0.14.5

Verification documentation

This release aligns PEAC's public documentation and release metadata with the current verification surface.

It updates security, SLO, stability, compatibility, README, MCP metadata, and release artifacts so reviewers and integrators can more easily understand what PEAC records, how records are verified, which surfaces are current, and which historical packages are archived.

Highlights

• Refreshes supported-version and security disclosure documentation.
• Adds measured local issue() and verifyLocal() SLO baselines.
• Marks reference-verifier and MCP rows as outside the measured baseline where no benchmark is published.
• Clarifies archived package status for historical compatibility surfaces.
• Aligns README and MCP metadata with records-first terminology.
• Preserves conformance requirement history while updating review metadata.
• Keeps PEAC's boundary explicit: PEAC records and verifies signed interaction records; it does not operate runtimes, enforce policy, authenticate actors, or settle payments.

Unchanged

• No wire-format change.
• No signing-envelope change.
• No schema change.
• No public API change.
• No CLI behavior change.
• No runtime behavior change.
• No package set change.
• No conformance-ID change.

The release preserves the current protocol counters: 19 extension groups, 61 receipt-type identifiers, 290 conformance requirement IDs, 32 conformance sections, 107 build targets, and 36 published packages.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.14.4

Composition Surfaces

v0.14.4 adds practical composition guidance for using PEAC records across adjacent runtimes, tools, and verification surfaces without expanding the protocol boundary.

PEAC remains a portable signed-record layer. It records, preserves, verifies, and exports interaction records. It does not run workloads, enforce policy, authenticate runtimes, score systems, route requests, process payments, or replace adjacent protocols.

Highlights

• Added composition guidance for runtime governance, edge verification, evaluation workflows, harness records, and MCP tool-call contexts.
• Added a committed-fixture .NET quickstart verifier for offline verification of PEAC records.
• Added Go chi middleware parity coverage and documentation.
• Added runnable runtime-composition examples and smoke/doc-truth coverage.
• Refreshed release metadata, changelog, compatibility matrix, and example discoverability.

Composition surfaces

This release documents how PEAC records compose with systems that already own execution, routing, authorization, evaluation, or lifecycle control.

New and updated guidance covers:

• runtime-governance composition,
• edge-side record verification,
• evaluation-platform record capture,
• harness and bounded-command records,
• MCP composition and SEP-aligned boundaries.

The guidance is intentionally composition-first. PEAC records what happened in a portable form; the adjacent system remains responsible for its own runtime behavior.

Developer examples and adapter parity

This release adds:

• examples/runtime-composition-records/
• examples/dotnet-quickstart/
• chi middleware README and parity tests
• additional doc-truth and smoke coverage for the new examples and guides

The .NET quickstart is an example only. It is not a PEAC .NET SDK, does not introduce a NuGet package, and does not add a new package-publication surface.

Public surface

No protocol surface expansion.

Unchanged:

• Wire format
• public schema
• registries
• type URIs
• conformance requirement IDs
• public API
• CLI surface
• package-publication surface
• signing behavior

Package names are unchanged. The package count remains 36.

PEAC does not:

• host registries,
• route requests,
• implement external transports,
• enforce authorization policy,
• authenticate external runtimes,
• score systems,
• control execution,
• process settlement.

The release strengthens PEAC’s capabilities as a neutral records layer that composes with existing systems without absorbing them.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.14.3

Agent Action, Commerce Mandate, and Gateway Export Records

PEAC records what an external system reports happened when an agent
invokes an action, when a commerce mandate progresses through
authorization, capture, refund, settlement, or budget evaluation, and
when a payment gateway observes payment-submission, facilitator
timeout, or settlement-recovery events. Caller systems (agents,
harnesses, runtimes, payment gateways, facilitators) report what they
observed; PEAC records that report through a portable, signed
interaction record that any party can verify offline.

