1-hour integration

Add records to an MCP tool.

When an MCP tool runs, attach a signed PEAC record to the response. Anyone can later verify what the tool did and when, across the boundary, without access to your internal logs.

Carry the record in MCP `_meta`

PEAC carries a compact JWS plus its reference in transport-neutral metadata keys.

json — tool result _meta

{
  "_meta": {
    "org.peacprotocol/receipt_jws": "<compact-JWS>",
    "org.peacprotocol/receipt_ref": "sha256:<digest-of-jws>"
  }
}

Verify independently

A consumer extracts the JWS, confirms receipt_ref == sha256(jws), and verifies the signature against the issuer JWKS. Tampering fails closed.

shell

peac verify <record.jws> --public-key <issuer-jwks.json>

Working examples

The repository ships runnable MCP examples (tool-call records, gateway records with policy decisions and content digests) and the full integration guide.

MCP integration guide ↗Examples on GitHub ↗Verify a record

Add records to an MCP tool.

Carry the record in MCP _meta

Verify independently

Working examples

Carry the record in MCP `_meta`