PEACProtocol

peac.txt Policy File

A machine-readable policy file for agent coordination. Defines access terms, attribution requirements, and verification methods using standard web protocols.

View ExamplesValidation ToolsSpecification
Current version: 0.9.10 • Protocol headers: x-peac-*

How peac.txt works

1
Policy discovery - Agents read your policy file at /.well-known/peac.txt
2
Purpose declaration - Specify allowed uses (indexing, research) and restricted uses (training)
3
Access control - Set rate limits, quotas, and attribution requirements
4
Receipt verification - Agents provide cryptographic proof of compliance

Relationship to robots.txt

robots.txt provides basic crawler directives. It is advisory and cannot verify compliance.

peac.txt extends this model with verifiable receipts, purpose-based access control, attribution tracking, and optional payment flows.

Files work together. Use robots.txt for basic crawling rules and peac.txt for agent coordination.

Policy Examples

Basic policy

Allows indexing and research with attribution. Other purposes require negotiation.

/.well-known/peac.txt
version: 0.9.10
usage: conditional
purposes: [indexing, research]
attribution: required
attribution_format: "Source: {url} via PEAC"

Complete policy

Includes rate limits, retention policies, payment endpoints, and contact information.

/.well-known/peac.txt
# PEAC policy for yourdomain.com
version: 0.9.10
usage: conditional

# Basic usage - indexing and research allowed
purposes: [indexing, research]
attribution: required
attribution_format: "Source: {url} via PEAC"

# Privacy and retention
consent: optional
privacy_policy: https://yourdomain.com/privacy
data_retention: P30D

# Access limits and free tier
rate_limit: 600/hour
daily_limit: 3000
free_quota: 1000

# Pricing for non-free purposes
price: $0.01/MB
currency: USD
payment_methods: [stripe, crypto, lightning]
payment_endpoint: https://api.yourdomain.com/peac/pay

# Negotiate terms for AI training or commercial use
negotiate: https://api.yourdomain.com/peac/negotiate

# Contacts
contact: hello@yourdomain.com
support: https://yourdomain.com/contact

Research-only policy

Restricts access to research purposes only. All other uses require explicit negotiation.

/.well-known/peac.txt
version: 0.9.10
usage: conditional
purposes: [research]
attribution: required
consent: required
negotiate: https://api.yourdomain.com/peac/negotiate

File placement: Primary location /.well-known/peac.txt, with optional fallback at /peac.txt

Protocol Flow

1
Discovery: Agent reads policy at /.well-known/peac.txt
2
Negotiation: Agent calls negotiate endpoint if required
3
Receipt: Agent obtains signed receipt with terms/payment proof
4
Access: Agent includes receipt in x-peac-receipt header

Protocol Headers

x-peac-receipt:Cryptographic proof of compliance
x-peac-protocol-version:Protocol version (0.9.10)

HTTP Status Codes

200 Access granted, receipt valid
401 Receipt missing or invalid
402 Payment required
403 Purpose not permitted
429 Rate limit exceeded

Server Integration

Nginx Configuration

nginx.conf
# Nginx: serve peac.txt and emit version header
location = /.well-known/peac.txt {
  try_files /peac.txt =404;
  add_header X-PEAC-Protocol-Version "0.9.10";
  add_header Cache-Control "public, max-age=3600";
}

# Optionally gate a path by receipt
location /api/protected/ {
  if ($http_x_peac_receipt = "") { return 401; }
  proxy_pass http://app;
}

Node.js Express

server.js
// Node.js Express: receipt validation
import express from 'express'
import { verifyReceipt } from '@peacprotocol/core'

const app = express()

app.get('/protected', async (req, res) => {
  const receipt = req.header('X-PEAC-Receipt')
  if (!receipt) {
    return res.status(401).json({ 
      error: 'missing_receipt',
      type: 'https://peacprotocol.org/errors/missing-receipt'
    })
  }
  
  try {
    const claims = await verifyReceipt(receipt)
    res.setHeader('X-PEAC-Protocol-Version', '0.9.10')
    return res.json({ ok: true, claims })
  } catch (err) {
    return res.status(401).json({ 
      error: 'invalid_receipt',
      details: err.message 
    })
  }
})

Client Request

terminal
# Client: fetch with a PEAC receipt
curl -H "X-PEAC-Receipt: <jwt-or-compact-receipt>" \
     -H "User-Agent: MyAgent/1.0 (+https://example.org/agent)" \
     https://yourdomain.com/api/data

Policy Validation

Validate syntax and test conformance using the PEAC CLI tools

terminal
# Install PEAC CLI
npm install -g @peacprotocol/cli

# Initialize a new peac.txt
npx peac init

# Validate your policy file
npx peac validate peac.txt

# Test conformance level
npx peac test --level L2

# Generate test receipt
npx peac sign --purpose research --quota 1000 --out receipt.jwt

Integrate validation into CI/CD pipelines to prevent invalid policy deployments

CLI DocumentationReceipts API

Reference

File location requirements

Primary: /.well-known/peac.txt
Fallback: /peac.txt

Payment integration

Optional. Begin with attribution-only policies. Add payment endpoints when monetization is required.

Training data restrictions

Exclude training from purposes list. Return 403 status for training requests.

Privacy and retention

Specify retention periods using data_retention. Link privacy policy for compliance.

Protocol evolution

Current headers use x-peac-* prefix. Will normalize to peac-* in v1.0.

Policy enforcement

Servers validate receipts and return appropriate HTTP status codes for policy violations.

Receipt technology

Uses cryptographically signed JWTs to prove agent compliance with declared terms and payments.

Testing and development

Generate test receipts locally. Validate policies before deployment using the CLI toolkit.

Implementation Resources

Access policy templates, validation tools, and technical documentation

View Policy FileTechnical Support

Technical questions: Community • Protocol specification: GitHub