Protocol Scope
PEAC Protocol produces verifiable evidence across ten domains. Each domain maps to specific receipt types, policy fields, verification checks, and packages. The protocol includes 12 typed extension groups, 9 pillar usage profiles, and 219 conformance requirement IDs.
Access
Verifiable access control for machine-to-machine traffic.
Track API access, rate limiting, and resource permissions with cryptographic receipts. Every access decision -- granted or denied -- produces a signed, verifiable proof of what was accessed, when, and under what terms.
Packages: @peac/protocol, @peac/control
Attribution
Cryptographic proof of content origin and use.
Machine-readable attribution requirements declared via peac.txt. Receipts carry attribution commitments that survive across organizational boundaries, enabling content creators to enforce citation and credit policies programmatically.
Packages: @peac/protocol, @peac/control
Commerce
Payment evidence with settlement references.
Attach payment proof to interaction receipts across five rails: paymentauth/MPP, x402, Stripe, Razorpay, and card networks. Commerce receipts record what the upstream system reported with strict semantic boundaries: PEAC never synthesizes payment finality.
Packages: @peac/mappings-paymentauth, @peac/adapter-x402, @peac/rails-stripe, @peac/rails-razorpay, @peac/rails-card
Consent
Machine-readable consent terms for AI interactions.
Declare consent policies -- training, scraping, indexing -- in peac.txt. Receipts prove what terms were in effect at interaction time, providing verifiable evidence that consent was given, conditional, or denied.
Packages: @peac/protocol, @peac/control
Compliance
Verifiable compliance evidence for regulations.
Portable evidence bundles for regulatory submissions. Jurisdiction-aware policy declarations. Audit-ready verification reports. Designed for EU AI Act, NIST CAISI, and emerging AI governance frameworks.
Packages: @peac/protocol, @peac/audit
Privacy
Privacy-preserving interaction evidence.
HMAC-protected low-entropy fields prevent re-identification. Fingerprint references replace raw values in receipts. Domain-separated preimage computation (peac.toolop.<field>\0) ensures privacy-by-design without sacrificing verifiability.
Packages: @peac/protocol, @peac/crypto
Provenance
Verifiable chain of interaction history.
Every receipt creates a link in an auditable chain. Evidence bundles package the full provenance trail -- receipts, policies, keys, and verification reports -- for offline verification by any party.
Packages: @peac/protocol, @peac/capture-core
Safety
AI safety evidence for reviews and incident response.
Verifiable evidence for AI safety reviews, incident response, and governance workflows. PEAC receipts create portable artifacts that can be shared across organizational boundaries for coordinated safety audits.
Packages: @peac/protocol, @peac/audit
Identity
Agent identity attestation with multi-root proof types and key lifecycle management.
Cryptographic proof-of-control binding for AI agents with 8 proof types: ed25519-cert-chain, eat-passport, eat-background-check, sigstore-oidc, did, spiffe, x509-pki, custom. ActorBinding schema with origin-only enforcement prevents correlation leakage. MVIS (Minimum Viable Identity Set) requires 5 fields: issuer, subject, key_binding, time_bounds, replay_protection. Key lifecycle management with five states: PENDING, ACTIVE, DEPRECATED, RETIRED, REVOKED. Key rotation with 30-day normative overlap and tiered kid reuse detection.
Packages: @peac/protocol, @peac/crypto, @peac/schema
Purpose
Purpose-based access control for AI interactions.
Declare and enforce purpose-based access using canonical purpose tokens: train, search, inference, index, user_action. Deterministic first-match-wins policy evaluation ensures predictable, auditable access decisions.
Packages: @peac/control, @peac/policy-kit
Coverage matrix
Each domain applies to one or more attestation types. The matrix below shows which domains produce evidence for each receipt type.
| Domain | interaction | payment | consent | identity |
|---|---|---|---|---|
| Access | ✓ | |||
| Attribution | ✓ | ✓ | ||
| Commerce | ✓ | |||
| Consent | ✓ | |||
| Compliance | ✓ | ✓ | ✓ | ✓ |
| Privacy | ✓ | ✓ | ✓ | ✓ |
| Provenance | ✓ | ✓ | ||
| Safety | ✓ | ✓ | ||
| Identity | ✓ | |||
| Purpose | ✓ | ✓ |