v0.12.8

Go SDK

Planned for v0.12.4+

The Go SDK is on the roadmap but not yet published. The API surface below documents the intended design. Availability is gated on adoption signal.

Native Go implementation for issuing and verifying PEAC receipts. Ed25519 signatures, claim validation, and HTTP middleware for Chi and Gin.

Source: github.com/peacprotocol/peac/sdks/go

Install

Terminal

go get github.com/peacprotocol/peac/sdks/go

Issue a Receipt

Create a signed receipt with issuer, audience, and subject claims. The receipt is returned as a compact JWS string.

issue.goGo

receipt, err := peac.Issue(peac.IssueOptions{
    Issuer:    "https://api.example.com",
    Audience:  "https://client.example.com",
    Subject:   "user:alice",
    SigningKey: key,
})
if err != nil {
    log.Fatal(err)
}

// receipt.JWS is a compact JWS string
// Add to HTTP response header
w.Header().Set("PEAC-Receipt", receipt.JWS)

Verify a Receipt

Verify the signature and claims of a receipt JWS. The issuer allowlist restricts which issuers are accepted.

verify.goGo

result, err := peac.Verify(receiptJWS, peac.VerifyOptions{
    AllowedIssuers: []string{"https://api.example.com"},
})
if err != nil {
    log.Fatal(err)
}

if result.OK {
    fmt.Println("Issuer:", result.Claims.Issuer)
    fmt.Println("Subject:", result.Claims.Subject)
    fmt.Println("Audience:", result.Claims.Audience)
}

Middleware

The Go SDK provides middleware for Chi and Gin that extracts the PEAC-Receipt header, verifies it, and attaches the result to the request context.

Chi

chi_middleware.goGo

r := chi.NewRouter()

r.Use(peacmw.VerifyReceipt(peacmw.Config{
    AllowedIssuers: []string{"https://api.example.com"},
}))

r.Get("/protected", func(w http.ResponseWriter, r *http.Request) {
    result := peacmw.ReceiptFromContext(r.Context())
    if result == nil || !result.OK {
        http.Error(w, "Payment Required", http.StatusPaymentRequired)
        return
    }
    w.Write([]byte("Access granted"))
})

Gin

gin_middleware.goGo

r := gin.Default()

r.Use(peacgin.VerifyReceipt(peacgin.Config{
    AllowedIssuers: []string{"https://api.example.com"},
}))

r.GET("/protected", func(c *gin.Context) {
    result := peacgin.ReceiptFromContext(c)
    if result == nil || !result.OK {
        c.JSON(http.StatusPaymentRequired, gin.H{
            "error": "Payment Required",
        })
        return
    }
    c.JSON(http.StatusOK, gin.H{
        "issuer": result.Claims.Issuer,
    })
})

Policy Evaluation

Evaluate a receipt against a policy file to determine whether an interaction is permitted. The policy engine parses peac.txt format.

policy.goGo

policy, err := peac.LoadPolicy("/.well-known/peac.txt")
if err != nil {
    log.Fatal(err)
}

decision := policy.Evaluate(peac.PolicyInput{
    SubjectType: "agent",
    Purpose:     "train",
    Licensing:   "licensed",
})

// decision.Allow is true/false
// decision.Rule is the matched rule ID

Feature Parity

The Go SDK implements the core issue and verify flow. Advanced features follow the TypeScript SDK and are added as the protocol stabilizes.

Feature	TypeScript	Go
Issue receipts (Ed25519)	Shipped	Shipped
Verify receipts	Shipped	Shipped
Policy evaluation	Shipped	Shipped
HTTP middleware	Express	Chi, Gin
Kernel constraints	Shipped	Planned
Evidence bundling	Shipped	Planned
Conformance vectors	Shipped	Planned

Links

Source

sdks/go

Specification

Wire format and protocol

Conformance

Test vectors and harness

Get Started

Install the Go module, issue your first receipt, and verify it in under 5 minutes. The SDK ships with Chi and Gin middleware for drop-in HTTP integration.

View on GitHub Quickstart (TypeScript)

Back to Integrations