Build with Originary

Add verifiable interaction records to your stack, powered by PEAC. Choose your integration path.

Stable: v0.12.328 packages on npmApache-2.0
# Install core packagesnpm install @peac/protocol @peac/crypto @peac/schema# Or install the CLInpm install -g @peac/cli

How do I...

Four paths to add verifiable interaction records to your stack.

Add to an HTTP API

Publish a peac.txt policy, add middleware to check requests, and return signed interaction records in response headers.

  1. Deploy /.well-known/peac.txt
  2. Add verification middleware
  3. Return signed record headers
npm install @peac/protocol @peac/middleware-expressView guide

Add to an MCP server

Install the PEAC MCP server to give AI agents five verification tools: verify, inspect, decode, issue, and bundle.

  1. Install @peac/mcp-server
  2. Configure in Claude Desktop or Cursor
  3. Agents verify records via tool calls
npx @peac/mcp-server --helpView guide

Add to an A2A flow

Attach signed interaction records to agent-to-agent messages using the A2A metadata carrier. Verify at each hop.

  1. Issue records with @peac/protocol
  2. Attach via A2A metadata carrier
  3. Verify at receiving agent
npm install @peac/protocolView guide

Verify a record

Validate a PEAC interaction record signature offline using the issuer's public key. No network call required.

  1. Extract the PEAC-Receipt header
  2. Fetch the issuer JWKS (once)
  3. Call verifyLocal() with the public key
import { verifyLocal } from '@peac/protocol'View guide

5-minute quickstart

Create a policy, validate it, and verify your first record.

1

Create policy

Initialize and deploy your policy to /.well-known/peac.txt

# Install CLI and init policy
npm i -g @peac/cli
peac policy init --profile api-provider

# Generate deployment files
peac policy generate --out ./public --well-known
2

Validate policy

Validate your policy file and test rule matching

# Validate policy syntax
peac policy validate peac-policy.yaml

# Explain which rule applies
peac policy explain peac-policy.yaml \
  --purpose train --type agent

# Output:
# Decision: DENY
# Matched Rule: block-training
3

Verify a record

Verify incoming PEAC-Receipt headers in your middleware

import { verifyLocal } from '@peac/protocol'
import { importJWK } from '@peac/crypto'

const key = await importJWK(jwk)
const result = await verifyLocal(receiptJws, {
  publicKey: key,
  profile: 'strict',
})

if (result.verified) {
  console.log('Valid:', result.claims)
}

Wire format

Header:
PEAC-Receipt: <compact-JWS>
Policy discovery:
/.well-known/peac.txt
Current stable format (Wire 0.2):
interaction-record+jwt
Legacy format (Wire 0.1, frozen):
peac-receipt/0.1

Built on an open protocol

No vendor lock-in. PEAC is an open standard (Apache-2.0). Self-host, use Originary, or build your own conformant implementation. Your policies, records, and verification logic work across any PEAC-conformant system.

Need integration support?

Commercial support is available for teams deploying at scale.