@peac/protocol 0.12.5 → 0.12.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +61 -37
  2. package/package.json +18 -6
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # @peac/protocol
2
2
 
3
- PEAC protocol implementation: receipt issuance, offline verification, and JWKS resolution.
3
+ Receipt issuance and verification for the PEAC protocol.
4
4
 
5
5
  ## Installation
6
6
 
@@ -10,54 +10,77 @@ pnpm add @peac/protocol
10
10
 
11
11
  ## What It Does
12
12
 
13
- `@peac/protocol` is Layer 3 of the PEAC stack. It provides `issue()` for signing receipts and `verifyLocal()` for offline verification with Ed25519 public keys. No network calls needed for verification.
13
+ `@peac/protocol` is Layer 3 of the PEAC protocol stack. It provides the high-level `issue()` and `verifyLocal()` APIs for creating and verifying signed interaction receipts in the Interaction Record format. It handles schema validation, kernel constraint enforcement, JOSE hardening, strictness profiles, policy binding, and structured error reporting.
14
14
 
15
- ## How Do I Issue a Receipt?
15
+ ## How Do I Use It?
16
+
17
+ ### Issue a signed receipt
16
18
 
17
19
  ```typescript
18
- import { generateKeypair } from '@peac/crypto';
19
- import { issue } from '@peac/protocol';
20
+ import { issue, generateKeypair } from '@peac/protocol';
20
21
 
21
- const { publicKey, privateKey } = await generateKeypair();
22
+ const { privateKey, publicKey } = await generateKeypair();
22
23
 
23
- const { jws } = await issue({
24
- iss: 'https://api.example.com',
24
+ const result = await issue({
25
+ iss: 'https://example.com',
25
26
  kind: 'evidence',
26
- type: 'org.peacprotocol/payment',
27
+ type: 'org.peacprotocol/commerce',
28
+ privateKey,
29
+ kid: 'key-1',
27
30
  pillars: ['commerce'],
28
31
  extensions: {
29
32
  'org.peacprotocol/commerce': {
30
- payment_rail: 'stripe',
31
- amount_minor: '10000',
33
+ rail: 'stripe',
34
+ amount_minor: '1000',
32
35
  currency: 'USD',
36
+ event: 'authorization',
33
37
  },
34
38
  },
35
- privateKey,
36
- kid: 'key-2026-02',
37
39
  });
40
+
41
+ console.log(result.jws); // compact JWS string
38
42
  ```
39
43
 
40
- ## How Do I Verify a Receipt?
44
+ ### Verify a receipt locally
41
45
 
42
46
  ```typescript
43
47
  import { verifyLocal } from '@peac/protocol';
44
48
 
45
- const result = await verifyLocal(jws, publicKey);
49
+ const result = await verifyLocal(jws, publicKey, {
50
+ issuer: 'https://example.com',
51
+ strictness: 'strict',
52
+ });
46
53
 
47
- if (result.valid && result.wireVersion === '0.2') {
48
- console.log(result.claims.iss); // issuer
49
- console.log(result.claims.kind); // evidence
50
- console.log(result.claims.type); // org.peacprotocol/payment
51
- } else if (!result.valid) {
52
- console.log(result.code, result.message);
54
+ if (result.valid) {
55
+ console.log(result.claims.type); // 'org.peacprotocol/commerce'
56
+ console.log(result.claims.kind); // 'evidence'
57
+ console.log(result.kid); // 'key-1'
58
+ console.log(result.warnings); // VerificationWarning[]
59
+ console.log(result.policy_binding); // 'unavailable' | 'verified'
60
+ } else {
61
+ console.log(result.code); // e.g., 'E_INVALID_SIGNATURE'
62
+ console.log(result.message);
53
63
  }
54
64
  ```
55
65
 
56
- ## How Do I Verify with JWKS Discovery?
66
+ ### Verify with policy binding
67
+
68
+ ```typescript
69
+ import { verifyLocal, computePolicyDigestJcs } from '@peac/protocol';
70
+
71
+ const policyDoc = { rules: [{ action: 'allow', resource: '/api/*' }] };
72
+ const digest = await computePolicyDigestJcs(policyDoc);
57
73
 
58
- > **Note:** `verifyReceipt()` is deprecated (Wire 0.1 only). For Wire 0.2 receipts,
59
- > resolve the issuer's JWKS manually and pass the public key to `verifyLocal()`.
60
- > Automated JWKS discovery for Wire 0.2 is planned for a future release.
74
+ const result = await verifyLocal(jws, publicKey, {
75
+ policyDigest: digest,
76
+ });
77
+
78
+ if (result.valid) {
79
+ console.log(result.policy_binding); // 'verified' if receipt policy matches
80
+ }
81
+ ```
82
+
83
+ ### Verify with JWKS discovery
61
84
 
