PEAC Working Group

Open Specification

Status: Working Draft

Version: 0.10.0

Wire Format: peac-receipt/0.1

January 2026

PEAC: Policy-backed Environment for Agent Coordination

Portable receipts and machine-verifiable evidence for automated interactions across systems and organizational boundaries.

Abstract

This document specifies the PEAC Protocol, an open standard for portable receipts and machine-verifiable evidence for automated interactions across systems and organizational boundaries.

PEAC standardizes a file-discoverable policy surface and a signed receipt format that make automated interactions provable: consent, attribution, settlement references, decisions, and outcomes. Receipts are Ed25519-signed JSON Web Signatures (JWS) verified offline and deterministically.

Who: APIs, gateways, tool servers, agent platforms, and compliance/security teams operating automated traffic across org boundaries.

Why: Internal logs are not neutral proof and integrations do not interoperate. PEAC makes terms machine-readable and outcomes cryptographically verifiable, without replacing your auth, rails, or observability.

Status of This Document

This is a working draft. The wire format peac-receipt/0.1 is the normalized baseline (v0.10.0+).

1. Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119.

Receipt: A cryptographically signed attestation of a completed transaction or policy evaluation.
Issuer: The entity that creates and signs receipts. Identified by the iss claim.
Verifier: Any party that validates receipt signatures and claims.
Policy: A machine-readable declaration of access terms, published at /.well-known/peac.txt.
PaymentEvidence: Structured proof of payment including rail, amount, currency, and optional facilitator.
Attestation: A generic third-party claim attached to a receipt (e.g., risk assessment, compliance check).

Core Primitives

Primitive	Stable	Description
Receipt envelope	Yes	`typ: peac-receipt/0.1`, Ed25519 JWS signature
Receipt header	Yes	`PEAC-Receipt: <jws>`
Policy surface	Yes	`/.well-known/peac.txt` discovery and parse rules
Verification report	Yes	Deterministic JSON output from verify operations
Dispute Bundle	Yes	ZIP with receipts + policy + report for offline audit
Conformance vectors	Yes	Golden inputs/outputs in `specs/conformance/`

Stable contracts: Receipt schema, header name, discovery path, and bundle format are stable under the pre-1.0 compatibility policy. Breaking changes require a new typ version.

Transports and Bindings

PEAC is transport-agnostic. The most common binding is HTTP/REST, where receipts travel as a response header (PEAC-Receipt) and policies are discovered via /.well-known/peac.txt.

Binding	How receipts travel
HTTP/REST (default)	Response header `PEAC-Receipt: <jws>`
MCP	Tool result metadata (`_meta.org.peacprotocol/receipt`)
A2A	Agent exchange attachments
WebSocket/streaming	Periodic or terminal receipts for long-running sessions
Queues/batches	NDJSON receipts verified offline via bundles

Interoperability and Mappings

PEAC receipts can be carried through other interaction standards via mappings. PEAC does not orchestrate these protocols -- it provides portable proof of what terms applied and what happened.

Standard / Rail	PEAC Role	Package
MCP	Receipts in tool response metadata	`@peac/mappings-mcp`
A2A / ACP	Receipts in agent exchange attachments	`@peac/mappings-acp`
UCP	Webhook verification + dispute evidence	`@peac/mappings-ucp`
TAP	RFC 9421 HTTP message signature verification	`@peac/mappings-tap`
x402	Settlement evidence in receipt claims	`@peac/rails-x402`
Stripe	Payment intent evidence	`@peac/rails-stripe`

Where PEAC fits (and where it does not)

PEAC provides: Policy surfaces, signed receipts, verification rules, and offline evidence bundles.

PEAC does not replace:

-OpenTelemetry: OTel is observability. PEAC is portable proof that can correlate to traces.
-MCP / A2A: These coordinate tool use and agent exchanges. PEAC carries proof alongside them.
-AP2 / ACP / UCP: These authorize and orchestrate commerce flows. PEAC provides verifiable evidence of terms, decisions, and outcomes around those flows.
-Payment rails: Rails move funds. PEAC records settlement references and makes outcomes verifiable.

