IDE Plugins
The PEAC Plugin Pack provides skills and rules for AI-assisted development environments. It enables receipt verification, inspection, and issuance directly from your IDE through the MCP server.
Claude Code
Add the PEAC skill to Claude Code for receipt operations during development.
Setup
Add to your project's .mcp.json:
{
"mcpServers": {
"peac": {
"command": "npx",
"args": ["@peac/mcp-server"],
"env": {
"PEAC_MCP_PRIVILEGED": "false"
}
}
}
}
Once configured, Claude Code can verify any PEAC receipt you paste into the conversation, inspect receipt claims, and decode raw JWS tokens.
Available operations
- Verify -- paste a receipt JWS and ask Claude to verify it
- Inspect -- examine decoded header, payload, and signature metadata
- Decode -- view raw base64url-decoded parts of a JWS
Cursor
Add PEAC MCP tools to Cursor for receipt operations.
Setup
Add to your project's .mcp.json (Cursor reads this automatically):
{
"mcpServers": {
"peac": {
"command": "npx",
"args": ["@peac/mcp-server"],
"env": {
"PEAC_MCP_PRIVILEGED": "false"
}
}
}
}
Cursor will discover the MCP server and make PEAC tools available in the AI assistant.
Other MCP clients
Any MCP client that supports stdio transport can use the PEAC MCP server:
- Windsurf -- add to MCP server configuration
- VS Code Copilot -- configure via MCP settings
- Custom agents -- connect via stdio or Streamable HTTP
The MCP server exposes the same 5 tools regardless of client:
| Tool | Description | Privileged |
|---|---|---|
peac_verify | Verify a receipt against an issuer's JWKS | No |
peac_inspect | Decode and display receipt claims | No |
peac_decode | Raw base64url decode of JWS parts | No |
peac_issue | Issue a new signed receipt | Yes |
peac_create_bundle | Create an evidence bundle | Yes |
Security model
The Plugin Pack follows a default-deny security model:
- Pure tools only by default --
peac_verify,peac_inspect, andpeac_decoderequire no secrets - Privileged tools require opt-in -- set
PEAC_MCP_PRIVILEGED=trueand provide signing keys to enablepeac_issueandpeac_create_bundle - No ambient key discovery -- keys must be explicitly configured via environment variables
- No outbound network from tools -- SSRF prevention by design
- Static policy -- policy loaded at startup, not fetched at runtime
Only enable privileged tools (PEAC_MCP_PRIVILEGED=true) in trusted environments where you control the signing keys. In shared or CI environments, use pure tools only.
Plugin Pack distribution
The Plugin Pack is distributed as part of the @peac/mcp-server package in surfaces/plugin-pack/. It contains:
- Claude Code skill definition
- Cursor rules file
- MCP client configuration templates
- Usage documentation
The Plugin Pack has zero runtime dependencies -- it configures the MCP server binary, which handles all protocol operations.