Quickstart
Issue and verify your first PEAC receipt in under 5 minutes. By the end, you'll have a signed receipt and a working verification pipeline.
Node.js 22+ required. Check with node --version.
Step 1: Install
npm install @peac/protocol
This installs the core protocol package with issuance, verification, and schema validation.
Step 2: Generate a signing key
npx @peac/cli keygen
This outputs an Ed25519 keypair. You'll get two values:
- Private key: Store securely (environment variable, secret manager)
- Public key: Publish at
/.well-known/peac-issuer.jsonfor verifiers
Never commit private keys to source control. Use environment variables or a secret manager.
Step 3: Issue a receipt
Wire 0.1 (flat claims)
import { issue } from '@peac/protocol';
const receipt = await issue({
privateKey: process.env.PEAC_PRIVATE_KEY,
kid: 'peac-2026-03',
claims: {
iss: 'https://api.example.com',
aud: 'https://client.example.com',
amt: 100,
cur: 'USD',
rail: 'x402',
},
});
// Deliver as HTTP header
res.setHeader('PEAC-Receipt', receipt);
Wire 0.2 (structured kinds + extensions)
import { issueWire02 } from '@peac/protocol';
const receipt = await issueWire02({
privateKey: process.env.PEAC_PRIVATE_KEY,
kid: 'peac-2026-03',
claims: {
iss: 'https://api.example.com',
kind: 'evidence',
type: 'org.peacprotocol/payment',
pillars: ['commerce'],
extensions: {
'org.peacprotocol/commerce': {
payment_rail: 'x402',
amount_minor: '10000',
currency: 'USD',
},
},
},
});
res.setHeader('PEAC-Receipt', receipt);
The receipt is a compact JWS string: a single line of base64url-encoded data.
Step 4: Verify a receipt
import { verifyLocal } from '@peac/protocol';
const result = verifyLocal(receiptJWS, publicKey);
if (result.valid) {
console.log('Wire version:', result.wireVersion); // '0.1' or '0.2'
console.log('Claims:', result.claims);
if (result.wireVersion === '0.2') {
console.log('Kind:', result.claims.kind);
console.log('Type:', result.claims.type);
}
} else {
console.log('Verification failed:', result.reason);
}
verifyLocal() auto-detects wire version and works completely offline: no network calls to the issuer.
Step 5: Publish your policy
Create /.well-known/peac.txt on your domain:
version: 0.12.3
protocol: peac
peac:
consent:
ai_training: conditional
economics:
pricing: $0.01/gb
attribution:
required: true
This is your machine-readable terms file. AI agents discover it automatically before making requests.
Step 6: Publish your keys
Create /.well-known/peac-issuer.json:
{
"keys": [
{
"kty": "OKP",
"crv": "Ed25519",
"use": "sig",
"kid": "peac-2026-03",
"x": "<base64url-encoded-public-key>",
"alg": "EdDSA"
}
],
"receipt_versions": ["peac-receipt/0.1", "interaction-record+jwt"]
}
This is a standard JWKS. Verifiers fetch it to validate your receipts.
What you've built
After completing these steps, you have:
- A signing pipeline: Your service can issue receipts on every response
- A verification pipeline: Any client can verify your receipts offline
- Machine-readable policy: Agents discover your terms automatically
- Published keys: Verifiers can validate without contacting you