Profiles
Profiles are documentation overlays that describe how to use PEAC for specific use cases, regulatory contexts, or integration patterns. A profile constrains and documents existing PEAC structures; it does not add new schema fields.
Profiles are documentary, not runtime-enforced. Schema validation (@peac/schema) enforces field structure; verifyLocal() enforces protocol behavior including type-to-extension enforcement. Profiles document recommended usage patterns on top of those layers.
Pillar Profiles
9 pillar profiles document how to use a specific PEAC extension group for a regulatory, operational, or evidence workflow. Each profile includes schema-vs-profile field tables, non-goals, and strict-mode demonstrations.
| Profile | Extension Group | Description |
|---|---|---|
| Access | org.peacprotocol/access | Access control decisions (resource, action, decision) |
| Identity | org.peacprotocol/identity | Identity attestation and proof references |
| Consent | org.peacprotocol/consent | Consent records (basis, scope, expiry) |
| Privacy | org.peacprotocol/privacy | Privacy and data handling evidence |
| Safety | org.peacprotocol/safety | AI safety and guardrail evidence |
| Compliance | org.peacprotocol/compliance | Regulatory compliance evidence |
| Provenance | org.peacprotocol/provenance | Data and content provenance |
| Attribution | org.peacprotocol/attribution | Content attribution and licensing |
| Purpose | org.peacprotocol/purpose | Purpose limitation and use constraints |
Commerce has a typed extension group (org.peacprotocol/commerce) but no pillar profile because it is an adapter/integration concern covered by payment rail adapters.
Extension Group Profiles
Extension group profiles document observation records for agent execution, provisioning, governance, and inter-agent coordination patterns. These profiles were introduced in v0.14.x and use the *-observed type URI suffix to indicate observer scope: PEAC records what systems report, not what PEAC itself decided.
| Profile | Extension Group | Version | Description |
|---|---|---|---|
| Provisioning Lifecycle | org.peacprotocol/provisioning-lifecycle | v0.14.2 | Credential issuance, secret rotation, service authorization records |
| Lifecycle Observation | org.peacprotocol/lifecycle-observation | v0.14.1 | Approval, evaluation, experiment, and workflow transition records |
| CLI Execution | org.peacprotocol/cli-execution | v0.14.1 | Signed execution records for CLI commands and CI pipelines |
| A2A Handoff | org.peacprotocol/a2a-handoff | v0.14.1 | Agent-to-Agent Protocol handoff observation records (AGT/AAIF compatible) |
| Runtime Governance | org.peacprotocol/runtime-governance | v0.12.10 | Policy evaluation, safety check, compliance gate, and mode transition records (AGT/AAIF compatible) |
All extension group profiles are observer-scope only. They record what upstream systems attested. PEAC does not evaluate policies, authorize actions, or enforce governance rules.
Adapter Profiles
Adapter profiles document how to normalize external protocol artifacts into PEAC receipts for a specific integration.
| Profile | Package | Description |
|---|---|---|
| Stripe x402 Machine Payments | @peac/adapter-x402 | Payment evidence for Stripe-backed x402 flows |
| MPP / paymentauth | @peac/mappings-paymentauth | HTTP Auth payment challenge and receipt evidence (draft-ryan-httpauth-payment) |
Profile Structure
Pillar profiles (10 sections): Overview, extension group reference, schema-vs-profile field table, required fields, optional fields, type-to-extension enforcement behavior, non-goals, strict-mode demonstration, interop-mode behavior, examples.
Extension group profiles (12 sections): Overview, observer scope boundary, type URI registry (with all *-observed URIs), required fields per event kind, opaque reference grammar, forbidden inline values, error code catalog, conformance section mapping, usage examples, composition patterns, non-goals.
Adapter profiles (8 sections): Overview, package reference, input/output mapping, normalization rules, verification behavior, conformance vectors, limitations, examples.
Observer Scope Doctrine
All extension group profiles use observer scope. This means:
- PEAC records what the caller reports as having happened
- PEAC does not evaluate, authorize, approve, or enforce the underlying action
- Upstream systems (policy engines, authorization servers, orchestrators) own their decisions
- PEAC provides portable, offline-verifiable evidence of what was reported
If your upstream system evaluated a safety check and approved an action, PEAC records that evaluation result as an observation. The safety check itself was not performed by PEAC.
Related
- Protocol Scope: 10 verification domains
- Wire Format: 16 typed extension groups
- Registries: Extension group and receipt type registries
- Conformance: 260 conformance requirements across 29 sections