v0.12.14 - Policy binding and privacy-aware verification

Policy binding and privacy-aware verification. Typed document binding for terms and policy, publisher-supplied canonical digest support, privacy-aware deployment guidance, and verifier privacy defaults including JWKS cache retention caps and a no-raw-personal-data minimization mode. Documentation, tests, and tooling only. No wire, schema, kernel, crypto, or protocol public-API change.

Added

• packages/protocol/src/document-binding.ts: typed document-binding helpers with three scheme-specific functions (computeJsonDocumentDigestJcs, computeTextDocumentDigestUtf8, computeDocumentDigest) and a three-state check (checkDocumentBinding). JCS name reserved for JSON-only; text helper names its normalization scheme. Normative spec: docs/specs/DOCUMENT-BINDING.md.
• packages/protocol/src/verifier-types.ts gains DocumentBindingResult, VerifierBindings, and DocumentRepresentation types. The verifier report gains an optional top-level bindings object carrying policy, terms, and documents under the same three-state semantics. Legacy policy_binding top-level field is preserved as a byte-stable mirror for v0.12.x consumers.
• docs/specs/DOCUMENT-BINDING.md: normative spec defining the canonical hash format, three-state semantics, helper-naming contract, minimal text canonicalization rule (\n + NFC, no trailing-whitespace stripping), per-representation binding identity, and publisher-supplied canonical_digest rule (verifiers may compare when present; must never synthesize from non-JSON; absence is unavailable, not failed).
• packages/adapters/x402/src/terms.ts: computeX402TermsDigest convenience helper over the dispatcher for the four x402 PR-1986 terms representations (uri, markdown, plaintext, json).
• JWKS cache retention caps via PEAC_JWKS_CACHE_TTL_MS (default 300 000 ms / 5 min) and PEAC_JWKS_CACHE_MAX_ENTRIES (default 1 000) environment variables. Decimal-only parsing; malformed values fall back to built-in defaults without uncaching.
• PEAC_NO_RAW_PERSONAL_DATA (set to true or 1) enables the no_raw_personal_data minimization mode on the verifier report. The redactor pseudonymises claims.sub and claims.actor.{id,email,name,display_name,handle,sub} to sha256:<32 hex>, walks claims.extensions recursively, and elides string leaves that are not short structured identifiers. Protocol metadata fields are unchanged. When the variable is unset the report body is byte-identical to v0.12.13.
• Five boundary-first privacy guidance documents under docs/privacy/: DATA-CLASSIFICATION.md, RETENTION-AND-DELETION.md, DEPLOYMENT-ROLES.md, DATA-SUBJECT-RIGHTS.md, and DPIA-STARTER.md. Each opens with explicit "What PEAC does / What PEAC does not do / What deployers still own" framing.
• docs/specs/PRIVACY-PROFILE.md: extended with boundary-first block and cross-references to the new deployment-guidance documents.
• docs/specs/DOCUMENT-BINDING.md, docs/specs/VERIFICATION-REPORT-FORMAT.md updated to document bindings shape and publisher-supplied canonical_digest rule.
• scripts/verify-no-semantic-widening.mjs: release gate verifying wire format unchanged, published package count unchanged at 37, extension group count unchanged at 12, OpenAPI includes required fields and the permitted additive bindings field, no new primary-path error codes, total error count unchanged at 186.

Changed

• packages/protocol/src/policy-binding.ts: computePolicyDigestJcs delegates to computeJsonDocumentDigestJcs internally; public API and byte output unchanged.
• packages/discovery/src/: narrowed to policy-document parsing; legacy verify / public_keys / jwks fields in peac.txt emit a structured PEAC_LEGACY_PEAC_TXT_KEY_FIELD deprecation warning.
• packages/aipref/: deprecated facade over @peac/mappings-content-signals; network I/O removed; digests widened to full SHA-256 (sha256:<64 hex>); a one-shot PEAC_DEPRECATED_PREF structured deprecation warning is emitted.
• OpenAPI verify.yaml and apps/api/openapi.yaml refreshed to info.version: 0.12.14 with the additive bindings field on both VerifySuccessResponse and ExtendedVerifyReport schemas.

Deprecated

• @peac/disc (legacy key-discovery fields): deprecated and narrowed. Full removal owned by the next cleanup release.
• @peac/pref: deprecated facade over @peac/mappings-content-signals. Full removal owned by the next cleanup release.

