Skip to content
v0.11.2

Evidence Bundles

A peac-bundle/0.1 evidence bundle is a portable ZIP archive that contains signed receipts, a policy snapshot, a verification report, and a manifest. Bundles are self-contained and can be verified offline without network access.

Bundle Format

The bundle format identifier is peac-bundle/0.1. Each bundle is a standard ZIP archive with a fixed directory structure:

peac-bundle/0.1 directory structure
bundle.zip
  receipts/
    receipt-001.jws        # Compact JWS (EdDSA, peac-receipt/0.1)
    receipt-002.jws
    ...
  policy/
    peac.txt               # Policy snapshot at bundle creation time
  reports/
    verification.json      # Verification report (pass/fail per receipt)
  manifest.json            # Bundle metadata

Contents

FileFormatDescription
receipts/*.jwsJWS Compact SerializationSigned receipts (Ed25519, peac-receipt/0.1 type)
policy/peac.txtYAML-like textPolicy snapshot from the issuer at bundle creation time
reports/verification.jsonJSONPer-receipt verification results (signature, expiry, issuer checks)
manifest.jsonJSONBundle metadata: bundle_id, created_at, receipt_count

Manifest

The manifest.json file describes the bundle contents:

manifest.jsonJSON
{
  "format": "peac-bundle/0.1",
  "bundle_id": "01JQXF8N7K4P2R3S5T6V7W8X9Y",
  "created_at": "2026-02-25T12:00:00Z",
  "receipt_count": 12,
  "issuer": "https://publisher.example.com",
  "policy_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb924..."
}

Create via CLI

The peac bundle create command assembles receipts, fetches the current policy snapshot, runs verification, and writes the ZIP archive:

Terminal
# Create a bundle from a directory of receipts
peac bundle create --receipts ./receipts --output bundle.zip

# Include a specific policy file
peac bundle create --receipts ./receipts --policy ./peac.txt --output bundle.zip

# Verify the bundle offline (no network)
peac bundle verify bundle.zip --offline

Package: @peac/cli

Create via MCP

The peac_create_bundle MCP tool creates bundles from within an agent workflow. It requires an issuer key and a directory of receipts.

MCP tool callJSON-RPC
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "peac_create_bundle",
    "arguments": {
      "receipts_dir": "./receipts",
      "output_path": "./evidence/bundle.zip"
    }
  }
}

Package: @peac/mcp-server

Offline Verification

Bundle verification is deterministic and requires no network access. The verifier checks each receipt against the policy snapshot and JWKS included in the bundle:

1. Manifest integrity

Verify receipt_count matches the number of files in receipts/.

2. Policy hash

Verify sha256(policy/peac.txt) matches the manifest policy_hash.

3. Receipt signatures

Each receipt JWS is parsed, the Ed25519 signature is verified, and expiry/issuer claims are validated.

4. Verification report

Results are written to reports/verification.json with per-receipt pass/fail status and failure reasons.

Use Cases

Billing Disputes

Export all receipts for a billing period into a single bundle. The counterparty can verify payment evidence offline without API access.

Compliance Audit

Provide auditors with a self-contained archive of interaction evidence and the policy that was in effect at the time of each interaction.

Incident Response

Collect receipts from a specific time window for forensic review. The bundle preserves the policy context and verification state at the time of collection.

Verification Report

The verification report contains per-receipt results:

reports/verification.jsonJSON
{
  "bundle_id": "01JQXF8N7K4P2R3S5T6V7W8X9Y",
  "verified_at": "2026-02-25T12:01:00Z",
  "results": [
    {
      "file": "receipts/receipt-001.jws",
      "rid": "01JQXF8N7K...",
      "status": "verified",
      "checks": {
        "signature": "pass",
        "expiry": "pass",
        "issuer": "pass"
      }
    },
    {
      "file": "receipts/receipt-002.jws",
      "rid": "01JQXF9A2B...",
      "status": "failed",
      "checks": {
        "signature": "pass",
        "expiry": "fail",
        "issuer": "pass"
      },
      "reason": "Receipt expired at 2026-02-24T00:00:00Z"
    }
  ]
}

Links

Receipts and Evidence Carriers

Evidence bundles collect receipts that were originally issued and transported via the Evidence Carrier Contract. Each receipt in the bundle is a standard peac-receipt/0.1 JWS that can also be verified individually outside the bundle context.