CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

PEAC Protocol: Signed interaction receipts

peacprotocol/peac
12STDIO, HTTPregistry active
Summary

When logs aren't enough for cross-party verification, this server lets you issue and verify signed records for API calls, MCP tool runs, agent actions, gateway decisions, payment events, and provisioning flows. Each record binds facts, policy context, result, timestamp, issuer identity, and signature into portable evidence another party can verify locally without trusting your system's logs. Useful when you need audit trails for metered usage, agent handoffs, commerce flows, or resource provisioning that travel across runtime boundaries, get exported for dispute review, or feed compliance workflows. Records what systems report, doesn't make their decisions or replace your observability stack.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →

PEAC Protocol

Portable signed records for agent, API, MCP, and cross-runtime interactions.

Automated systems call APIs, run tools, make gateway decisions, initiate commerce flows, and provision resources across organizational boundaries.

PEAC lets those systems issue portable signed interaction records so another party can verify what the issuer reported, locally, offline, or across system boundaries, without relying only on screenshots or private logs.

Record locally. Verify across boundaries.

License: Apache 2.0 Latest Release npm downloads CI Status

Verify a record offline

Generate the shipped sample records, then verify one locally with the generated issuer key set. The verification step does not fetch keys or call a remote verifier. pnpm dlx may download the CLI if it is not already cached.

pnpm dlx @peac/cli samples generate -o ./s
pnpm dlx @peac/cli verify ./s/valid/basic-record.jws --public-key ./s/bundles/sandbox-jwks.json

Expected:

Signature valid (offline).
  • Compare verification paths: docs/guides/verification-options.md
  • Wire PEAC into MCP, OpenTelemetry, or a gateway: docs/guides/integration-patterns.md
  • Choose a starting point by role: docs/START_HERE.md

What PEAC records

A PEAC record is a signed statement about an interaction or challenge: what the issuing system reported, not an independently established fact.

Record familyWhat it representsFamiliar surfaces
API callrequest, response, usage, access decision, policy-visible outcomeHTTP APIs, serverless functions, internal services
MCP tool runtool name, input and output digests or references, reported result, and correlation contextMCP servers and MCP-based tool integrations
Agent actioninvoked, delegated, approved, denied, cancelled, or timed outAgent runtimes and multi-agent handoffs
Gateway decisionaccess, routing, export, or boundary decisionAPI gateways and AI gateways
Payment eventrequest, authorization, settlement observation, mandate, dispute contextCommerce flows such as x402, paymentauth, ACP, AP2, UCP
Provisioning eventcatalog, provider link, account, credential, budget, subscription, domain, deployment, or resource lifecycle eventProvisioning and resource-lifecycle systems

These are orientation examples, not partnership claims or exclusive integration targets. PEAC records what those systems report; it does not replace them.

At a high level, PEAC records can preserve:

DimensionMeaning
Factswhat the issuer reports about the interaction
Policy or contextapplicable policy, protocol, configuration, or document bindings, when present
Resulta profile-specific issuer-reported outcome
Timesigned issuance time (iat), plus optional issuer-reported event time (occurred_at) on evidence records
Issuerthe service or system that signed the record
Signaturea verifiable signature over the protected record

The required Wire 0.2 payload claims are peac_version, kind, type, iss, iat, and jti. The protected JWS header also carries the required signing and type-discrimination parameters, including alg, kid, and typ. Policy, occurred_at, actor, representation, pillars, and extensions are optional or profile-dependent. The normative envelope is defined in docs/specs/WIRE-0.2.md.

A counterparty can verify the record locally with the issuer's public key or through a self-hosted verifier. Records can also be exported into portable bundles for audit, review, dispute, or compliance workflows.

How it works

1. A system observes or reports an interaction
   API call, MCP tool run, agent action, gateway decision,
   payment event, or provisioning event

2. An issuer creates a signed PEAC record
   describing what that issuer reports about the interaction

3. A counterparty verifies the signature, structure, and accepted bindings
   locally, in CI, or through a self-hosted verifier, using the issuer's
   public key

4. The record travels
   audit review, dispute review, compliance workflow, incident
   report, exported bundle, or another system boundary

The issuer is the entity that signs the record. It may be the system that performed the work, an observer, a gateway, an adapter, or a runtime reporting an event; those roles stay separate.

Full loop: docs/HOW-IT-WORKS.md. Artifact vocabulary (record, receipt, bundle, report): docs/ARTIFACTS.md.

