Package Layering
PEAC Protocol enforces a strict layering model across its packages. Dependencies flow downward only -- a package may only import from packages in layers below it. This rule is enforced by dep-cruiser in CI.
Layer diagram
Layer 5 @peac/server | @peac/cli | @peac/mcp-server Applications
---------------------------------------------------------------
Layer 4 @peac/rails-* | @peac/mappings-* | @peac/adapter-*
@peac/capture-core | @peac/capture-node Adapters
---------------------------------------------------------------
Layer 3.5 @peac/middleware-core | @peac/middleware-express Middleware
---------------------------------------------------------------
Layer 3 @peac/protocol | @peac/control High-level APIs
---------------------------------------------------------------
Layer 2 @peac/crypto Signing
---------------------------------------------------------------
Layer 1 @peac/schema Validation
---------------------------------------------------------------
Layer 0 @peac/kernel Foundation
Layer descriptions
Layer 0 -- Kernel
Package: @peac/kernel
Dependencies: None (zero external dependencies)
- TypeScript type definitions for the entire protocol
- Constants -- error codes, status values, wire format identifiers
- Registry data -- attestation types, extension keys
- Generated from normative JSON specifications in
specs/kernel/
Layer 1 -- Schema
Package: @peac/schema
Dependencies: @peac/kernel, zod
- Zod schemas for receipts, policies, and extensions
- Runtime validation functions
- Schema-derived TypeScript types
Layer 2 -- Crypto
Package: @peac/crypto
Dependencies: @peac/schema, @noble/ed25519 v3
- Ed25519 signing (
signAsync) and verification (verifyAsync) - Key generation (
generateSigningKey,getPublicKeyAsync) - JWKS management and key resolution
- Pure JavaScript -- no native modules required
Layer 3 -- Protocol and Control
Package: @peac/protocol
Dependencies: @peac/crypto, @peac/schema
issue()-- Interaction Record format receipt issuanceverifyLocal()-- offline receipt verification (auto-detects wire version)createEvidenceBundle()-- ZIP bundle creation (peac-bundle/0.1)- Receipt decoding, inspection, and claim extraction
Package: @peac/control
Dependencies: @peac/schema
- Policy parsing and evaluation
- Purpose-based access control
- Access control rule engine
Layer 3.5 -- Middleware
Package: @peac/middleware-core
Framework-agnostic middleware logic for receipt issuance and verification.
Package: @peac/middleware-express
Express.js adapter that wraps middleware-core.
Layer 4 -- Adapters
Rail adapters, protocol mappings, and platform adapters. All vendor-specific code lives here.
Payment rails:
| Package | Description |
|---|---|
@peac/adapter-x402 | HTTP 402 payment-required evidence (x402 v1 and v2 dual-header) |
@peac/rails-x402 | x402 payment receipt issuance |
@peac/rails-stripe | Stripe PaymentIntent and SPT delegation grants |
@peac/rails-razorpay | Razorpay UPI, cards, netbanking |
@peac/mappings-paymentauth | MPP / paymentauth HTTP Auth payment challenges and receipts (draft-ryan-httpauth-payment) |
Agent protocol mappings:
| Package | Description |
|---|---|
@peac/mappings-a2a | A2A v1.0 carrier evidence and handoff observation records (AGT/AAIF compatible) |
@peac/mappings-mcp | MCP tool call metadata |
@peac/mappings-acp | Agentic Commerce Protocol session and payment evidence |
@peac/mappings-ucp | Universal Commerce Protocol evidence |
@peac/mappings-tap | Visa Trusted Agent Protocol |
@peac/mappings-rsl | Rights Specification Language evidence |
Governance and runtime adapters:
| Package | Description |
|---|---|
@peac/adapter-runtime-governance | Policy evaluation, safety check, compliance gate, and mode transition records (AGT/AAIF compatible; RTGOV-001..007) |
@peac/adapter-managed-agents | Managed agent platform evidence (Claude, OpenAI Assistants, and similar) |
@peac/adapter-openai-compatible | Hash-first inference receipts for OpenAI-compatible APIs |
Identity and transport:
| Package | Description |
|---|---|
@peac/adapter-did | DID resolution for did:key and did:web key material |
@peac/transport-grpc | gRPC metadata carrier for PEAC evidence |
@peac/http-signatures | HTTP signature verification utilities |
@peac/jwks-cache | JWKS caching layer |
@peac/net-node | Node.js network utilities (SSRF-safe fetch, redirect policy) |
Content and supply chain:
| Package | Description |
|---|---|
@peac/mappings-content-signals | robots.txt, Content-Usage (AIPREF), and tdmrep.json signal parsing |
@peac/mappings-slsa | SLSA provenance evidence |
@peac/mappings-intoto | in-toto attestation evidence |
Observability:
| Package | Description |
|---|---|
@peac/telemetry-otel | Bridge PEAC records to OTel spans via peac.record.ref span attribute |
OpenClaw and capture:
| Package | Description |
|---|---|
@peac/adapter-openclaw | OpenClaw interaction evidence |
@peac/capture-core | Core capture logic (spool, dedupe) |
@peac/capture-node | Node.js durable stores (FileSpoolStore, FileDedupeIndex) |
Layer 5 -- Applications
Full applications built on the protocol stack:
| Package | Description |
|---|---|
@peac/server | HTTP server for receipt issuance and verification |
@peac/cli | CLI: peac verify, peac observe command, peac record command, peac emit lifecycle, peac bundle, peac keygen, peac doctor |
@peac/mcp-server | MCP server with 5 tools (verify, inspect, decode, issue, bundle) |
Import rules
A package may only import from packages in lower layers. Importing from a higher layer is a build error caught by dep-cruiser in CI.
For example, @peac/crypto (Layer 2) can import from @peac/schema (Layer 1) and @peac/kernel (Layer 0), but it cannot import from @peac/protocol (Layer 3).
- No circular dependencies -- enforced by dep-cruiser in CI
- Vendor neutrality -- core packages (Layers 0--3) contain no vendor-specific code
- Vendor code in Layer 4 -- all vendor-specific logic lives in adapters, mappings, and rails packages