Agents cross boundaries.
Logs don't.
When an agent, API, or MCP server acts across systems, each side has its own logs. PEAC adds signed, portable proof both sides can verify independently.
How it works
/.well-known/peac.txtPEAC-Receipt: eyJ...verifyLocal(receipt, key)What you have vs. what PEAC adds
Essential for debugging and operations within your system boundary.
Distributed traces and metrics across your stack. The standard for internal observability.
Signed, portable proof that complements logs and traces with cross-org verification. No central authority required.
The boundary problem
When systems disagree, there is no neutral record
Provider
“Our API returned the agreed response. Our logs confirm it.”
Operator
“That is not what we received. Our logs tell a different story.”
Auditor
Screenshots. Fragmented traces. No shared artifact both sides can independently verify.
What PEAC provides
A signed record issued at the moment of interaction, verifiable by any party, portable across systems. Both sides hold the same artifact. No central authority arbitrates the truth.
Use cases
What PEAC enables
Governed APIs and agent calls
Publish machine-readable terms and return proof that those exact terms were applied to that exact request. No vendor arbitrates the truth.
MCP tool call evidence
Attach a signed record to every MCP tool response. Agents and operators each hold verifiable proof of what happened.
Audit and dispute resolution
When an action is questioned, present the signed record or export a bundle. Not screenshots and logs from one side.
Complementary by design
The evidence layer
PEAC works alongside the systems you already use. It adds portable, verifiable proof without replacing anything in your stack.
Essential debugging and operational visibility within your system
Distributed traces and metrics: the standard for internal observability
Identity verification and access control for your services
Tool coordination and agent-to-agent communication protocols
Moving funds, settlement, and financial infrastructure
PEAC is the evidence layer. It complements every system above without replacing any of them.
Protocol flow
How PEAC works
Publish terms
Service publishes machine-readable access, payment, and usage terms.
/.well-known/peac.txtReturn proof
Every response carries a signed interaction record in the header or transport metadata.
PEAC-Receipt: eyJ...Verify locally
Any party verifies the record offline using the issuer's public key.
verifyLocal()Bundle evidence
Export a portable archive with records, policy snapshots, keys, and verification output.
peac-bundle/0.1Choose a starting point
Each path takes under 5 minutes to first receipt.
Stewarded by
Open protocol, open governance
PEAC is an open protocol in active development, stewarded by Originary. Public repo, Apache-2.0, open specifications, versioned releases, and conformance artifacts. Contributions and implementations are welcome.
Common questions
Who is using PEAC today?
PEAC is an early-stage open standard in active development. Public artifacts include the verifier, TypeScript SDK (29 packages), conformance suite (361 checks), and reference integrations for HTTP APIs, MCP, A2A, and commerce flows. The verification surface and wire format are stable at v0.12.4; library APIs may still evolve before v1.0.
How long does integration take?
Adding the Express middleware takes under 5 minutes. A full MCP server integration with 5 tools takes about an hour. Integrating a payment rail involves mapping payment events to PEAC commerce evidence fields, which typically takes a day for a new adapter.
What does PEAC cost?
Nothing. PEAC is an Apache-2.0 open standard. There is no hosted service, no account, no API key, and no usage fee. You publish your own keys and policy, sign receipts with your own infrastructure, and verifiers check them independently.
Does PEAC replace our existing logs, traces, or auth?
No. Logs, OpenTelemetry, and auth each serve critical functions. PEAC complements them by adding a cross-boundary evidence layer: signed, portable proof that another party can verify independently.
Is verification really offline?
Yes, once the verifier has the issuer's public key or a bundled verification artifact. Key acquisition may involve a network step. Signature and claims verification do not.
Is PEAC production-ready?
The wire format and verification surface are stable at v0.12.4. Library APIs may still evolve before v1.0. Teams typically start by issuing receipts on one endpoint, then expand to MCP, A2A, or commerce flows once verification is in place.
Open protocol. Active development.
PEAC is an early-stage open standard. Wire format and verification surface are stable at v0.12.4. Library APIs may still evolve before v1.0.