What PEAC does not do

PEAC does not authorize actions, validate credentials, process payments, settle transactions, operate agents, assign trust scores, or replace observability systems.

Full boundary, compared surface by surface: docs/WHERE-IT-FITS.md. Protocol scope: docs/WHAT-PEAC-STANDARDIZES.md.

Evidence workflows

Worked, offline-verifiable examples for common evidence shapes. Each adds no new wire format, schema field, or registry entry beyond what already ships. The PEAC records below preserve issuer-reported claims. Any linked payment, timestamp, transparency, or other external proof must also be evaluated under its own verification rules and trust model.

WorkflowDemonstratesStart here
Paid resourcex402 offer and receipt artifacts preserved in a payment recordexample
Paid MCP tooltool-call digests linked to observed payment artifactsexample
Counterparty acknowledgmentone signed record referencing another by (iss, jti, receipt_ref)example
Action approvalconsistency across reported approval and invocation recordsexample
Agent-run lineagerecords, manifest, and coverage commitment verified togetherguide
External anchoringa record digest registered or timestamped externallyguide
Spend attributionissuer-observed amounts associated with a workflowguide
Merkle commitmentoffline inclusion in a committed sorted setspec

These workflows establish signature validity and the internal consistency of the supplied evidence. They do not, by themselves, establish settlement finality, approver authority, accounting correctness, real-world completeness, or the validity of an underlying event.

Full recipe catalog: docs/SOLUTIONS/. Full example catalog: examples/README.md.

Choose your path

GoalStart here
Issue records from an APIAPI Provider Quickstart
Integrate MCP toolsMCP Integration Kit
Record agent or runtime actionsAgent Operator Quickstart
Preserve gateway or commerce evidenceCommerce evidence bundle or MCP gateway records
Record provisioning eventsProvisioning lifecycle records
Verify a recordVerification options or offline sample index
Review security and operational evidenceTrust-artifact index

Full path-by-role tree: docs/START_HERE.md.

Use PEAC in code

pnpm add @peac/protocol

@peac/protocol re-exports the common crypto helpers, so a single package covers key generation, issuance, and local verification. The example below issues one concrete payment record; the same issuance and local-verification path applies to other PEAC record profiles.

import { generateKeypair, issue, verifyLocal } from '@peac/protocol';

const ISSUER = 'https://api.example.com';

async function main(): Promise<void> {
  // The issuer holds the private key; a verifier needs only the public key.
  const { privateKey, publicKey } = await generateKeypair();

  // Issue one signed record in the current Interaction Record Format.
  const { jws } = await issue({
    iss: ISSUER,
    kind: 'evidence',
    type: 'org.peacprotocol/payment',
    pillars: ['commerce'],
    extensions: {
      'org.peacprotocol/commerce': {
        payment_rail: 'x402',
        amount_minor: '1000',
        currency: 'USD',
      },
    },
    privateKey,
    kid: 'https://api.example.com/keys/1',
  });

  // Verify locally with the public key, binding the expected issuer. No network
  // request is made: the key is supplied here, not discovered remotely.
  const result = await verifyLocal(jws, publicKey, { issuer: ISSUER });

  if (!result.valid) {
    throw new Error(`verification failed: ${result.code} ${result.message}`);
  }

  console.log(`verified record from ${result.claims.iss}`);
  console.log(`kind: ${result.claims.kind}, type: ${result.claims.type}`);
}

main().catch((error: unknown) => {
  console.error(error);
  process.exitCode = 1;
});

Expected:

verified record from https://api.example.com
kind: evidence, type: org.peacprotocol/payment

For a longer walkthrough that also reads back typed extensions, see examples/minimal/ (pnpm --filter @peac/example-minimal demo). Full CLI command catalog: packages/cli/README.md.