PEAC is the evidence layer, not a replacement for identity, payment, or observability systems.

2. Wire Format

PEAC receipts are encoded as JWS Compact Serialization (RFC 7515) with detached payload option available. The receipt MUST be transmitted via the PEAC-Receipt HTTP header.

PEAC-Receipt: <base64url(header)>.<base64url(payload)>.<base64url(signature)>

Header (REQUIRED):
{
  "alg": "EdDSA",           // MUST be EdDSA
  "typ": "peac-receipt/0.1", // MUST be this value
  "kid": "peac-2025-12"      // Key identifier
}

Payload (REQUIRED fields):
{
  "iat": 1735500000,         // Unix timestamp (seconds)
  "iss": "https://api.example.com",
  "amt": 100,                // Amount in minor units
  "cur": "USD",              // ISO 4217 currency
  "payment": {               // Payment evidence
    "rail": "x402",
    "facilitator": "daydreams"
  }
}

Wire Schema (v0.9.21+)

JSON Schema definitions are available at specs/wire/ with Ajv 2020-12 validation and conformance fixtures.

3. Policy Discovery

Agents MUST attempt to fetch policy from these locations in order:

/.well-known/peac.txt (primary)
/peac.txt (fallback)

The policy file uses YAML format with the following structure:

version: "peac-policy/0.1"
rules:
  - id: allow-licensed
    match:
      subject_type: [agent, organization]
      purpose: [train, inference]
      licensing_mode: licensed
    decision: allow
    receipts: required

  - id: allow-crawl
    match:
      purpose: [crawl, index, search]
    decision: allow

  - id: deny-unlicensed-training
    match:
      purpose: [train]
      licensing_mode: unlicensed
    decision: deny

4. Receipt Structure

Claim	Type	Status	Description
iat	number	REQUIRED	Issued-at timestamp (Unix seconds)
iss	string	REQUIRED	Issuer URI
amt	number	RECOMMENDED	Amount in minor units (cents)
cur	string	RECOMMENDED	ISO 4217 currency code
payment	PaymentEvidence	OPTIONAL	Payment evidence with rail and facilitator
attestations	Attestation[]	OPTIONAL	Third-party attestations (v0.9.21+)
extensions	Extensions	OPTIONAL	Namespaced extension fields (v0.9.21+)
prov	object	OPTIONAL	Provenance metadata (C2PA, etc.)
aud	string	OPTIONAL	Intended audience

5. Verification Procedure

Verifiers MUST perform these steps in order:

Parse JWS: Decode base64url header and payload. Reject malformed tokens.
Validate header: Confirm alg is “EdDSA” and typ is “peac-receipt/0.1”.
Fetch JWKS: Retrieve public key from issuer's /.well-known/jwks.json matching kid.
Verify signature: Validate Ed25519 signature over header.payload.
Check timestamp: Reject if iat differs from current time by more than 5 minutes.
Validate evidence: Ensure payment.evidence contains only JSON-safe values (no NaN, Infinity, cycles).

6. Conformance Levels

L0Discovery

-Parse /.well-known/peac.txt
-Understand version field
-Honor usage directive

L1HTTP

-Return proper status codes
-Use Problem Details (RFC 9457)
-Include PEAC-Receipt header

L2Policy

-Enforce rate limits
-Validate purposes
-Check attribution requirements

L3Commerce

-Support HTTP 402 flow
-Issue valid receipts
-Verify payment evidence

Conformance Harness (v0.9.21-v0.9.27+)

The protocol includes a conformance test suite with valid, invalid, and edge-case fixtures. See specs/conformance/ for golden vectors across all attestation types (generic, agent-identity, attribution, dispute).

7. Evidence & Attestations

PEAC v0.9.21 introduces generic Attestation and Extensions types for extensible evidence attachment. v0.9.25-v0.9.27 add specialized attestation types: peac/agent-identity (v0.9.25), peac/attribution (v0.9.26), and peac/dispute (v0.9.27).

