PEAC
v0.12.4Last reviewed: v0.12.4

Evaluate PEAC

This page collects the information an evaluator, enterprise architect, or institutional reviewer needs to assess PEAC Protocol.

What PEAC proves

  • +A specific issuer signed a specific set of claims at a specific time
  • +The receipt has not been tampered with (Ed25519 signature verification)
  • +Verification is offline: no network calls to the issuer required
  • +Policy binding: optional cryptographic proof that a specific policy was in effect

What PEAC does not prove

  • That the claims in the receipt are true (PEAC records what the issuer attested, not what actually happened)
  • Payment finality, settlement, or custody (commerce evidence is observational, never transactional)
  • Identity of the agent or user beyond what the issuer attests
  • Compliance with any specific regulation (PEAC provides evidence; compliance is the operator's responsibility)

Wire stability

FormatJWS typStatus
Wire 0.1peac-receipt/0.1Frozen until v1.0. No new features. Maintained for backward compatibility.
Wire 0.2interaction-record+jwtStable. Current standard for new integrations. Structured kinds, typed extensions, policy binding.

Verification model

Algorithm: Ed25519 (RFC 8032) only. No RSA, no ECDSA.

JOSE hardening: embedded keys rejected, crit rejected, b64:false rejected, zip rejected. JWS size cap 256 KB.

Offline: verifyLocal() requires only the compact JWS and the issuer's public key. No network calls.

Strictness: strict (default) enforces type-to-extension mapping. interop downgrades violations to warnings.

Discovery: /.well-known/peac-issuer.json with jwks_uri pointing to the issuer's public keys.

Current release

Version: 0.12.4
Packages: 29 on npm
Conformance tests: 361
Build targets: 91
Extension groups: 12
Pillar profiles: 9
License: Apache-2.0
Node.js: 22+ (24.14.0 canonical)

Governance

PEAC is an open-source protocol under Apache-2.0. Stewarded by Originary. No vendor lock-in: core packages have zero vendor names.

Normative decisions are tracked in a numbered log. The current release ships 193 normative decisions.

Wire format peac-receipt/0.1 is frozen until v1.0. Public API surface is locked with pack-install smoke tests.

Review materials

Specification

Wire format, conformance, normative references

Security and evaluation

Verification security model, threat analysis

Releases

Version history and changelogs

Governance

Decision-making and neutrality commitments

Receipt reference

Wire formats, fields, verification, carriers

Institutions

Grants, governments, NGOs, research

Back to home