Run repository examples

These commands are repo-local: clone the repository, install, and build first.

pnpm install --frozen-lockfile
pnpm build
pnpm demo:all

pnpm demo:all runs the start-here examples end to end. Individually:

  • Minimal example: pnpm --filter @peac/example-minimal demo
  • MCP gateway records: pnpm --filter @peac/example-mcp-gateway-receipts demo and pnpm --filter @peac/example-mcp-gateway-receipts demo:tamper
  • Provisioning lifecycle: pnpm --filter @peac/example-provisioning-lifecycle run issue and pnpm --filter @peac/example-provisioning-lifecycle run verify
  • MCP server: see the @peac/mcp-server guide
  • Self-hosted reference verifier: surfaces/reference-verifier/

Implementations and runtime support

RuntimeStatusNotes
TypeScript / Node.jsCanonicalIssuance and verification (@peac/protocol, @peac/crypto, @peac/cli). Node 24 is the canonical tested runtime; Node >=22.13.0 is supported.
GoSupportedRecord issuance and local verification (sdks/go/): Ed25519, RFC 8785 JCS. Requires Go 1.26+.
PythonExamples onlyAPI-first examples for the verifier using standard HTTP. An OpenAPI specification is available, but there is no first-party Python SDK.

PEAC is pre-1.0. Stability is defined per surface in the Stability Contract, not by this table. This README is informative; normative requirements live in the Spec Index.

Operational and enterprise review

PEAC supports audit and compliance workflows built on portable signed records. Using PEAC does not itself establish compliance with any regulation, framework, or certification.

Verification requires signature validation before relying on record claims. verifyLocal() and the documented CLI --public-key path do not silently fall back to issuer discovery or other network access. Remote key-discovery paths apply SSRF protections and bounded resource limits.

NeedRead
Trust-artifact indexdocs/TRUST-ARTIFACTS.md
Supported versions and disclosure processSECURITY.md
Threat model and mitigationsdocs/THREAT_MODEL.md
Stability classes and archived surfacesdocs/STABILITY-CONTRACT.md
Compatibility and deprecation statusdocs/COMPATIBILITY_MATRIX.md
Conformance requirements and coveragedocs/specs/CONFORMANCE-MATRIX.md
Benchmark methodology and measured baselinesdocs/BENCHMARK-METHODOLOGY.md, docs/SLO.md
External standards referenced or implementeddocs/STANDARDS_LEDGER.md
Privacy-aware deployment guidancedocs/privacy/README.md
Key custody and tenancy modeldocs/KEY-CUSTODY-AND-TENANCY.md
Release integrity and provenancedocs/maintainers/RELEASE-INTEGRITY.md

The reference verifier is self-hostable. Verification can also be performed locally whenever the record and the issuer's public key are available.

Protocol status and versioning

  • Current format: Interaction Record Format 0.2 (interaction-record+jwt; repository shorthand: Wire 0.2).
  • Legacy: peac-receipt/0.1 (Wire 0.1) is frozen and legacy-only; verifyLocal() returns E_UNSUPPORTED_WIRE_VERSION on legacy input.

Full doctrine: docs/specs/VERSIONING.md.

Contributing and license

Bug fixes, documentation, tests, and interoperability reports are welcome as pull requests. Changes to the wire format, schemas, registries, or public API need a design discussion first: open an issue before sending the pull request.

Apache-2.0. See LICENSE.


PEAC Protocol is an open-source project stewarded by Originary and community contributors.

Docs · GitHub · Discussions

Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Categories
AI & LLM Tools
Registryactive
Package@peac/mcp-server
TransportSTDIO, HTTP
UpdatedJun 1, 2026
View on GitHub

Related AI & LLM Tools MCP Servers

View all →
SkillFM LLM Cost Optimizer

io.github.ericm1018/skillfm-llm-cost-optimizer-openai-anthropic-usage

LLM cost optimizer for OpenAI, Anthropic, token usage, BYOK, and SkillFM Beacon audits.
Llm Orchestration Agent

io.github.mikerawsonnz/llm-orchestration-agent

Run a prompt through a LangChain (system + human) chain over Gemini on Vertex AI; optional LangSmith
Authenticated Llm Agent

io.github.mikerawsonnz/authenticated-llm-agent

JWT-gated LLM gateway: authenticate (bcrypt/JWT), then run a LangChain-on-Vertex Gemini completion.
Copilot Memory MCP

labforgedev/copilot-memory-mcp

Persistent semantic memory for AI agents using local ChromaDB vector search. No cloud required.
1
Agent Prompt Injection Firewall Mcp

csoai-org/agent-prompt-injection-firewall-mcp

The WAF for agents. Pattern-based + heuristic firewall scans prompts, RAG documents, tool argume...
Authenticated Multi Llm Agent

io.github.mikerawsonnz/authenticated-multi-llm-agent

Google-OAuth-gated LLM gateway: verify a Google ID token, then run a Gemini (Vertex AI) completion f