Provisioning Event Records
PEAC records evidence for agent provisioning events: API key issuance, OAuth client registration, certificate provisioning, secret rotation, access grants and revocations, and service authorization. All records are observer-scope -- PEAC never stores inline credentials.
Extension group (v0.14.2+)
org.peacprotocol/provisioning-lifecycle -- 10 *-observed type URIs:
| Type URI | What it records |
|---|---|
api_key_provisioning_observed | API key issuance event |
oauth_client_provisioning_observed | OAuth client registration |
certificate_provisioning_observed | Certificate issuance |
service_account_provisioning_observed | Service account creation |
secret_storage_observed | Secret storage event |
access_grant_observed | Access grant event |
access_revocation_observed | Access revocation |
payment_authorization_observation | Payment authorization observation |
credential_rotation_observed | Credential rotation |
resource_quota_observed | Resource quota allocation |
Opaque references required
All *_ref fields must use the opaque reference grammar: urn:, ref:, did:, sha256:, or https: prefixes. Inline credential material, bearer tokens, and connection strings are blocked by the validator.
import { validateProvisioningLifecycle } from '@peac/schema';
const result = validateProvisioningLifecycle({
typ: 'access',
ext: [{
'org.peacprotocol/provisioning-lifecycle': {
event_kind: 'api_key_provisioning_observed',
provider_ref: 'urn:provider:aws-iam',
subject_ref: 'urn:agent:my-agent',
storage_surface: {
kind: 'external_secret_store',
provider_ref: 'urn:provider:aws-secrets-manager',
},
},
}],
});
Credential scanner
validateProvisioningLifecycle() runs a recursive credential-material scanner that rejects inline secrets at any nesting depth. 21 stable error codes in the provisioning.* family (Section 31 PROV-LIFE-001..010).
Storage surface abstraction
storage_surface.kind is an abstract enum (7 values): external_secret_store, local_encrypted_file, local_plaintext_file, environment_file, runtime_secret_binding, none, unknown. No vendor-specific names in core.