PEAC Protocol Documentation

Everything you need to issue, verify, and manage cryptographically signed interaction records for AI agents and automated systems.

---

By interaction type

PEAC standardizes portable signed records for six interaction surfaces. Pick the one that matches your integration.

API call

HTTP APIs and REST services. Express middleware, @peac/protocol, PEAC-Receipt response header.

MCP tool run

Model Context Protocol tool invocations. 5-tool MCP server, buildMcpCarrier, @peac/mappings-mcp.

Agent action

A2A handoffs, CLI executions, lifecycle approvals, workflow transitions, and runtime governance records.

Gateway decision

Gateway export records covering x402 payment-settlement state machine. org.peacprotocol/gateway-export (v0.14.3+).

Payment event

x402, Stripe SPT, ACP, paymentauth, and UCP commerce evidence. Explicit finality semantics required.

Provisioning event

API key issuance, secret rotation, OAuth client registration, certificate provisioning. org.peacprotocol/provisioning-lifecycle (v0.14.2+).

---

Start here

Pick the path that matches what you are building.

I run an API or HTTP service

Issue signed records proving what happened during API interactions. Express middleware, API Provider Quickstart.

I want to verify a record

Verify a record offline with just a public key. Agent Operator Quickstart.

I run an MCP server

Add record operations to your MCP server or attach signed records to tool responses. 5 tools, zero config.

I build A2A agents

Carry signed records across Agent-to-Agent Protocol flows. A2A v1.0 compatible.

For installation details, see Installation. For the full code walkthrough, see Reference Quickstart.

---

Core concepts

Learn the fundamentals of the PEAC Protocol.

Receipts

Signed JWS tokens with Ed25519 signatures. The core proof artifact.

Policy (peac.txt)

Machine-readable terms at /.well-known/peac.txt. Discoverable by agents.

Verification

Offline, deterministic. Zero network calls to the issuer.

Evidence bundles

Portable peac-bundle/0.1 archives for audits, disputes, and incident review.

Protocol Scope

Access, Attribution, Commerce, Consent, Compliance, Privacy, Provenance, Safety, Identity, Purpose.

Wire format

interaction-record+jwt (Interaction Record format, stable). Legacy: peac-receipt/0.1 (frozen). Ed25519 + compact JWS.

---

Guides

Step-by-step integration guides for common use cases.

Express middleware

Add automatic record issuance to Express.js. One middleware, every response gets a signed PEAC-Receipt header.

MCP server

5 MCP tools: verify, inspect, decode, issue, bundle. AI agents verify records natively.

CLI execution records

Issue signed records for CLI commands and CI pipelines. peac observe command, peac record command, peac emit lifecycle.

Payment rails

MPP / paymentauth, x402, Stripe, Razorpay, and card networks. Commerce evidence across multiple rails.

Runtime governance records

Policy evaluation, safety check, and compliance gate observation records. AGT and AAIF compatible.

Provisioning lifecycle records

Credential issuance, secret rotation, and service authorization evidence. Observer scope, opaque refs required.

---

Architecture

Package layering

7-layer dependency model. Dependencies flow down only.

Kernel-first design

JSON specs drive implementation. Codegen, not convention.

Error codes

13 categories, RFC 9457 format. Every failure is structured.

---

Quick links

Resource	Description
GitHub	Source code, issues, discussions
npm @peac	36 published packages
Specification	Full protocol specification
Releases	Version history and changelogs
Adapters	All adapters and integrations