Highlights

• Three new org.peacprotocol/* extension namespaces.
• Three normative profile specs under docs/specs/.
• Conformance Sections 32 (AGENT-ACT-001..010), 33 (COMM-MAN-001..010),
  and 34 (GATE-EXP-001..010).
• Three new cross-language parity corpus families (11 families total).
• ACP mapper boundary fix in packages/mappings-acp requiring
  amount_minor: string and explicit-finality semantics on
  delegated-payment observations.
• Three runnable example packages with end-to-end issue and verify
  round-trips.
• Three operator-facing verification recipes under docs/SOLUTIONS/.
• Additive top-level @peac/schema exports for the three new profile
  validators.
• Pre-release dependency cleanup: protobufjs override pinned to the
  patched version through a private-example reachability path.

New record surface: agent action

org.peacprotocol/agent-action — six *-observed receipt-type URIs:

org.peacprotocol/agent-action-invoked-observed
org.peacprotocol/agent-action-delegated-observed
org.peacprotocol/agent-action-approved-observed
org.peacprotocol/agent-action-denied-observed
org.peacprotocol/agent-action-cancelled-observed
org.peacprotocol/agent-action-timed-out-observed

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.14.2

Provisioning Lifecycle Records

PEAC Protocol v0.14.2 adds a new provisioning lifecycle record surface for reporting lifecycle events from external systems, including catalog discovery, provider linking, account setup, resource creation, credential handling, payment authorization, budgets, subscriptions, domains, and deployments.

This release is now promoted to latest.

Highlights

• Adds the org.peacprotocol/provisioning-lifecycle profile for reported provisioning lifecycle events.
• Adds generic and concrete examples for issuing and verifying provisioning lifecycle records.
• Adds a cross-language parity corpus with positive and negative provisioning lifecycle vectors.
• Adds an operator recipe for verifying reported provisioning lifecycle records offline.
• Tightens repository release hygiene around package privacy, publish-surface metadata, example-source checks, and version coherence.
• Refreshes release metrics, generated kernel error artifacts, and conformance fixture inventory for v0.14.2.

Compatibility

• Wire format: unchanged.
• Public npm package count: unchanged at 36.
• Existing APIs and verification paths remain compatible.
• New provisioning lifecycle behavior is additive.

Install

Install the latest PEAC Protocol package:

npm install @peac/protocol

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.14.1

---

PEAC Protocol is an open-source project stewarded by Originary and community.

v0.14.0

Bounded Validation Gate

Wire 0.2 issuance and local verification now route through the bounded validation gate. The previous direct-canonical admission path remains available as an internal rollback path.

Public API: unchanged.
Wire format: unchanged.
Package surface: unchanged.
Extension keys: unchanged.
Default observable behavior: unchanged.

This release makes the internal rollback path meaningful while preserving byte-equivalent behavior across the covered runtime matrix.

Changed

• Wire 0.2 issuance and local verification now route through the bounded validation gate.
• The previous direct-canonical admission path remains available as an internal rollback path.
• The rollback flag now selects between the bounded validation gate and the direct-canonical admission path for Wire 0.2 issuance and local verification.
• The rollback-path release gate runs at publish time across Node 22 and Node 24 for both rollback-path modes.

Added

• Active rollback-path operator runbook.
• Release-specific rollback guidance for v0.14.0.
• Additional parity coverage for deterministic issuance, local verification, schema-admission rejection, and kernel-constraint rejection.

Verification

• 36 packages published to npm next.
• npm latest remains unchanged.
• OIDC trusted publishing completed successfully.
• Provenance attestations were spot-checked on @peac/protocol, @peac/kernel, and @peac/cli.
• Release closeout passes all expected publish-stage checks after the GitHub Release is created.

What did not change

• No public API change.
• No wire-format change.
• No package-surface change.
• No extension-key change.
• No default observable behavior change.
• No latest promotion.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.13.4

Validation Readiness and Runtime Invariants

This release is behavior-preserving. It strengthens runtime-invariant verification coverage, internal validation parity coverage, and release-gate checks.

There is no public API change, wire-format change, package-surface
change, extension-key change, or default-path behavior change.

