Skip to content
v0.16.1

Go SDK

Supported (Go module)

The Go SDK provides core issue and verify for Wire 0.2 via the Go module github.com/peacprotocol/peac/sdks/go. The middleware adapters (chi, gin, echo, nethttp) are experimental.

Native Go implementation for issuing and verifying PEAC receipts. Ed25519 signatures, claim validation, and HTTP middleware for Chi and Gin.

Source: github.com/peacprotocol/peac/sdks/go

Install

Terminal
go get github.com/peacprotocol/peac/sdks/go

Issue a Receipt

Create a signed receipt with issuer, audience, and subject claims. The receipt is returned as a compact JWS string.

issue.goGo
receipt, err := peac.Issue(peac.IssueOptions{
    Issuer:    "https://api.example.com",
    Audience:  "https://client.example.com",
    Subject:   "user:alice",
    SigningKey: key,
})
if err != nil {
    log.Fatal(err)
}

// receipt.JWS is a compact JWS string
// Add to HTTP response header
w.Header().Set("PEAC-Receipt", receipt.JWS)

Verify a Receipt

Verify the signature and claims of a receipt JWS. The issuer allowlist restricts which issuers are accepted.

verify.goGo
result, err := peac.Verify(receiptJWS, peac.VerifyOptions{
    AllowedIssuers: []string{"https://api.example.com"},
})
if err != nil {
    log.Fatal(err)
}

if result.OK {
    fmt.Println("Issuer:", result.Claims.Issuer)
    fmt.Println("Subject:", result.Claims.Subject)
    fmt.Println("Audience:", result.Claims.Audience)
}

Middleware

The Go SDK provides middleware for Chi and Gin that extracts the PEAC-Receipt header, verifies it, and attaches the result to the request context.

The middleware verifies the signed receipt and attaches the result to the request context. Your application decides what to do with it. PEAC records and verifies signed evidence; it does not enforce, authorize, or gate access by itself.

Chi

chi_middleware.goGo
r := chi.NewRouter()

r.Use(peacmw.VerifyReceipt(peacmw.Config{
    AllowedIssuers: []string{"https://api.example.com"},
}))

r.Get("/protected", func(w http.ResponseWriter, r *http.Request) {
    result := peacmw.ReceiptFromContext(r.Context())
    if result == nil || !result.OK {
        http.Error(w, "Payment Required", http.StatusPaymentRequired)
        return
    }
    w.Write([]byte("Access granted"))
})

Gin

gin_middleware.goGo
r := gin.Default()

r.Use(peacgin.VerifyReceipt(peacgin.Config{
    AllowedIssuers: []string{"https://api.example.com"},
}))

r.GET("/protected", func(c *gin.Context) {
    result := peacgin.ReceiptFromContext(c)
    if result == nil || !result.OK {
        c.JSON(http.StatusPaymentRequired, gin.H{
            "error": "Payment Required",
        })
        return
    }
    c.JSON(http.StatusOK, gin.H{
        "issuer": result.Claims.Issuer,
    })
})

Policy Evaluation

Evaluate a receipt against a policy file to determine whether an interaction is permitted. The policy engine parses peac.txt format.

policy.goGo
policy, err := peac.LoadPolicy("/.well-known/peac.txt")
if err != nil {
    log.Fatal(err)
}

decision := policy.Evaluate(peac.PolicyInput{
    SubjectType: "agent",
    Purpose:     "train",
    Licensing:   "licensed",
})

// decision.Allow is true/false
// decision.Rule is the matched rule ID

Feature Parity

The Go SDK implements the core issue and verify flow. Advanced features follow the TypeScript SDK and are added as the protocol stabilizes.

FeatureTypeScriptGo
Issue receipts (Ed25519)ShippedShipped
Verify receiptsShippedShipped
Policy evaluationShippedShipped
HTTP middlewareExpressChi, Gin
Kernel constraintsShippedPlanned
Evidence bundlingShippedPlanned
Conformance vectorsShippedPlanned

Links

Get Started

Install the Go module, issue your first receipt, and verify it in under 5 minutes. The SDK ships with Chi and Gin middleware for drop-in HTTP integration.