Deferred

The following items are deferred to v0.13.0:

• Naming and terminology cleanup; legacy quarantine of peac.receipt/0.9 off active surfaces.
• Scheduled removals: ProofMethodSchema, A2A v0.3.0 compatibility, legacy /verify endpoint, sdk-js workspace stub.
• Full removal of @peac/disc and @peac/pref deprecated facades.
• Reboot baseline capture, resource-limit spec, and docs/STANDARDS_LEDGER.md.
• Package-surface reduction program with measurable gate.
• Hosted Issue GA decision.

0.12.13

Compliance mappings, verifier contract alignment, and portable proof workflows

Focus: Compliance mapping, verifier alignment, portable proof workflows, and Go SDK expansion.
Scope: Documentation, testing, workflows, and SDK tooling. No public API, crypto, or protocol changes.

---

Added

Compliance & Documentation

• Mappings: New ISO-42001 and EU AI Act (Annex IV) mappings with automated CI validation.
• Source of Truth: Established OpenAPI as the normative machine-readable contract for all verification surfaces.
• Case Studies: New workflow for tracking external-proof artifacts and distribution submissions.

Go SDK & Tooling

• Adapters: Added net/http and Echo middleware with a shared parity test harness.
• Benchmarks: Integrated a "bench-gate" CI tool to prevent performance regressions in canonicalization.
• JCS Parity: Six new RFC 8785 vectors to ensure identical behavior across TypeScript and Go.

CI & Release Engineering

• Drift Detection: Automated syncing between OpenAPI specs and downstream docs/SDKs.
• Release Flow: New two-stage release logic (next → latest) with automated GitHub Release staging.
• Post-Release Audit: Added a "truth reconciler" to verify npm tags, git tags, and metadata post-deploy.
• Fast-Track CI: Added a "stamp-only" guard to bypass heavy CI for metadata-only updates.

Packages

• Audit: Experimental commerce-bundle utility for deterministic event grouping.

---

Changed

• Diagrams: Updated proof-flow visuals to reflect interaction-record+jwt.
• Routing: /v1/verify is now the canonical endpoint; /api/v1/verify is deprecated.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.12

SLOs, Threat Model, and Stability Contract

Docs, compatibility, and trust artifacts release. No wire format, schema, kernel, crypto, protocol public API, or normative behavior changes. Layer 4 + tooling + docs only.

Added

• REPO_SURFACE_STATUS.json regenerated for v0.12.12; docs/SURFACE_STATUS.md and docs/PACKAGE_STATUS.md re-derived. docs/COMPATIBILITY_MATRIX.md refreshed with an adapter-readiness column and evidence tags per row.
• Machine-readable public-API contracts re-extracted under contracts/api/ for @peac/crypto, @peac/kernel, @peac/protocol, and @peac/schema.
• Reference-verifier OpenAPI regenerated to OpenAPI 3.1.1 at info.version: 0.12.12: application/interaction-record+jwt example payloads, RFC 9457 Problem Details for error responses, documented receipt and extension size caps, RFC 9745 Deprecation and RFC 8594 Sunset headers on the legacy /verify route.
• CI drift gates wired in .github/workflows/ci.yml: verify:contracts:drift, verify:surface-status, verify:openapi:drift, verify:trust-artifacts, verify:public-surface-names.
• Role-based entry at docs/START_HERE.md promoted to the single front-door job selector; docs/README_LONG.md demoted with a banner to the deep guide.
• New operator mental-model docs: docs/HOW-IT-WORKS.md, docs/ARTIFACTS.md, docs/WHERE-IT-FITS.md, and docs/WHAT-PEAC-STANDARDIZES.md.
• Five outcome-led recipes under docs/SOLUTIONS/: runtime-evidence-export.md, api-receipt-issuance.md, mcp-tool-call-receipts.md, commerce-evidence-bundle.md, regulatory-audit-trail.md. Each recipe carries a Validated-with block pointing at concrete test and fixture paths.
• Reference-verifier deployment recipes under surfaces/reference-verifier/: README.md, Dockerfile, docker-compose.yml, Cloudflare Worker variant, and a smoke.sh CI harness.
• Four trust artifacts published: docs/SLO.md (with release-prep baseline stamps for issue(), verifyLocal(), reference-verifier /v1/verify with and without JWKS resolution, and MCP tool-call round-trip), docs/BENCHMARK-METHODOLOGY.md, docs/STABILITY-CONTRACT.md (every public surface classified), docs/THREAT_MODEL.md (every threat ID linked to a real test file and enforced by scripts/verify-trust-artifacts.mjs).
• Trust index at docs/TRUST-ARTIFACTS.md.
• Two tracked verifier scripts: scripts/verify-trust-artifacts.mjs (threat-model link integrity, stability-contract surface identifiers, no public links to gitignored paths) and scripts/verify-public-surface-names.mjs (retired filenames, paths, and label identifiers).
• Expanded root SECURITY.md as the canonical human-facing security policy (disclosure timeline, supported versions, supply-chain attestations, dependency-audit policy, external review cadence). .github/SECURITY.md aligned as a concise GitHub-facing mirror.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.11