62
85
  ```typescript
63
86
  import { verifyLocal } from '@peac/protocol';
@@ -69,25 +92,26 @@ const result = await verifyLocal(jws, resolvedPublicKey, {
69
92
  });
70
93
 
71
94
  if (result.valid) {
72
- console.log('Issuer:', result.claims.iss);
73
- } else {
74
- console.log(result.code, result.message);
95
+ console.log(result.claims.iss);
75
96
  }
76
97
  ```
77
98
 
78
99
  ## Integrates With
79
100
 
80
- - `@peac/crypto` (Layer 2): Ed25519 key generation and JWS encoding
81
- - `@peac/kernel` (Layer 0): Error codes and wire format constants
82
- - `@peac/schema` (Layer 1): Receipt claim validation
83
- - `@peac/mcp-server` (Layer 5): MCP tool server using protocol functions
84
- - `@peac/middleware-express` (Layer 3.5): Express middleware for automatic receipt issuance
101
+ - `@peac/kernel` (Layer 0): Constants, types, and error codes
102
+ - `@peac/schema` (Layer 1): Zod schemas and claim validation
103
+ - `@peac/crypto` (Layer 2): Ed25519 signing and JWS creation (re-exported for convenience)
104
+ - `@peac/mcp-server` (Layer 5): MCP tool server built on this package
105
+ - All `@peac/adapter-*` and `@peac/mappings-*` packages (Layer 4)
106
+
107
+ ## For Agent Developers
85
108
 
86
- ## Security
109
+ If you are building an AI agent or MCP server that needs signed interaction receipts:
87
110
 
88
- - Verification is offline and deterministic: no network calls for `verifyLocal()`
89
- - Fail-closed: invalid or missing evidence always produces a verification failure
90
- - JWKS resolution (when used) is SSRF-hardened with HTTPS-only, private IP denial
111
+ - Start with [`@peac/mcp-server`](https://www.npmjs.com/package/@peac/mcp-server) for a ready-to-use MCP tool server
112
+ - Use `issue()` to create receipts and `verifyLocal()` to verify them when you have the public key
113
+ - Common crypto utilities (`generateKeypair`, `base64urlEncode`, `sha256Hex`, `verify`) are re-exported from `@peac/crypto` so a single import is sufficient for most workflows
114
+ - See the [llms.txt](https://github.com/peacprotocol/peac/blob/main/llms.txt) for a concise overview
91
115
 
92
116
  ## License
93
117
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@peac/protocol",
3
- "version": "0.12.5",
3
+ "version": "0.12.7",
4
4
  "description": "PEAC protocol implementation - receipt issuance and verification",
5
5
  "main": "dist/index.cjs",
6
6
  "types": "dist/index.d.ts",
@@ -20,10 +20,10 @@
20
20
  },
21
21
  "repository": {
22
22
  "type": "git",
23
- "url": "https://github.com/peacprotocol/peac.git",
23
+ "url": "git+https://github.com/peacprotocol/peac.git",
24
24
  "directory": "packages/protocol"
25
25
  },
26
- "author": "jithinraj <7850727+jithinraj@users.noreply.github.com>",
26
+ "author": "PEAC Protocol Contributors",
27
27
  "license": "Apache-2.0",
28
28
  "bugs": {
29
29
  "url": "https://github.com/peacprotocol/peac/issues"
@@ -39,9 +39,9 @@
39
39
  "dependencies": {
40
40
  "uuidv7": "^0.6.3",
41
41
  "zod": "^4.3.6",
42
- "@peac/kernel": "0.12.5",
43
- "@peac/schema": "0.12.5",
44
- "@peac/crypto": "0.12.5"
42
+ "@peac/crypto": "0.12.7",
43
+ "@peac/schema": "0.12.7",
44
+ "@peac/kernel": "0.12.7"
45
45
  },
46
46
  "devDependencies": {
47
47
  "@types/node": "^22.19.11",
@@ -49,6 +49,18 @@
49
49
  "vitest": "^4.0.0",
50
50
  "tsup": "^8.0.0"
51
51
  },
52
+ "keywords": [
53
+ "peac",
54
+ "peacprotocol",
55
+ "interaction-records",
56
+ "signed-records",
57
+ "receipts",
58
+ "originary",
59
+ "verification",
60
+ "issuance",
61
+ "receipt-verification",
62
+ "policy-binding"
63
+ ],
52
64
  "scripts": {
53
65
  "prebuild": "rm -rf dist",
54
66
  "build": "pnpm run build:js && pnpm run build:types",