Record gallery

Six workflows. One way to verify them.

Every record below carries the same skeleton: facts, policy, result, time, issuer, signature. Read one and you can read them all, and each verifies offline with a single command. Records can also be linked: an approval to the execution it authorized, an acknowledgment to the record it references, a run summary sealing a set, so a sequence becomes verifiable, not just a single event.

factspolicyresulttimeissuersignature
Logs stay local. Signed records travel.
Record gallery06 workflowsOne primitiveVerifies offline
01 - API call

Prove what your API did, without opening your logs.

Answers which endpoint was called, which terms applied, and what result the API returned.

Verify it
npx -y @peac/cli verify ./api-call.jws --public-key ./jwks.json
Expected
Signature valid (offline)
Flip one byte and verification fails. A failed check is also evidence.
basic-recordverified offline
Issuer
https://api.vendor.example
Action
POST /v1/market-data/search
Policy
terms:v3 sha256:81af2c...
Result
200 sha256:9a3c1d...
Time
2026-06-12T14:08:11Z
Signature
Ed25519 b2c1a4e8...
sample record - demo signature
Decoded payload
{
  "iss": "https://api.vendor.example",
  "action": "POST /v1/market-data/search",
  "policy": { "ref": "terms:v3", "digest": "sha256:81af2c..." },
  "result": { "status": 200, "digest": "sha256:9a3c1d..." },
  "occurred_at": "2026-06-12T14:08:11Z"
}
02 - MCP tool run

When an MCP tool runs, proof can leave the server.

Answers which tool was called, under what policy, and what result digest came back. Full MCP page.

Verify it
npx -y @peac/cli verify ./mcp-tool-run.jws --public-key ./jwks.json
Tamper case

Change the tool name, the result digest, or one character of the signature and verification fails with E_INVALID_SIGNATURE.

mcp-tool-runverified offline
Issuer
https://mcp.vendor.example
Tool
tools.call search_docs
Policy
tool-policy:v2 sha256:4e21b8...
Result
ok sha256:9a3c1d...
Time
2026-06-12T14:08:11Z
Signature
Ed25519 7d40e2c9...
carried in MCP response metadata - travels separately from the server
03 - Agent action

What did the agent do, and what was it bound to?

Answers which agent acted, which input digests, and which mandate or policy version the action was bound to.

Verify it
npx -y @peac/cli verify ./agent-action.jws --public-key ./jwks.json
Tamper case

Swap the mandate digest for a newer version after the fact and the record still shows the digest that was actually bound at signing time.

full-recordverified offline
Issuer
https://runtime.vendor.example
Agent
research-agent-v3
Action
summarize_filing
Input
sha256:c41b09...
Policy
mandate:v2 sha256:5fe013...
Time
2026-06-12T14:09:02Z
Signature
Ed25519 91bc44a0...
sample record - demo signature
04 - Gateway decision

A deny is evidence too.

Answers what happened at the boundary before a request was routed, throttled, or refused. A denied call is still a signed, verifiable event: reviewers see what was refused without reading your gateway logs.

Verify it
npx -y @peac/cli verify ./gateway-deny.jws --public-key ./jwks.json
Expected
Signature valid (offline)
decision: denied - the signature is valid, the answer was no
org.peacprotocol/access-decisiondecision: denied
Issuer
https://gateway.vendor.example
Request
tools.call export_billing
Policy
tool-policy:v2 sha256:4e21b8...
Result
denied - policy_violation
Time
2026-06-12T14:10:40Z
Signature
Ed25519 e02d7f15... valid
deny-as-evidence - the refusal itself is portable proof
05 - Payment event

Payment rails move value. Records prove context.

Answers what a payment was tied to. The rail proves value moved; the record binds the action, the mandate, and the observed state to one signed artifact. Agentic commerce page.

Verify it
npx -y @peac/cli verify ./payment-event.jws --public-key ./jwks.json
Tamper case

Point the record at a different payment reference after settlement and the original reference stays bound under the signature.

payment-eventverified offline
Issuer
https://api.vendor.example
Event
authorized
Action
POST /v1/market-data/search
Ref
rail reference - x402-style
Mandate
sha256:77ab90...
Time
2026-06-12T14:08:12Z
Signature
Ed25519 30cf81d6...
observation record - not a payment instruction - no funds custody
06 - Provisioning event

Who changed what, and which system says so.

Answers which account, resource, credential, or subscription event occurred, and who issued it. Useful long after dashboards and sessions are gone. Full provisioning page.

Verify it
npx -y @peac/cli verify ./provisioning-event.jws --public-key ./jwks.json
Tamper case

Backdate the rotation in a spreadsheet all you want: the signed time in the record is the time the issuer asserted.

event-time-recordverified offline
Issuer
https://ci.vendor.example
Event
credential.rotated
Resource
deploy-key-7
Actor
release-pipeline
Time
2026-06-12T03:00:00Z
Signature
Ed25519 4ab2c7e1...
sample record - demo signature
What v0.16.2 adds

Broader evidence coverage, same wire format.

PEAC v0.16.2

Portable evidence beyond single signed records: the wire format stays stable while evidence coverage broadens.

Paid resource recordsPaid MCP tool recordsLinked counterparty acknowledgmentsMerkle commitment helpersExternal evidence anchoringAgent spend attributionAgent run lineage recordsConsented action recordsRuntime lineage exports

Broader evidence coverage, not a new payment rail, gateway, or policy engine.

Generate these yourself in one command.

pnpm dlx @peac/cli samples generate -o ./s
pnpm dlx @peac/cli verify ./s/valid/basic-record.jws --public-key ./s/bundles/sandbox-jwks.json

Signature valid (offline) - PEAC v0.16.2