Added

• scripts/verify-trust-artifacts.mjs: fourth check that walks every
  invariant table under docs/specs/RESOURCE-LIMITS.md and asserts
  every Constant + Test column markdown link resolves to a tracked
  file. Recognizes the existing same and bare-identifier
  inheritance idioms used by the doc.
• tests/tooling/resource-limits-trust-artifact.test.ts: live-tree
  happy path plus contrived broken-link smoke for the new check.
• docs/STABILITY-CONTRACT.md: row in the internal-only flags table
  for the internal rollback flag. Operator runbook continues at
  docs/diagnostics/ROLLBACK-PATH.md.
• tests/tooling/stability-contract-coverage.test.ts: enumerates
  runtime-read internal flag literals in
  packages/protocol/src/_internal/ and asserts each has a row in
  the contract.
• .github/workflows/ci.yml: rollback-path matrix promoted to a
  release-class gate. Blocking matrix covers Node 22 and Node 24 LTS
  across both rollback-path modes (4 cells). Advisory Current-Node
  lane runs with continue-on-error: true.
• .github/workflows/publish.yml: release_gate_rollback_matrix
  preflight that re-runs the matrix at the tagged SHA;
  publish_dry_run and publish_prod declare it as a needs:
  dependency, hard-blocking publish on any failure.
• docs/CI_BEHAVIOR.md: Rollback-path matrix subsection.
• Seven canonical-composed validators under
  packages/protocol/src/_internal/record-core/validators/
  (schema-parse, jose-typ-strictness, iat-not-yet-valid,
  policy-binding, unknown-extension-grammar,
  type-extension-enforcement, signature). Each layer either delegates
  to a canonical helper from @peac/schema / @peac/crypto /
  @peac/protocol or mirrors a canonical inline check verbatim.
• runBoundedValidatorShadow wired with the six sync layers as
  optional-input layers that skip when their inputs are absent. The
  async signature wrapper is exported standalone, not composed into
  the bounded validator.
• packages/protocol/src/_internal/test-helpers/candidate-runner.ts:
  projects bounded-validator output into the canonical-runner's
  ParityVerdict shape.
• packages/protocol/__tests__/_internal/parity-canonical-vs-candidate.test.ts:
  230 fixtures from the existing manifest assert canonical-vs-candidate
  verdict byte-equality.
• packages/protocol/__tests__/_internal/bounded-validator-expanded-layers.test.ts:
  per-layer activation + skip proof for the six new sync layers.
• packages/protocol/__tests__/_internal/canonical-composed-validators.test.ts:
  per-validator unit tests including the standalone signature wrapper.
• packages/protocol/__tests__/_internal/shadow-byte-equivalence.test.ts:
  with Date.now locked, issue() produces byte-identical compact
  JWS output across both internal shadow flag values; verifyLocal()
  returns byte-equal result shape on a fixed JWS across both values.

Changed

• docs/specs/RESOURCE-LIMITS.md: stale MCP mapping test path
  corrected from packages/mappings/mcp/__tests__/ to
  packages/mappings/mcp/tests/budget.test.ts.
• scripts/verify-no-semantic-widening.mjs: header refreshed to
  release-neutral wording. Baselines (36 packages, 12 extension
  groups, 186 errors, 0 emitted-on-primary-path) unchanged.

Compatibility

• @peac/protocol.{issue, verifyLocal, verify}: public TypeScript
  signatures unchanged. Wire-format behavior and default-path
  behavior unchanged.
• Wire format (peac-receipt/0.1 envelope, interaction-record+jwt
  JWS typ): unchanged.
• Active publish-manifest count: 36 (unchanged).
• Extension group count: 12 (unchanged).
• Error code count: 186 (unchanged); no new emitted-on-primary-path
  codes.
• OpenAPI verify contract: unchanged. OpenAPI 3.1.x unchanged.
• npm dist-tag: next only.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.13.3

v0.13.3 Diagnostic Readiness and Release Validation

Status: Pre-release. Final release metadata is recorded in docs/releases/facts.json.

