v0.12.11Last reviewed: v0.12.11

Receipt Reference

A PEAC receipt is a compact JWS (JSON Web Signature) signed with Ed25519. It proves what terms applied and what happened during an interaction. Receipts verify offline with just the issuer's public key.

Wire Formats

The current stable format is interaction-record+jwt. Both formats produce compact JWS tokens carried in the PEAC-Receipt HTTP header.

interaction-record+jwtStable

Structured kinds (evidence / challenge), typed extensions (12 groups), policy binding (JCS + SHA-256), JOSE hardening. The current standard for all new integrations.

peac-receipt/0.1Frozen legacy

Flat payload with hash, payment, aipref fields. No structural kinds. Maintained for backward compatibility only; no new features.

JWS Header

Field	Required	Description
`alg`	Required	`EdDSA` (Ed25519 only)
`typ`	Required	`interaction-record+jwt` (current). Legacy `peac-receipt/0.1` also accepted.
`kid`	Required	Key identifier for signature verification (max 256 chars)

JOSE hardening (Interaction Record format): embedded keys (jwk, x5c, x5u, jku), crit, b64:false, and zip are rejected. JWS size cap: 256 KB.

Interaction Record Payload

Interaction records use structured kinds with typed extensions. This is the current standard for new integrations.

Field	Required	Description
`iss`	Required	`https://` origin (RFC 3986) or `did:` (DID Core)
`iat`	Required	Issued-at time (Unix seconds)
`kind`	Required	`evidence` (records what happened) or `challenge` (requests proof)
`type`	Required	Reverse-DNS or URI identifier (e.g. `org.peacprotocol/payment`)
`pillars`	Recommended	Array from the 10-pillar taxonomy (access, attribution, commerce, consent, compliance, privacy, provenance, safety, identity, purpose)
`extensions`	Recommended	Typed extension groups (12 groups: commerce, access, challenge, identity, correlation, consent, privacy, safety, compliance, provenance, attribution, purpose)
`aud`	Optional	Intended audience
`actor`	Optional	Agent identity binding (ActorBinding with proof types)

Example: Commerce Receipt

Decoded JWS payloadinteraction-record+jwt

{
  "iss": "https://api.example.com",
  "iat": 1742918400,
  "kind": "evidence",
  "type": "org.peacprotocol/payment",
  "pillars": ["commerce"],
  "extensions": {
    "org.peacprotocol/commerce": {
      "payment_rail": "stripe",
      "amount_minor": "2500",
      "currency": "USD",
      "event": "settlement"
    }
  }
}

The event field is observational metadata: it records what the upstream system reported, not more.

HTTP Transport

PEAC-Receipt

Single HTTP response header containing the compact JWS. This is a complete, self-contained signed token, not a detached signature. The verifier needs only the compact JWS and the issuer's public key.

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
PEAC-Receipt: eyJhbGciOiJFZERTQSIsInR5cCI6ImludGVyYWN0aW9uLXJlY29yZCtqd3QiLCJraWQiOiJwZWFjLTIwMjYtMDMifQ.eyJpc3MiOiJodHRwczovL2FwaS5leGFtcGxlLmNvbSIsImlhdCI6MTc0MjkxODQwMCwia2luZCI6ImV2aWRlbmNlIiwidHlwZSI6Im9yZy5wZWFjcHJvdG9jb2wvcGF5bWVudCJ9.signature

Verification

Verification is offline and deterministic. verifyLocal() auto-detects the wire version and returns a typed result.

verify.tsTypeScript

import { verifyLocal } from '@peac/protocol';

const result = await verifyLocal(compactJws, { publicKey });
// result.verified: boolean
// result.wireVersion: '0.1' | '0.2'
// result.policy_binding: 'verified' | 'failed' | 'unavailable'

Strictness profiles: strict (default) enforces type-to-extension mapping and canonical iss form. interop downgrades violations to warnings.

Policy binding: JCS (RFC 8785) + SHA-256 digest comparison. Three-state result: verified, failed, or unavailable.

Evidence Bundles

Bundles are portable ZIP archives containing receipts, public keys, policy snapshots, and a deterministic verification report. They enable offline audit, dispute resolution, and cross-organization handoffs.

bundle.peacbundle/
├── manifest.json          # Bundle metadata and receipt list
├── receipts/              # Individual receipt JWS tokens
├── keys/jwks.json         # Public keys for verification
├── policy/                # Policy snapshot (optional)
└── verification_report.json  # Deterministic report with report_hash

Evidence Carriers

Receipts travel across transports via the Evidence Carrier Contract:

Transport	Carrier	Size limit
HTTP	`PEAC-Receipt` header	8 KB
MCP	`_meta` fields	64 KB
A2A	`metadata[extensionURI]`	64 KB
ACP / x402	HTTP headers	8 KB
UCP	Webhook payload	64 KB

Next Steps

Wire format spec

Full normative reference for both wire formats

Wire Format Docs

Verify a receipt

Decode and verify receipts in your browser

Verify Receipt

Commerce evidence

Paymentauth, ACP, x402, Stripe, and UCP integration

Commerce Integrations

Back to home