PEAC
Active Developmentv0.10.0

Releases

Version history and changelogs. See GitHub for full release notes.

v0.10.0Current
January 14, 2026
Wire Format Normalization (v0.1 Baseline)
  • +Wire format normalized: peac-receipt/0.1 (hyphenated, decoupled from repo version)
  • +Schema namespace updated: peacprotocol.org/schemas/wire/0.1/
  • +Go SDK alignment: jws.DefaultReceiptTyp constant updated
  • +34 npm packages published @ 0.10.0 (dist-tag: next)
  • +Go module tags: sdks/go/v0.10.0, middleware/chi/v0.10.0, middleware/gin/v0.10.0
  • +Consistent artifact naming across TypeScript and Go SDKs
@peac/protocol@peac/schema@peac/crypto
v0.9.31
UCP Mapping + Strategic Positioning
  • +@peac/mappings-ucp - Google Universal Commerce Protocol webhook signature verification
  • +RFC 7797 detached JWS with ES256/ES384/ES512 support
  • +UCP order to PEAC receipt mapping with amounts in minor units
  • +Dispute evidence generation for @peac/audit bundles
  • +17 UCP error codes (E_UCP_*) in specs/kernel/errors.json
  • +Security hardening: JOSE crit semantics, strict header validation
  • +UCP webhook example (examples/ucp-webhook-express/)
  • +70+ tests covering all verification paths
@peac/mappings-ucp
v0.9.30
Dispute Bundle + Deterministic Verification
  • +Dispute Bundle format (@peac/audit) - ZIP-based archive for offline verification
  • +createDisputeBundle(), readDisputeBundle(), verifyBundle() functions
  • +VerificationReport type with deterministic JCS canonicalization
  • +CLI bundle commands: peac bundle create|verify|info
  • +Error codegen from specs/kernel/errors.json
  • +Crypto testkit with generateKeypairFromSeed() for deterministic tests
  • +8 conformance fixtures (2 valid, 6 invalid) with expected report hashes
  • +9 bundle error codes (E_BUNDLE_*)
@peac/audit
v0.9.29
Go SDK Parity (Issue + Policy + Verify)
  • +peac.Issue() - Create signed PEAC receipts in Go
  • +peac.Verify() - Receipt verification with Ed25519 + JWS + JWKS
  • +peac.Policy() - Policy rule evaluation
  • +Go middleware: middleware/chi and middleware/gin with context-based claims
  • +Full JWKS discovery and caching
  • +Cross-language conformance with TypeScript SDK
  • +150+ tests including fuzz tests
  • +Go module tags: sdks/go@v0.9.29, sdks/go/middleware/chi@v0.9.29
v0.9.28
Edge + Scale + Hardening
  • +@peac/contracts - Single source of truth for error codes, MODE_BEHAVIOR, WWW-Authenticate
  • +@peac/worker-core - Runtime-neutral TAP verification handler with security hardening
  • +Edge deployment guides (Cloudflare Workers, Fastly Compute, Akamai EdgeWorkers)
  • +RFC 6648 compliant headers (PEAC-* not X-PEAC-*)
  • +Default mode changed to tap_only (BREAKING from receipt_or_tap)
  • +LRU replay protection with true access-order updates
  • +Error message sanitization by default (UNSAFE_DEV_MODE gate)
  • +Documentation quality guardrails CI workflow
@peac/contracts@peac/worker-core
Breaking Changes
Default verification mode changed to tap_only (returns 401 when TAP missing)
v0.9.27
Dispute & Audit
  • +DisputeAttestation type for formal contestation of receipts, attributions, identity claims
  • +13 grounds codes across evidence, attribution, identity, and policy categories
  • +13 dispute error codes (E_DISPUTE_*) for validation and lifecycle
  • +Case bundle format with W3C Trace Context correlation
  • +Dispute lifecycle states: filed, acknowledged, under_review, escalated, resolved, appealed, final
  • +@peac/audit package for audit log generation and trace correlation
  • +50 conformance fixtures for dispute validation
@peac/audit
v0.9.26
Attribution & Conformance
  • +AttributionAttestation type for content provenance tracking
  • +ContentHash type with SHA-256 + base64url encoding
  • +Attribution chains with cycle detection (max 100 sources, depth 8)
  • +@peac/attribution package with computeContentHash, verifyContentHash, resolveChain
  • +CC Signals obligations extension (credit, contribution requirements)
  • +12 attribution error codes (E_ATTRIBUTION_*)
  • +15 conformance fixtures for attribution validation
@peac/attribution
v0.9.25
Agent Identity & Go Verifier
  • +AgentIdentityAttestation type with peac/agent-identity attestation
  • +Key lifecycle states: PENDING, ACTIVE, DEPRECATED, RETIRED, REVOKED
  • +Go SDK with Ed25519 + JWS + JWKS verification (sdks/go/)
  • +HTTP message signature bridge (RFC 9421 compatible)
  • +13 identity error codes (E_IDENTITY_*)
  • +MCP integration with reverse-DNS keys (org.peacprotocol/*)
  • +Golden vectors for cross-language conformance
v0.9.24
Purpose on Wire
  • +PEAC-Purpose, PEAC-Purpose-Applied, PEAC-Purpose-Reason HTTP headers
  • +Receipt claims: purpose_declared, purpose_enforced, purpose_reason
  • +Enforcement profiles: strict, balanced (default), open
  • +@peac/mappings-aipref package for IETF AIPREF vocabulary mapping
  • +28 golden vectors for purpose parsing and validation
  • +robotsToPeacStarter() function for robots.txt bridge
@peac/mappings-aipref@peac/pref
v0.9.23
Publisher Playbooks
  • +Policy Kit profiles for common publisher scenarios