Attestation Structure

{
  "attestations": [{
    "type": "risk_assessment",
    "issued_at": 1735500000,
    "issuer": "https://risk.example.com",
    "data": {
      "score": 0.95,
      "level": "low"
    }
  }],
  "extensions": {
    "acme/tracking_id": "abc123",
    "vendor/metadata": { "key": "value" }
  }
}

Evidence Validation

All evidence fields MUST contain JSON-safe values only. The protocol rejects NaN, Infinity, object cycles, and class instances at issuance time. DoS caps apply: maxDepth (32), maxArrayLength (10k), maxObjectKeys (1k), maxStringLength (64KB), maxTotalNodes (100k).

8. Security Considerations

Key Management

Issuers MUST rotate keys regularly. The kid field enables graceful key rotation. Old keys SHOULD remain in JWKS for verification of existing receipts.

Replay Protection

Verifiers SHOULD implement nonce tracking or timestamp windows to prevent receipt replay attacks. TAP (Trusted Agent Protocol) enforces an 8-minute maximum time window.

JWKS Fetch Security

JWKS endpoints MUST be served over HTTPS. Verifiers MUST validate TLS certificates and SHOULD implement SSRF protections including literal IP blocking.

Fail-Closed Defaults

ISSUER_ALLOWLIST is REQUIRED (500 if empty). Unknown TAP tags are rejected by default. Replay protection is required when nonce is present.

9. Telemetry & Observability

PEAC v0.9.22 introduces telemetry hooks in the issue() and verify() functions with privacy-preserving modes.

Strict Mode

Hash all identifiers. Requires hashSalt. Maximum privacy.

Balanced Mode

Include rail + amounts. Hash sensitive fields. Recommended default.

Custom Mode

Allowlist-based field inclusion. Full control over what is emitted.

OpenTelemetry Integration

import { createOtelProvider } from '@peac/telemetry-otel'

const provider = createOtelProvider({
  tracer,
  meter,
  privacyMode: 'balanced'
})

// Automatically emits spans and metrics
const { jws } = await issue({ ...claims, telemetry: provider })

10. Normative References

[RFC2119]

Key words for use in RFCs to Indicate Requirement Levels

[RFC7515]

JSON Web Signature (JWS)

[RFC7517]

JSON Web Key (JWK)

[RFC8032]

Edwards-Curve Digital Signature Algorithm (EdDSA)

[RFC9110]

HTTP Semantics

[RFC9421]

HTTP Message Signatures

[RFC9457]

Problem Details for HTTP APIs

Security Model

•JWS signature verification required before trusting any receipt claim
•Key discovery via JWKS endpoints with SSRF guards and timeouts
•No silent network fallback for offline verification (fail-closed)
•Replay protection via nonce + timestamp validation
•Request binding (DPoP) supported where rail adapter enables it
•Errors mapped to RFC 9457 Problem Details (no internal details exposed)

See SECURITY.md and PROTOCOL-BEHAVIOR.md for full details.

Evidence Vocabulary

Term	Definition
Receipt	JWS-signed proof of an interaction (who, what, when, terms, payment evidence)
Policy surface	`/.well-known/peac.txt` file declaring terms, purposes, and receipt requirements
Rail adapter	Maps payment settlement evidence into receipt claims
Verification report	Deterministic, machine-readable output from verifying a receipt or bundle
Dispute Bundle	ZIP container with receipts + policy snapshot + verification report for offline audit
Conformance vectors	Golden inputs/outputs for testing independent implementations

Versioning and Compatibility

Current status: The wire format, headers, and discovery paths are stable under a pre-1.0 compatibility policy. SDK APIs may evolve between minor versions as the protocol matures toward v1.0.

What's Stable

•Receipt envelope format (typ: peac-receipt/0.1)
•Header name (PEAC-Receipt)
•Discovery path (/.well-known/peac.txt)
•Bundle structure and determinism rules
•Conformance vector format

What May Change

•Internal package APIs (@peac/kernel, @peac/schema, etc.)
•Rail adapter interfaces
•CLI command flags

Compatibility policy:

•Conformance vectors and changelogs published for every release
•Wire format changes require a new typ version
•Cross-language parity: TypeScript and Go implementations produce identical outputs

API Reference Quickstart GitHub Releases