PEAC
v0.15.2Package availableRecord category

MCP Tool Run Records

Record evidence for Model Context Protocol tool invocations. When an agent calls a tool, PEAC can issue a signed record proving what was invoked, with what parameters (or a digest of them), and what the outcome was. Records ride along in the tool response through _meta and verify offline.

Packages: @peac/mcp-server, @peac/mappings-mcp

MCP server (5 built-in tools)

Install the PEAC MCP server for Claude Desktop, Cursor, VS Code, or any MCP client. It exposes five tools for record operations.

npm install -g @peac/mcp-server
  • peac_verify Verify a record offline given a JWS and public key
  • peac_inspect Decode and inspect a record's claims
  • peac_decode Decode without signature verification
  • peac_issue Issue a new signed record (requires a signing key)
  • peac_create_bundle Bundle multiple records into a portable archive

Carry records in tool responses

Use @peac/mappings-mcp to attach a record to an MCP tool response through _meta. The carrier embeds org.peacprotocol/receipt_ref and org.peacprotocol/receipt_jws, with an 8 KB embed limit.

tool-response.tsTypeScript
import { attachReceiptToMeta, computeReceiptRef } from '@peac/mappings-mcp';
import { issue } from '@peac/protocol';

const record = await issue({ iss, sub, typ: 'access' }, privateKey);
const meta = await attachReceiptToMeta({}, record, computeReceiptRef(record));

return {
  content: [{ type: 'text', text: result }],
  _meta: meta,
};

Verify on the consuming side

A client reading the tool response extracts the record from _meta with extractReceiptFromMetaAsync, then verifies it offline with the issuer's public key. The receipt_ref is checked as sha256(receipt_jws) at extraction.

read-tool-response.tsTypeScript
import { extractReceiptFromMetaAsync } from '@peac/mappings-mcp';
import { verifyLocal } from '@peac/protocol';

const jws = await extractReceiptFromMetaAsync(response._meta);
if (jws) {
  const result = await verifyLocal(jws, publicKey);
  // result.valid, result.claims.iss, result.claims.type
}

Semantic Boundary

PEAC records evidence about tool invocations and carries it across the boundary. It does not execute tools, host an MCP server runtime on your behalf, or replace the Model Context Protocol. An MCP tool run record proves what the issuer attested about a tool call, not more.

Links

MCP Integration
Carrier and mapping details
MCP Server
Five tools for record ops
Example
examples/mcp-tool-call

Portable Tool-Call Evidence

A signed tool-run record travels with the response and verifies offline. The same record format flows across MCP, A2A, ACP, x402, and HTTP.

MCP ServerAll Record CategoriesDocs
Back to Record Categories