Skip to main content
Free and open source

Generate your AI policy pack from one file.

Write peac-policy.yaml. Generate /.well-known/peac.txt, robots AI directives, AIPREF templates, and a human policy page.

Runs locally. No tracking.Deterministic evaluation.Multi-format output.

ORIGINARY™ - Open software. Built on PEAC Protocol.

What this does and does not do

What it does

  • Generates consistent policy surfaces from one source file
  • Reduces the busywork of maintaining multiple conflicting files
  • Provides documented intent for legal clarity
  • Positions you for future enforcement (402, receipts)
  • Runs locally with no tracking or SaaS dependency

What it does not do

  • Guarantee bot compliance (policy files are advisory)
  • Force crawlers to respect your rules
  • Replace your auth, rate limits, or access controls
  • Provide legal protection by itself

Enforcement requires controls you run: rate limits, authentication, HTTP 402 challenges, and PEAC receipts. Policy Kit handles the declaration layer - consistent signals across all surfaces. Enforcement comes from your infrastructure.

Output files

From a single peac-policy.yaml, Policy Kit generates:

.well-known/peac.txt

The primary AI policy discovery file. Advertises your AIPREF URL, 402 access control, payment rails (x402, Stripe), provenance (C2PA), receipt verification endpoint, and public keys.

Who reads this: AI agents, crawlers, PEAC-compatible clients

robots-ai-snippet.txt

A block to append to robots.txt pointing AI crawlers at /.well-known/peac.txt instead of ad hoc files.

Who reads this: AI crawlers checking robots.txt

aipref-headers.json

AIPREF JSON document and HTTP header templates so AIPREF-compatible crawlers see the same policy that PEAC-Receipts snapshot.

Who reads this: AIPREF-compatible crawlers, CDN edge configs

ai-policy.md

Human-readable policy page in Markdown explaining your AI rules for lawyers, users, and partners.

Who reads this: Humans, legal teams, compliance audits

Quickstart (CLI)

Install the PEAC CLI and initialize your first policy file

1. Install the PEAC CLI

# Using npm
npm install -g @peac/cli

# Using pnpm (recommended)
pnpm add -g @peac/cli

2. Initialize your policy file

# Inside your site repo
peac policy init

# This creates peac-policy.yaml with prompts for:
Indexing
Allow or deny AI search indexing
Training
Allow or deny use in model training
RAG / Inference
Allow or deny retrieval-augmented generation
Commercial use
Allow or restrict commercial applications
Attribution
Require attribution for usage
Contact
Licensing and contact information

3. Generate your policy surfaces

peac policy generate --out ./public

# This creates:
# ./public/.well-known/peac.txt
# ./public/robots-ai-snippet.txt
# ./public/aipref-headers.json
# ./public/ai-policy.md

4. Validate anytime

peac policy validate

Validates peac-policy.yaml and generated files against PEAC 0.9.x schemas.

Deployment recipes

Drop your generated files into any hosting environment

Static hosting (Vercel, Netlify, GitHub Pages)

Copy generated files to your public/ folder. The .well-known/ directory is served automatically.

cp -r .well-known public/
cp robots-ai-snippet.txt public/

Next.js

Place files in public/.well-known/ or create a route handler for dynamic serving.

# Static: public/.well-known/peac.txt
# Dynamic: app/.well-known/peac.txt/route.ts

Cloudflare Workers

Serve /.well-known/peac.txt from a Worker or static assets.

# wrangler.toml: [site] bucket = "./public"

WordPress plugin (coming soon)

One-click publish of /.well-known/peac.txt + ai-policy page.

Roadmap

Policy Kit tracks the PEAC 0.9.x protocol line. Small, reliable, boring.

Now
CLI-only: peac policy init, generate, validate. Outputs peac.txt, robots-ai-snippet.txt, aipref-headers.json, ai-policy.md.
Next
Site checker + web wizard: Paste your domain, we fetch what you currently serve and show contradictions + missing pieces. Diff view before regenerating.
Later
Evidence mode: Export configs for Gateway 402 and Verify API so HTTP 402 challenges and PEAC-Receipts derive from the same policy source.

FAQ

Common questions about AI policy and compliance

Will OpenAI/Google/Anthropic respect my policy?

There is no guarantee. Policy files like robots.txt and peac.txt are advisory signals. Bots may or may not honor them. Your enforceable leverage is what you control: HTTP responses, auth, gating, rate limits, and (eventually) 402 challenges with receipts.

Why publish a policy if compliance is not guaranteed?

Consistency, legal clarity, and future enforcement. A declared policy (1) reduces the busywork of maintaining multiple conflicting files, (2) provides documented intent for legal disputes, and (3) positions you for enforcement when receipts and 402 challenges become standard.

Does this replace robots.txt?

No. peac.txt complements robots.txt. PEAC docs explicitly position coexistence with robots.txt, ai.txt, and llms.txt. Policy Kit can generate a robots-ai snippet you paste into your existing robots.txt.

What if I already have ai.txt or llms.txt?

Policy Kit can output compatibility snippets for multiple formats. The goal is one source of truth (peac-policy.yaml) that generates consistent signals across all surfaces.

Ready to declare your AI policy?

Start with the CLI. Add enforcement (Trace, 402, receipts) when ready.