Internal Diagnostic Path Readiness release. No public API change. No wire-format change. No new public package. No publish-manifest change.

Summary

Documentation and internal test-infrastructure release. No public API change. No wire-format change. No OpenAPI change. The release publishes to npm next only and ships as a GitHub prerelease; no latest promotion.

Highlights

• Operator runbook for the internal rollback-path flag. New runbook at docs/diagnostics/ROLLBACK-PATH.md explains what the flag does today, how to set it, how to verify both flag values, and how to remove the setting. Both flag values currently use the same protocol path.
• Resource-limit surface contracts clarified. docs/specs/RESOURCE-LIMITS.md gains a Layered network limits subsection (verifier-bearing paths pass explicit timeoutMs and maxBytes that override @peac/net-node defaults of 30,000 ms / 2 MiB), a Timeout classes subsection (5,000 ms verifier / 10,000 ms issuer-config / 30,000 ms unrestricted), and a Header-carrier surfaces clarification.
• Stale documentation citations corrected. Resource-limit table citations now point at the canonical kernel constants; references to a retired package are replaced with current source paths.

Compatibility

• Public API signatures unchanged. Wire format unchanged. OpenAPI verify contract unchanged. The rollback-path flag is behavior-preserving in this release.
• Active publish-manifest count: 36 (unchanged from v0.13.2).
• Workspace-private packages remain workspace-private; absent from pnpm publish --dry-run --recursive.
• No new emitted error code on primary paths. No new public extension key. No new typ.

Release posture

• npm dist-tag: next only. No latest promotion in this release.
• GitHub Release: prerelease, authored manually under the maintainer GitHub account.
• Strict closeout: verify:release-closeout --stage publish (publish stage only; no promote stage).
• Workspace-private packages are not published; they remain workspace-only and never appear on npm.

Migration

No migration is required. Every public symbol from v0.13.2 continues to behave identically.

Verification

pnpm install
pnpm build
pnpm test
pnpm verify:release
node scripts/verify-no-semantic-widening.mjs
node scripts/verify-dist-private-leaks.mjs

All gates green on the merge commit.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.13.2

Diagnostic Foundations and Compatibility Contracts

Diagnostic foundations release. No public API change. No wire-format change. No new public package. No publish-manifest change. Published to npm next only.

Highlights

• Workspace-private resolver composition layer, absent from the publish manifest.
• Shadow-mode pointer-fetch foundation in apps/api: lazy-import boundary, bounded normalization shapes, redaction-safe in-memory mismatch sink, parity verdict computation, and no-network parity smoke. Default OFF. Live route shadowing is intentionally not wired in this release because Hosted Verify accepts inline compact JWS receipts today, not pointer URLs.
• Hosted Verify body-size boundary coverage: exact-byte tests at 256 KiB and 256 KiB + 1 on /v1/verify and /v1/issue.
• Compatibility helper contracts finalized: deterministic stable-key serialization; cyclic and sparse payloads rejected as archival_invalid_payload; non-reflective version-error messages.
• Release validation diagnostics added under docs/diagnostics.
• All 16 open Dependabot alerts present at the start of the release window were closed.

Compatibility

• Public protocol surface remains byte-stable from 0.13.1.
• Wire format unchanged.
• OpenAPI verify contract unchanged.
• Active publish-manifest count remains 36.
• npm dist-tag: next only. No latest promotion in this release.

Full notes: docs/release-notes/v0.13.2.md

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.13.1

Validation Assurance Foundations

• Add internal shadow-mode observation for the Wire 0.2 issuance and verifyLocal success paths.
• Add redaction, mutation, fuzz/property, resource-limit, and semantic-widening gates.
• Add opt-in and nightly shadow-mode CI coverage.
• Keep existing validation canonical.

Scope

• No public API change.
• No wire-format change.
• No new public package.
• No user-facing feature.
• Internal-only flags are documented as unsupported implementation controls.

---

PEAC Protocol is an open-source project stewarded by Originary and community.