PEAC Protocol v0.12.11

Date: 2026-04-15

Summary

• @peac/adapter-core adds a mapper-boundary finality guard: assertExplicitFinality, MapperBoundaryError, isFinalityEvent, StrictnessMode, and the stable non-wire code commerce.finality_synthesis_blocked. Strict mode rejects silent fallbacks (currency: 'UNKNOWN', defaulted env) and cross-kind artifact misuse; interop preserves existing behavior; legacy preserves pre-v0.12.11 mappings.
• @peac/mappings-acp: fromACPDelegatedPaymentObservation() with artifact_kind discriminator and a closed observed_payment_state enum.
• @peac/mappings-paymentauth: fromMPPPaymentAttempt() and fromMPPSettlement() with artifact_kind discriminator.
• @peac/adapter-x402: extractSettlementProofFromHeaders() with dual-header precedence (PEAC-Receipt > PAYMENT-RESPONSE > X-PAYMENT-RESPONSE) and fromX402SettlementObservation().
• Go middleware production hardening: Logger / Metrics interfaces with no-op defaults, panic recovery, bounded token-bucket rate limiter with MaxEntries cap and IdleTTL eviction (global / per_ip / per_issuer strategies), per-request RequestTimeout, MaxBodyBytes, opt-in TrustProxyHeaders. DefaultConfig() sets RecoverPanics: true, MaxBodyBytes: 1 MiB, TrustProxyHeaders: false.
• IDE plugin packs under surfaces/plugin-pack/{cursor,codex,claude-code,vscode}/ with pinned @peac/mcp-server@0.12.11 configs, offline sample receipts, and per-pack smoke harnesses.
• Smithery canonical config pinned at packages/mcp-server/smithery.yaml; scripts/validate-smithery.mjs accepts both unpinned and pinned forms.
• GitHub Copilot enterprise registry compatibility checker at scripts/check-copilot-compatibility.mjs.
• peac doctor offline-default installability diagnostics CLI with opt-in --online --issuer <url> remote checks.
• Offline verify dashboard: single-file tools/verify-dashboard/index.html with bundled local assets (no CDN, no telemetry).
• Conformance Section 26 commerce fixtures: 20 vectors + manifest across commerce/, commerce/acp-delegated-payment/ (11), commerce/paymentauth/ (6), commerce/x402/ (5).
• Runnable commerce examples: examples/x402-upto-evidence/, examples/acp-delegated-checkout/, examples/mpp-payment-attempt/.
• New docs: docs/compatibility/commerce-protocol-coverage.md, docs/compatibility/core-use-case-coverage.md, docs/compatibility/go-middleware.md, docs/profiles/acp-delegated-payment.md, docs/profiles/mpp-payment-evidence.md, docs/specs/X402-V2-PROFILE.md §8.

Changed

• Build targets: 105 (was 102).
• @peac/adapter-core package description and README cover commerce mappings in addition to payment rail adapters.
• docs/specs/COMMERCE-EVIDENCE.md cross-references the v0.12.11 ACP, MPP / paymentauth, and x402 settlement surfaces.
• Go middleware defaults hardened (RecoverPanics: true, MaxBodyBytes: 1 MiB, TrustProxyHeaders: false).

Upgrade notes

No wire, schema, kernel, or error-registry migration required.

Commerce mapping entry points gain an opt-in options parameter with mode and warn. Default interop preserves existing behavior; strict rejects silent fallbacks and cross-kind artifact misuse. Callers that rely on panics propagating in test harnesses can set PanicRethrowInTest: true.

