PEAC Protocol
Originary publishes and maintains PEAC Protocol, the open standard for issuing signed records another party can verify without trusting the original dashboard. Self-hostable. Apache-2.0. No Originary account required.
PEAC Protocol is open-source software published by Originary.
Originary maintains the protocol specification, reference implementation, CLI, SDK packages, conformance fixtures, and verification tooling. The software is distributed through the public PEAC GitHub repository and related package registries under Apache-2.0.
Originary
Originary publishes and maintains PEAC Protocol and its reference tooling.
GitHub
Download PEAC Protocol by Originary from the public GitHub repository and npm package registries.
Apache-2.0
PEAC Protocol is open-source software. Self-hostable. No Originary account required.
A record that survives the boundary.
PEAC defines how a system issues a signed record for an automated action so another party can verify what happened, without trusting the original system or its dashboard.
One artifact, many signers
Every record is signed with Ed25519. Issuers publish their public key once. Verifiers check the signature offline against that key.
Travels across systems
Records are carried as compact JWS strings or exported as bundles. They do not depend on the issuer's dashboard, database, or API to stay verifiable.
Apache-2.0
Originary publishes the protocol specification, reference implementations, and core tooling publicly on GitHub. Anyone can self-host, issue, and verify records without an Originary account or managed service.
v0.14.2 on npm latest.
Released 2026-05-11. Reference implementation, conformance fixtures, and signed-record adapters published in the open.
One signed artifact. Four bindings.
Each record binds the action that happened, the policy that applied, the result that was produced, and the signature that proves the issuer asserted all three.
What happened
The boundary action. An API call, MCP tool run, gateway decision, provisioning event, or payment-related machine action. Captured as a typed receipt referencing one of 36+ publishable schemas.
Under what terms
A digest of the policy or terms that applied at issue time. Verifiers can prove a record was issued under a specific version of peac.txt or another published policy document.
What returned
Status, digests, observed outcome. The record commits to what the issuer says happened, so a later review does not depend on log retention.
Who asserted it
Ed25519 signature over the canonical JWS signing input. Issuer key is published once at /.well-known/peac-issuer.json. Verification is offline.
One primitive, many proof workflows.
PEAC composes with the systems your stack already uses. Each profile maps an existing surface to a portable signed record without replacing the runtime that produced it.
Self-host the protocol or use it with Originary.
Anyone can self-host PEAC Protocol, issue records, and verify them without an Originary account or managed service. Originary publishes and maintains PEAC Protocol and also offers commercial tools, managed verification, and deployment support for teams running it in production.
Apache-2.0
- Full protocol specification
- Reference TypeScript implementation
- CLI for issuance and verification
- MCP server for tool-call records
- No Originary account or managed service required
Originary Verify
- Hosted issuance and verification
- KMS-backed signing keys
- Audit bundle export
- Implementation and rollout support
- Procurement-ready record artifacts
Two lines to a verifier.
Install the public packages from the npm latest dist-tag and verify a signed record locally.
npm i -g @peac/cli npx -y @peac/cli verify ./record.jws
Or install the libraries: @peac/protocol @peac/crypto @peac/schema @peac/mcp-server