Protocol Scope
PEAC Protocol produces verifiable evidence across ten domains. Each domain maps to specific receipt types, policy fields, verification checks, and packages.
Access
Verifiable access control for machine-to-machine traffic.
Track API access, rate limiting, and resource permissions with cryptographic receipts. Every access decision -- granted or denied -- produces a signed, verifiable proof of what was accessed, when, and under what terms.
Packages: @peac/protocol, @peac/control
Attribution
Cryptographic proof of content origin and use.
Machine-readable attribution requirements declared via peac.txt. Receipts carry attribution commitments that survive across organizational boundaries, enabling content creators to enforce citation and credit policies programmatically.
Packages: @peac/protocol, @peac/control
Commerce
Payment evidence with settlement references.
Attach payment proof to interaction receipts across multiple rails: x402 (Coinbase), Stripe, Razorpay, and card networks. Commerce receipts link the interaction to the payment, creating a unified audit trail from request to settlement.
Packages: @peac/rails-x402, @peac/rails-stripe, @peac/rails-razorpay, @peac/rails-card
Consent
Machine-readable consent terms for AI interactions.
Declare consent policies -- training, scraping, indexing -- in peac.txt. Receipts prove what terms were in effect at interaction time, providing verifiable evidence that consent was given, conditional, or denied.
Packages: @peac/protocol, @peac/control
Compliance
Verifiable compliance evidence for regulations.
Portable evidence bundles for regulatory submissions. Jurisdiction-aware policy declarations. Audit-ready verification reports. Designed for EU AI Act, NIST CAISI, and emerging AI governance frameworks.
Packages: @peac/protocol, @peac/audit
Privacy
Privacy-preserving interaction evidence.
HMAC-protected low-entropy fields prevent re-identification. Fingerprint references replace raw values in receipts. Domain-separated preimage computation (peac.toolop.<field>\0) ensures privacy-by-design without sacrificing verifiability.
Packages: @peac/protocol, @peac/crypto
Provenance
Verifiable chain of interaction history.
Every receipt creates a link in an auditable chain. Evidence bundles package the full provenance trail -- receipts, policies, keys, and verification reports -- for offline verification by any party.
Packages: @peac/protocol, @peac/capture-core
Safety
AI safety evidence for reviews and incident response.
Verifiable evidence for AI safety reviews, incident response, and governance workflows. PEAC receipts create portable artifacts that can be shared across organizational boundaries for coordinated safety audits.
Packages: @peac/protocol, @peac/audit
Identity
Agent identity attestation with key lifecycle management.
Cryptographic proof-of-control binding for AI agents. Key lifecycle management with five states: PENDING, ACTIVE, DEPRECATED, RETIRED, REVOKED. Receipts bind agent identity to interaction evidence.
Packages: @peac/protocol, @peac/crypto
Purpose
Purpose-based access control for AI interactions.
Declare and enforce purpose-based access using canonical purpose tokens: train, search, inference, index, user_action. Deterministic first-match-wins policy evaluation ensures predictable, auditable access decisions.
Packages: @peac/control, @peac/policy-kit
Coverage matrix
Each domain applies to one or more attestation types. The matrix below shows which domains produce evidence for each receipt type.
| Domain | interaction | payment | consent | identity |
|---|---|---|---|---|
| Access | ✓ | |||
| Attribution | ✓ | ✓ | ||
| Commerce | ✓ | |||
| Consent | ✓ | |||
| Compliance | ✓ | ✓ | ✓ | ✓ |
| Privacy | ✓ | ✓ | ✓ | ✓ |
| Provenance | ✓ | ✓ | ||
| Safety | ✓ | ✓ | ||
| Identity | ✓ | |||
| Purpose | ✓ | ✓ |