Metrics

• 37 published packages
• 7392 tests across 296 test files
• 224 conformance requirement IDs across 25 sections
• 105 build targets
• Wire format: Interaction Record (interaction-record+jwt, stable since v0.12.0)

See CHANGELOG.md for full details.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.10

Summary

• @peac/adapter-runtime-governance (new Layer 4 package): generic runtime-governance adapter with AGT as first mapper. Six observation-specific type URIs under org.peacprotocol/runtime-governance-* (policy-decision, audit-entry, authority-scope, lifecycle-event, trust-observation, compliance-observation). Discriminated union payload model with per-family validation and explicit extension builders. Preserved upstream artifact block. Zero vendor SDK dependencies. 56 tests.
• Runtime-Governance Profile spec (docs/specs/RUNTIME-GOVERNANCE-PROFILE.md): documentary overlay defining how governance records map to PEAC primitives. Six record categories, anti-pattern rules, CloudEvents compatibility.
• Runtime governance coverage matrix (docs/compatibility/runtime-governance-coverage.md): three truth surfaces (upstream AGT architecture, PEAC adapter coverage, verified interoperability) with control-plane vs records-plane framing.
• Hosted verify record profile detection: registry-driven profile detection in extended reports for recognized type URI prefixes.
• Conformance Section 27: seven runtime-governance requirement IDs (RTGOV-001 through RTGOV-007) for observable emitted-record semantics.
• Runtime-governance example suite (examples/runtime-governance-records/): runnable demo with pinned AGT-shaped fixtures, real SHA-256 digests, deterministic session summary, gate script.
• Benchmark SLO publication: machine-readable performance targets with regression-based gate for verifyLocal. Measured baseline from perf-results.json; issue() target documented with baseline pending.

Changed

• 37 packages (was 36)
• 224 conformance requirement IDs across 25 sections (was 217 across 24)
• 7392 tests across 296 files (was 7336 across 290)

Metrics

• 37 published packages
• 7392 tests across 296 test files
• 224 conformance requirement IDs across 25 sections
• 102 build targets
• Wire format: Interaction Record (interaction-record+jwt, stable since v0.12.0)

See CHANGELOG.md for full details.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.9

Summary

• @peac/adapter-managed-agents (new Layer 4 package): vendor-neutral managed runtime event export with six event families under org.peacprotocol/managed-agent-*. Caller-supplied provider, zero runtime vendor SDK dependencies, decode-only buildSessionSummary().
• Reference verifier content negotiation (POST /v1/verify): three response formats via Accept header (application/json byte-identical to v0.12.8, application/peac-report+json extended, text/plain human-readable). PEAC-Report-Id header (UUID v4) on every response. OpenAPI 3.1 spec updated with ExtendedVerifyReport and FailureReason schemas and an OpenAPI drift test gate that fails the build if the code and spec diverge.
• Reference issuer health probe (GET /v1/issuer-health): query-parameter API, SSRF-safe via shared @peac/jwks-cache validateUrl() and isMetadataIp(), independent rate limiter (10 req/min per IP), cache-key canonicalization, 60-second TTL.
• MCP Streamable HTTP quickstart (examples/mcp-http-quickstart/): server.json declares both stdio and streamable-http transports with the required url field per MCP Registry schema 2025-12-11. Merge-blocking gate (scripts/verify-mcp-quickstart.sh) boots the local workspace @peac/mcp-server, initializes an MCP JSON-RPC session, propagates Mcp-Session-Id, and asserts peac_verify over HTTP. Local fallback is not accepted as proof.
• RFC 9728 Protected Resource Metadata strict compliance tests: five new MCP-server tests verifying Content-Type: application/json, exact field-count, multi-authorization-server serialization, non-HTTPS non-loopback rejection, and HTTP loopback allowance for development.
• External pilot kit (examples/external-pilot/, docs/pilots/PILOT_KIT.md): self-contained pilot for independent external organizations, runtime-generated Ed25519 keypair, local and reference-verifier verification paths, formal JSON Schema (draft-07) validation via ajv + ajv-formats, merge-blocking engineering gate (scripts/verify-pilot-output.sh).
• Conformance registration: formally register 25 previously pending requirement IDs across 6 namespaces (X402V2-*, DID-RES-*, GRPC-META-*, PKCE-*, RURL-*, SC-*). Total requirement IDs: 192 → 217 across 18 → 24 sections. New scripts/conformance/build-extension-registry.mjs as the formal canonical source of truth for non-WIRE02 requirements. Zero temporary registration exemptions remain.
• x402 scheme coverage clarification: § 3.0 Payment Schemes in docs/specs/X402-PROFILE.md states the adapter's scheme-agnostic posture for both exact and upto. New docs/compatibility/x402-scheme-coverage.md keeps three truth surfaces explicitly distinct (upstream x402 protocol, upstream facilitator surfaces, PEAC-tested). Two new fixtures and eight overclaim-guard tests assert scheme is term-matched as a byte-equal required string and never interpreted for scheme-specific invariants.
• Release-state stamping script (scripts/stamp-release-state.mjs): deterministic, idempotent script for stamping mutable release metadata (release_date, updated, dist_tag) post-tag and post-promotion. Exposed via pnpm release:stamp:publish / :promote / :check:publish / :check:promote. Covered by 13 smoke tests.

