Open standard
for verifiable interaction records.
PEAC defines how systems issue signed records for automated actions, so another party can verify what happened without trusting the original system.
Originary is one implementation. PEAC remains open, neutral, and implementation-independent.
What PEAC defines
Three protocol surfaces for verifiable automated interactions
Policy discovery
Publish machine-readable interaction terms and rules at a well-known endpoint. Agents and systems discover your policies before making requests.
Interaction record format
Issue signed records for automated requests. Ed25519 signatures, compact JWS serialization, and deterministic claim structure.
Verification and conformance
Verify records independently with the public key alone. Conformance testing ensures cross-implementation compatibility deterministically.
What PEAC does not replace
PEAC is designed to interoperate with adjacent standards rather than replace them.
PEAC vs Originary
PEAC Protocol
- ✓Open standard
- ✓Machine-readable interaction terms
- ✓Signed interaction record format
- ✓Independent verification
- ✓Conformance and interoperability
- ✓Implementation-neutral by design
Originary (product)
- •Production product surface
- •Deployment paths
- •Verification workflows
- •Inspection and export tools
- •Enterprise rollout support
- •Optional, not required for the protocol
Implementation status
PEAC is an open standard under active development. No single implementation has privileged status. Originary is one implementation; independent implementations are welcome. Conformance testing is the interoperability anchor.
Where signed records attach
Protocol capability map for APIs, MCP, A2A, commerce-related workflows, managed-agent runtimes, and other verifiable automated interactions
Who and why
Access
Declare who can use your resources and under what conditions
Identity
Signed proof-of-control for agents and operators
Purpose
Declared intent of each interaction and purpose-driven access
Trust and governance
Consent
Explicit, machine-readable consent before access
Privacy
Minimal disclosure and selective transparency
Compliance
Audit trails and records for regulatory requirements
Safety
Defense-in-depth security and safe-by-default configuration
Evidence and value
Attribution
Every request carries verifiable identity and intent
Provenance
Signed evidence of what happened and when
Commerce
x402 v1/v2, paymentauth/MPP, ACP session evidence, and payment rail mappings
v0.14.0 implementation surface
The current reference implementation publishes 36 packages with 9214 tests across core records, commerce mappings, agent runtimes, and record exports.
Core record and policy stack
@peac/protocol, @peac/crypto, @peac/schema, @peac/kernel, @peac/control, @peac/audit, @peac/policy-kit, middleware, CLI, API, and verifier surfaces.
Commerce and payment evidence
@peac/adapter-x402, x402 v1/v2 carrier parsing, @peac/mappings-paymentauth, MPP mappers, @peac/mappings-acp, UCP, pay402, Stripe, card, and Razorpay rails.
Agent and runtime governance
@peac/mcp-server, MCP and A2A carriers, @peac/adapter-openclaw, @peac/adapter-managed-agents, @peac/adapter-runtime-governance, and OpenAI-compatible adapters.
Provenance, telemetry, and transport
in-toto and SLSA mappings, OpenTelemetry support, gRPC transport, DID, HTTP signatures, JWKS cache, receipts, and worker/server packages.
Reference implementation and tools
Reference implementation, SDKs, adapters, mappings, and developer tools
PEAC Core (36 packages)
TypeScript/JavaScript: protocol, crypto, schema, MCP server, payment mappings, runtime adapters, and more
CLI tools
Command-line utilities for policy validation and record verification
Examples
Integration kits for MCP, A2A, x402, ACP, paymentauth/MPP, runtime governance, and sample implementations
Interoperability
PEAC is designed to interoperate with adjacent standards rather than replace them
HTTP 402 and x402
Commerce and signed records for machine-payable APIs with x402 v1/v2 evidence mapping
paymentauth and MPP
HTTP Payment Authentication and MPP payment attempt or settlement events mapped into PEAC evidence
Agentic Commerce Protocol
ACP session and delegated-commerce evidence without replacing ACP state or payment finality semantics
AIPREF
AI preference standard for policy discovery and consent
Model Context Protocol
MCP tool verification, _meta carriers, and five local verification tools for agent coordination
A2A Protocol
A2A v1.0.0 metadata carriers with verifiable interaction records across agent hops
OpenClaw and managed agents
Runtime event capture for tool calls, sessions, tasks, permissions, MCP calls, and outcomes
in-toto and SLSA
Supply-chain provenance and attestation mappings for existing build and release systems
All integrations
Explore all supported standards and protocols
Governance and contributing
PEAC is developed in public under the Apache-2.0 license. Originary (Poem, Inc.) is the primary maintainer today. Contributions are welcome. Supply chain hardening includes automated audit gates, lockfile drift detection, and a published security policy.
PEAC Protocol FAQ
Common questions about the open standard
PEAC is an open standard for publishing interaction terms and producing verifiable interaction records for automated requests.
Yes. The goal is independent implementations and consistent verification behavior across vendors.
PEAC is designed to interoperate. It focuses on the record and verification layer, while other standards cover payments, agent frameworks, or preference signaling.
Conformance defines deterministic rules and test vectors so multiple implementations produce verifiable, compatible results.
Start with the spec, conformance tests, and reference implementation. Contributions that improve interoperability and determinism are highest value.