  • +Pre-built templates for news sites, blogs, APIs, and research portals
  • +Streamlined policy generation with sensible defaults
  • +Publisher-specific attribution formats and licensing modes
@peac/policy-kit
v0.9.22
Telemetry & Observability
  • +@peac/telemetry - Core telemetry interfaces and no-op provider
  • +@peac/telemetry-otel - OpenTelemetry adapter with 90 tests
  • +Privacy modes: strict (hash all), balanced (include rail/amounts), custom (allowlist)
  • +Protocol hooks in issue() and verify() for telemetry emission
  • +W3C Trace Context support via OpenTelemetry spans
  • +Metrics: counters for receipts issued/verified, histograms for operation duration
@peac/telemetry@peac/telemetry-otel
v0.9.21
Wire Spec & Conformance
  • +JSON-safe evidence validation (JsonValue type, z.number().finite())
  • +Iterative JSON validator with cycle detection (WeakSet)
  • +DoS protection caps: maxDepth, maxArrayLength, maxObjectKeys, maxStringLength, maxTotalNodes
  • +Wire spec with JSON Schema definitions (Ajv 2020-12)
  • +Conformance harness with golden vectors
  • +Generic Attestation and Extensions types
@peac/adapter-core
v0.9.20
Privacy & Multi-CDN
  • +@peac/privacy - Privacy-preserving hashing with required salt
  • +@peac/rails-card - Card billing bridge with billing_snapshot
  • +@peac/transport-grpc - gRPC StatusCode parity with HTTP
  • +x402 adapters: Daydreams, Fluora, Pinata
  • +Edge workers: Fastly, Akamai
  • +PaymentEvidence.facilitator field for vendor identification
@peac/privacy@peac/rails-card@peac/transport-grpc
Breaking Changes
Adapter package names: @peac/rails-x402-* changed to @peac/adapter-x402-*
v0.9.19
India Payments & MCP Budget
  • +@peac/rails-razorpay - India payment adapter (UPI, cards, netbanking)
  • +MCP/ACP budget utilities with bigint minor units
  • +x402 payment reference header parsing
  • +5 flagship examples: x402-node-server, pay-per-inference, pay-per-crawl, rsl-collective, mcp-tool-call
@peac/rails-razorpay
v0.9.18
TAP & Edge Distribution
  • +@peac/http-signatures - RFC 9421 HTTP Message Signatures
  • +@peac/jwks-cache - Edge-safe JWKS fetch with SSRF protection
  • +@peac/mappings-tap - Visa TAP protocol mapping
  • +Cloudflare Worker and Next.js Edge middleware
  • +Fail-closed security defaults
@peac/http-signatures@peac/jwks-cache@peac/mappings-tap
Breaking Changes
Removed ai_search ControlPurpose (use ai_index or ai_input)
v0.9.17
AI Policy Kit & x402 v2
  • +x402 v2 adapter with v1 fallback (X402Dialect config)
  • +RSL 1.0 alignment with extended ControlPurpose
  • +@peac/policy-kit v0.1 for deterministic policy evaluation
  • +CLI commands: peac policy init, validate, explain, generate
  • +Subject profile binding on AuthContext
@peac/policy-kit
Breaking Changes
issue() now returns IssueResult { jws, subject_snapshot? } instead of string
v0.9.16
Control Abstraction Layer
  • +ControlPurpose enumeration (crawl, index, train, inference)
  • +Licensing modes (subscription, pay_per_crawl, pay_per_inference)
  • +PaymentEvidence with aggregator and splits[]
  • +Subject profile types (human, org, agent)
v0.9.15
Kernel-First Architecture
  • +Specialized packages: @peac/kernel, @peac/schema, @peac/crypto, @peac/protocol
  • +Layered dependency DAG (L0 kernel -> L6 pillars)
  • +@peac/core deprecated
  • +HTTP 402 profile support
Breaking Changes
Replace @peac/core imports with specialized packages
v0.9.14
Wire Format Stabilization
  • +Self-describing JWS receipts with peac.receipt/0.9
  • +Standardized JOSE conventions
  • +Domain policy enforcement
v0.9.13Archive
Schema Refinement
  • +Receipt schema hardening
  • +Improved validation error messages
  • +Test coverage expansion
v0.9.11Archive
SDK Improvements
  • +Enhanced SDK ergonomics
  • +Better TypeScript types
  • +Documentation updates
v0.9.9Archive
Payment Rail Abstractions
  • +x402 and Stripe rail support
  • +Payment evidence structures
  • +Receipt verification improvements
v0.9.7Archive
Agreement Core
  • +Core agreement flow implementation
  • +Negotiation protocol basics
  • +Webhook integration patterns
v0.9.5Archive
Policy Discovery
  • +peac.txt and .well-known support
  • +Machine-readable policy files
  • +Agent discovery protocol
v0.9.2Archive
SDK Foundations
  • +Node.js SDK refinements
  • +CLI tool basics
  • +Example integrations
v0.9.1Archive
Multi-Platform SDKs
  • +Node.js and Python SDKs
  • +HTTP 402 Payment Required handler
  • +WordPress and Shopify plugin stubs
  • +Privacy and anonymization layer
v0.9.0Archive
July 18, 2025
First Public Release
  • +Production-ready OSS implementation
  • +Machine-readable pricing.txt and .well-known/peac.json
  • +Core modules, Node.js SDK, CLI, schema
  • +Attribution and EIP-712 signature enforcement
  • +x402 and Stripe compatibility

Version Policy

  • Wire format peac-receipt/0.1 is the normalized baseline (v0.10.0+)
  • Library APIs may change between minor versions when it improves correctness or standards alignment
  • Breaking changes are documented with clear migration paths

Resources

GitHub Releases
Full release notes and tags
CHANGELOG.md
Detailed change history
Back to home