Changed

• REPO_SURFACE_STATUS.json: 0.12.8 → 0.12.9; published_packages 35 → 36
• Conformance matrix regenerated with 217 requirement IDs across 24 sections
• x402 conformance fixture manifest version 0.12.7 → 0.12.9
• Security audit allowlist: added GHSA-q4gf-8mx6-v5v3 (next.js Server Components DoS, dev-only via surfaces/nextjs, 90-day expiry)

Security

• hono 4.12.12 and @hono/node-server 1.19.13 (from 4.12.7 / 1.19.11): covers 5 moderate hono CVEs plus GHSA-92pp-h63x-v22m. pnpm.overrides enforces the minimums across transitive paths.
• Issuer health probe uses fetch with redirect: 'error' to prevent SSRF via redirect chains to private IPs or cloud-metadata endpoints.

Deferred

• Reference verifier exporter scheme-label additions for x402
• SVM upto scheme support (upstream RFC x402-foundation/x402#1642 unresolved)
• Commerce-lifecycle mapping, max-vs-actual delta audit, reserve/lock evidence
• Facilitator attestation handling (upstream RFC #1921 open)
• Payment Identifier extension, gas sponsoring, Bazaar discovery, SIWX
• Runnable x402-upto-evidence example

Metrics

• 36 published packages
• 7336 tests across 290 test files
• 217 conformance requirement IDs across 24 sections
• 100 build targets
• Wire format: Interaction Record (interaction-record+jwt, stable since v0.12.0)
• Legacy Wire 0.1 (peac-receipt/0.1) frozen until v1.0

See CHANGELOG.md for full details.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.8

Summary

• Python API-first examples (httpx, Python 3.12+)
• Go SDK Interaction Record parity: Issue() and VerifyLocal() with 22 cross-language JCS parity vectors
• Managed Agents session evidence summary demo
• Hosted Verify API (POST /v1/verify): deterministic DD-210 verification reports, RFC 9457 buyer-grade error details, OpenAPI 3.1 spec, threat-to-test traceability matrix
• Hosted Issue alpha (POST /v1/issue): provisional, disabled by default
• Cursor and Codex installability packaging
• Smithery packaging validation (CI-anchored)

Changed

• Go SDK rewritten for Interaction Record format; Go 1.26, gin v1.12.0, x/crypto v0.48.0
• typecheck:apps fully blocking in CI
• E_PAYLOAD_TOO_LARGE added to kernel error taxonomy

Breaking (Go SDK)

Go SDK core types rewritten. Wire 0.1 types replaced. jwks, evidence, jws preserved. policy deprecated.

See CHANGELOG.md for full details.

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.7

Added

• pnpm verify:distribution: distribution surface verification gate with tarball packaging smoke (44 checks)
• pnpm verify:release: release facts verification gate (22 checks)
• pnpm verify:docs-examples: documentation code block type-checking
• docs/releases/facts.json: canonical source of truth for release metrics
• docs/ENTERPRISE_TRUST_POSTURE.md: key custody, tenancy, procurement posture
• docs/SECURITY_POSTURE.md: support windows, provenance, logging boundaries, tenant isolation
• docs/REFERENCE_ARCHITECTURES.md: API gateway, MCP tool-call, and A2A handoff evidence flows
• docs/WHEN_NOT_TO_USE_PEAC.md: guidance on when PEAC is the wrong tool
• docs/COMPATIBILITY_MATRIX.md: wire format, runtime, and SDK support matrix
• docs/MIGRATION_CURRENT.md: Wire 0.1 to 0.2 migration guide
• docs/DEPRECATION_POLICY.md: surface lifecycle, support windows, HTTP deprecation headers
• docs/STANDARDS_COMPLIANCE.md: 16 standards mapped to PEAC surfaces
• docs/SUPPORTED_ENVIRONMENTS.md: Node.js, Go, Python, browser support status
• docs/HOSTED_VERIFY_CONTRACT.md: Hosted Verify API design artifact (DD-210)
• REPO_SURFACE_STATUS.json: machine-readable surface classification (74 surfaces)
• Coherence gate: 9 blocking checks in verify:spec-drift

