Edge Platforms
PEAC Protocol packages run on all major edge and serverless platforms. The core crypto uses @noble/ed25519, which provides a pure JavaScript implementation with zero native dependencies -- making it portable across runtimes.
Cloudflare Workers
Issue and verify PEAC receipts directly in a Cloudflare Worker. Secrets are accessed through the env bindings.
worker.ts
import { issueReceipt, verifyReceipt } from '@peac/protocol';
export default {
async fetch(request: Request, env: Env): Promise<Response> {
const data = { message: 'Hello from PEAC' };
const response = Response.json(data);
const receipt = await issueReceipt({
privateKey: env.PEAC_PRIVATE_KEY,
kid: 'peac-2026-02',
claims: {
iss: 'https://api.example.com',
sub: request.headers.get('x-agent-id') || 'anonymous',
peac: {
type: 'api.request',
attestation_type: 'interaction',
status: 'executed',
},
},
});
response.headers.set('PEAC-Receipt', receipt);
return response;
},
};
Next.js
API Routes (App Router)
Issue receipts from Next.js API route handlers. Works with both the Edge Runtime and the Node.js runtime.
app/api/route.ts
import { issueReceipt } from '@peac/protocol';
import { NextResponse } from 'next/server';
export async function GET(request: Request) {
const data = { message: 'Hello from PEAC' };
const receipt = await issueReceipt({
privateKey: process.env.PEAC_PRIVATE_KEY!,
kid: 'peac-2026-02',
claims: {
iss: 'https://www.example.com',
sub: 'api-consumer',
peac: {
type: 'api.request',
attestation_type: 'interaction',
status: 'executed',
},
},
});
return NextResponse.json(data, {
headers: { 'PEAC-Receipt': receipt },
});
}
Middleware
Use Next.js middleware to intercept and verify incoming PEAC receipts on protected routes.
middleware.ts
import { verifyReceipt } from '@peac/protocol';
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export async function middleware(request: NextRequest) {
const receiptHeader = request.headers.get('PEAC-Receipt');
if (receiptHeader) {
const result = await verifyReceipt(receiptHeader, {
issuer: 'https://trusted-issuer.example.com',
});
if (!result.verified) {
return NextResponse.json(
{ error: 'Invalid PEAC receipt' },
{ status: 401 }
);
}
}
return NextResponse.next();
}
export const config = {
matcher: '/api/:path*',
};
Platform compatibility
| Platform | Status | Runtime | Notes |
|---|---|---|---|
| Cloudflare Workers | Supported | V8 isolate | Web Crypto API |
| Next.js (Edge Runtime) | Supported | V8 isolate | Web Crypto API |
| Next.js (Node Runtime) | Supported | Node.js | Node.js crypto |
| Vercel Edge Functions | Supported | V8 isolate | Web Crypto API |
| Deno Deploy | Supported | V8 isolate | Web Crypto API |
| AWS Lambda | Supported | Node.js | Node.js 22+ required |
| AWS Lambda@Edge | Supported | Node.js | Node.js 22+ required |
Key requirements
- Node.js >= 22.0.0 for server-side runtimes
- Ed25519 support in the platform's crypto API
- PEAC uses
@noble/ed25519v3, which provides a pure JavaScript fallback when native Ed25519 is unavailable. No native modules are required.