DEVELOPERS

Choose the fastest path to your first signed record

Start from the workflow you actually run — API publishing, MCP tools, AI agent systems, or local verification. Use the path below to issue, inspect, or verify signed records quickly.

Choose your path

Each path gets you to a working example fast.

I need to verify a signed record

Validate an interaction record signature offline using the issuer's public key. No network call required.

  1. Extract the PEAC-Receipt header
  2. Fetch the issuer JWKS (once)
  3. Call verifyLocal() with the public key
import { verifyLocal } from '@peac/protocol'View guide

I have an HTTP API that agents call

Publish a peac.txt policy, add middleware, and return verifiable interaction records in response headers.

  1. Deploy /.well-known/peac.txt
  2. Add verification middleware
  3. Return signed record headers
npm install @peac/protocol @peac/middleware-expressView guide

I run an MCP server or tool host

Install the MCP server to give AI agents five verification tools: verify, inspect, decode, issue, and bundle.

  1. Install @peac/mcp-server
  2. Configure in Claude Desktop or Cursor
  3. Agents verify records via tool calls
npx @peac/mcp-server --helpView guide

I need proof across agent hops

Attach verifiable interaction records to A2A messages. Verify authorization and policy compliance at each hop.

  1. Issue records with @peac/protocol
  2. Attach via A2A metadata carrier
  3. Verify at receiving agent
npm install @peac/protocolView guide

5-minute quickstart

Create a policy, validate it, and verify your first record.

1

Create policy

Initialize and deploy your policy to /.well-known/peac.txt

# Install CLI and init policy
npm i -g @peac/cli
peac policy init --profile api-provider

# Generate deployment files
peac policy generate --out ./public --well-known
2

Validate policy

Validate your policy file and test rule matching

# Validate policy syntax
peac policy validate peac-policy.yaml

# Explain which rule applies
peac policy explain peac-policy.yaml \
  --purpose train --type agent

# Output:
# Decision: DENY
# Matched Rule: block-training
3

Verify a record

Verify incoming PEAC-Receipt headers in your middleware

import { verifyLocal } from '@peac/protocol'
import { importJWK } from '@peac/crypto'

const key = await importJWK(jwk)
const result = await verifyLocal(receiptJws, {
  publicKey: key,
  profile: 'strict',
})

if (result.verified) {
  console.log('Valid:', result.claims)
}

Wire format

Header:
PEAC-Receipt: <compact-JWS>
Policy discovery:
/.well-known/peac.txt
Current stable format (Wire 0.2):
interaction-record+jwt
Legacy format (Wire 0.1, frozen):
peac-receipt/0.1

Built on an open protocol

No vendor lock-in. PEAC is an open standard (Apache-2.0). Self-host, use Originary, or build your own conformant implementation. Your policies, records, and verification logic work across any PEAC-conformant system.

Need managed verification or integration support?

Originary Verify offers hosted verification, managed keys, and enterprise evidence exports. Commercial support is available for teams deploying at scale.