Changed

• Legacy Wire 0.1 defaults quarantined across 12 spec and guide files
• @peac/sdk (sdk-js) and apps/bridge archived
• Legacy /verify endpoint: RFC 8594 Sunset and Deprecation headers added
• examples/wire-02-minimal renamed to examples/minimal
• x402 upstream references migrated to x402-foundation/x402
• GitHub Actions: all tracked workflows pinned to immutable commit SHAs
• Security policy: supported versions updated to >= 0.12.7 only

Status transitions

• @peac/sdk (sdk-js): supported -> archived
• apps/bridge: supported -> archived
• @peac/core: supported -> deprecated (removal: v0.13.0)
• /verify API endpoint: supported -> deprecated (removal: v0.13.0 or Nov 1 2026)

Metrics

• 35 packages
• 7,241 tests (281 files)
• 219 conformance requirement IDs (24 sections)
• 96 build targets
• Node.js 24.14.1 canonical; >= 22.0.0 compat floor

Install

npm install @peac/protocol@0.12.7

Full changelog

https://github.com/peacprotocol/peac/blob/main/CHANGELOG.md

---

PEAC Protocol is an open-source project stewarded by Originary and community.

v0.12.6

x402 V2 support, DID resolution, A2A OAuth, gRPC transport, receipt URL middleware, and supply-chain provenance mappings.

Added

• @peac/adapter-did: did:key and did:web resolution with caching
• @peac/transport-grpc: gRPC carrier adapter (8 KiB metadata default)
• @peac/mappings-intoto: in-toto v1.0 provenance mapping
• @peac/mappings-slsa: SLSA v1.2 provenance mapping
• A2A v1.0 OAuth surface: PKCE S256, Device Code types, auth evidence mapping
• x402 V2 transport: version detection, normalization, mapping, verification
• Receipt URL resolution middleware in @peac/net-node
• receipt_ref span attribute in @peac/telemetry-otel
• ERC-8128 conformance fixtures (RFC 9421)
• Spec profiles: x402 V2, DID resolution, A2A auth, gRPC transport
• Registries v0.6.0: error codes, gRPC transport, supply-chain proof types

Fixed

• gRPC addReceiptToMetadata() defaults to Wire 0.2 receipt type
• Registry drift checker supports multi-spec requirement entries

Changed

• x402 V2 opt-in only (supportedVersions defaults to [1])
• gRPC carrier size: 8 KiB default (HTTP/2 header budget)
• CI: 5 parallel lanes, Node 24.14.1, MCP SDK 1.28.0

Install

npm install @peac/schema@0.12.6 @peac/protocol@0.12.6 @peac/crypto@0.12.6

Full changelog: https://github.com/peacprotocol/peac/blob/main/CHANGELOG.md

---

PEAC Protocol is an open-source project stewarded by Originary and community.

0.12.5

Commerce Hardening + Interop Proofs

Cross-rail conformance parity, settlement semantic equivalence, and naming truth cleanup.

Added

• Execution-backed commerce rail conformance fixtures: 40 vectors across paymentauth, ACP, Stripe SPT, and UCP
• Registry-derived commerce coverage gate derived from registries.json
• Cross-rail settlement semantic equivalence test: one deterministic payment scenario mapped through all 5 commerce rails
• Asymmetric safety invariant: delegation/lifecycle functions must not emit settlement-like commerce events
• isValidAmountMinor() and AmountMinorStringSchema in @peac/schema: validate-and-reject utility
• Commerce integration matrix with upstream compatibility table
• Paymentauth carrier roundtrip and Stripe observation race conformance tests

Changed

• README: paymentauth as canonical code term; Agentic Commerce Protocol (ACP) expanded on first mention
• Commerce specs: cross-rail invariants section, x402 attestation model, ACP source-hierarchy rule
• 6915 tests (was 6664), 92 build targets

Fixed

• Fixture spec_revision pinned to draft-ryan-httpauth-payment-01 (active Internet-Draft)
• intent_spec_revision marked provisional (not publicly listed on datatracker.ietf.org)

Install

npm install @peac/schema@0.12.5 @peac/protocol@0.12.5 @peac/crypto@0.12.5

Full changelog: https://github.com/peacprotocol/peac/blob/main/CHANGELOG.md

---

PEAC Protocol is an open-source project stewarded by Originary and community.