evidence',
type: 'org.peacprotocol/access-decision',
pillars: ['access'],
extensions: {
'org.peacprotocol/access': {
resource: 'https://api.example.com/inference/v1',
action: 'execute',
decision: 'allow',
},
},
privateKey,
kid: 'key-2026-03',
});
// Return jws in the PEAC-Receipt headerpnpm install && pnpm build
pnpm --filter @peac/example-wire-02-minimal demoSee examples/wire-02-minimal/ for the full source. For HTTP/REST, Express middleware, and Go examples, see docs/README_LONG.md.
PEAC is most useful where logs are not enough: payments, cross-boundary verification, audit, dispute review, and multi-agent workflows.
- Agentic commerce and payments: Prove what was offered, challenged, paid, or settled across x402 and machine-to-machine commerce flows. See x402 Integration Kit.
- Audit and dispute review: Keep signed evidence that survives organizational boundaries, not just local logs. See Governance Mappings.
- MCP tools and APIs: Verify, issue, and carry signed receipts for tool calls, API responses, and automated actions. See MCP Integration Kit.
- Agent-to-agent workflows: Carry verifiable receipts across A2A task/state transitions and multi-agent chains. See A2A Integration Kit.
Full decision tree with quickstarts and integration kits
- I run an API: API Provider Quickstart (5 minutes, Express middleware)
- I run an MCP server: MCP Integration Kit or
npx -y @peac/mcp-server - I want to verify a receipt: Agent Operator Quickstart (5 minutes)
- I build A2A agents: A2A Integration Kit
- Build in Go: Go SDK
| Existing system | What PEAC adds |
|---|---|
| Logs | Portable proof that survives organizational boundaries |
| OpenTelemetry | Signed evidence that correlates to traces |
| MCP / A2A | Proof carried alongside tool calls and agent exchanges |
| AP2 / ACP (Agentic Commerce) / UCP | Proof of terms and outcomes |
| x402 | Settlement proof mapping with offline verification |
| Payment rails | Settlement references made verifiable offline |
What changes in your stack: keep auth, keep payments, keep observability. Add /.well-known/peac.txt and return PEAC-Receipt on governed responses.
| Artifact | Description |
|---|---|
/.well-known/peac.txt |
Machine-readable terms |
PEAC-Receipt |
Signed interaction proof in headers or transport metadata |
verifyLocal() |
Local verification once keys are available |
peac-bundle/0.1 |
Portable audit/dispute package |
Install:
pnpm add @peac/clior run from this repo:pnpm --filter @peac/cli exec peac --help.
peac verify 'eyJhbGc...' # Verify a receipt
peac conformance run # Run conformance tests
peac reconcile a.bundle b.bundle # Merge and diff evidence bundles
peac policy init # Create peac-policy.yaml
peac policy validate policy.yaml # Validate policy syntax
peac policy generate policy.yaml # Compile to deployment artifactsSee packages/cli/README.md for the full command reference.
- Current stable: Interaction Record format (
interaction-record+jwt, v0.12.2+) - Legacy: Wire 0.1 (
peac-receipt/0.1) is frozen;verifyLocal()returnsE_UNSUPPORTED_WIRE_VERSION
See docs/specs/VERSIONING.md for the full versioning doctrine.
- JWS signature verification required before trusting any receipt claim
- Key discovery via
/.well-known/peac-issuer.jsonJWKS with SSRF guards - Kernel constraints enforced at issuance and verification (fail-closed)
- No silent network fallback for offline verification
- Errors mapped to RFC 9457 Problem Details
See SECURITY.md and docs/specs/PROTOCOL-BEHAVIOR.md.
| Document | Purpose |
|---|---|
| Spec Index | Normative specifications |
| Interaction Record Spec | Receipt envelope, kinds, extensions |
| Architecture | Kernel-first design |
| Kernel Constraints | Structural limits enforced at issue and verify |
| Policy Kit Quickstart | Policy authoring guide |
| Profiles | Integration profiles (Stripe x402, etc.) |
| Developer Guide | Package catalog, integration examples, layer maps |
- TypeScript (this repo): issuance, verification, CLI, middleware
- Go: sdks/go/ issuance and verification
- MCP: MCP server evidence emission and verification tools
- A2A: A2A carrier mapping metadata carrier mapping
- Express: Express middleware receipt middleware
- x402: x402 adapter payment evidence adapter
Building an implementation? Open an issue.
Contributions are welcome. For substantial changes, please open an issue first. See docs/SPEC_INDEX.md for normative specifications and docs/CI_BEHAVIOR.md for CI guidelines.
Apache-2.0. See LICENSE. Stewardship: Originary and the open source community.
Source: github.com/peacprotocol/peac | Website: peacprotocol.org | Discussions: GitHub Discussions