release: v0.12.14 - Privacy-Aware Verification + Policy Binding

CHANGELOG.md

@@ -5,7 +5,47 @@ All notable changes to PEAC Protocol will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.12.13] - Unreleased
+## [0.12.14] - Unreleased
+
+Policy binding and privacy-aware verification. Typed document binding for terms and policy, publisher-supplied canonical digest support, privacy-aware deployment guidance, and verifier privacy defaults including JWKS cache retention caps and a no-raw-personal-data minimization mode. Documentation, tests, and tooling only. No wire, schema, kernel, crypto, or protocol public-API change.
+
+### Added
+
+- `packages/protocol/src/document-binding.ts`: typed document-binding helpers with three scheme-specific functions (`computeJsonDocumentDigestJcs`, `computeTextDocumentDigestUtf8`, `computeDocumentDigest`) and a three-state check (`checkDocumentBinding`). JCS name reserved for JSON-only; text helper names its normalization scheme. Normative spec: `docs/specs/DOCUMENT-BINDING.md`.
+- `packages/protocol/src/verifier-types.ts` gains `DocumentBindingResult`, `VerifierBindings`, and `DocumentRepresentation` types. The verifier report gains an optional top-level `bindings` object carrying `policy`, `terms`, and `documents` under the same three-state semantics. Legacy `policy_binding` top-level field is preserved as a byte-stable mirror for v0.12.x consumers.
+- `docs/specs/DOCUMENT-BINDING.md`: normative spec defining the canonical hash format, three-state semantics, helper-naming contract, minimal text canonicalization rule (`\n` + NFC, no trailing-whitespace stripping), per-representation binding identity, and publisher-supplied `canonical_digest` rule (verifiers may compare when present; must never synthesize from non-JSON; absence is `unavailable`, not `failed`).
+- `packages/adapters/x402/src/terms.ts`: `computeX402TermsDigest` convenience helper over the dispatcher for the four x402 PR-1986 `terms` representations (`uri`, `markdown`, `plaintext`, `json`).
+- JWKS cache retention caps via `PEAC_JWKS_CACHE_TTL_MS` (default 300 000 ms / 5 min) and `PEAC_JWKS_CACHE_MAX_ENTRIES` (default 1 000) environment variables. Decimal-only parsing; malformed values fall back to built-in defaults without uncaching.
+- `PEAC_NO_RAW_PERSONAL_DATA` (set to `true` or `1`) enables the `no_raw_personal_data` minimization mode on the verifier report. The redactor pseudonymises `claims.sub` and `claims.actor.{id,email,name,display_name,handle,sub}` to `sha256:<32 hex>`, walks `claims.extensions` recursively, and elides string leaves that are not short structured identifiers. Protocol metadata fields are unchanged. When the variable is unset the report body is byte-identical to v0.12.13.
+- Five boundary-first privacy guidance documents under `docs/privacy/`: `DATA-CLASSIFICATION.md`, `RETENTION-AND-DELETION.md`, `DEPLOYMENT-ROLES.md`, `DATA-SUBJECT-RIGHTS.md`, and `DPIA-STARTER.md`. Each opens with explicit "What PEAC does / What PEAC does not do / What deployers still own" framing.
+- `docs/specs/PRIVACY-PROFILE.md`: extended with boundary-first block and cross-references to the new deployment-guidance documents.
+- `docs/specs/DOCUMENT-BINDING.md`, `docs/specs/VERIFICATION-REPORT-FORMAT.md` updated to document `bindings` shape and publisher-supplied `canonical_digest` rule.
+- `scripts/verify-no-semantic-widening.mjs`: release gate verifying wire format unchanged, published package count unchanged at 37, extension group count unchanged at 12, OpenAPI includes required fields and the permitted additive `bindings` field, no new primary-path error codes, total error count unchanged at 186.
+
+### Changed
+
+- `packages/protocol/src/policy-binding.ts`: `computePolicyDigestJcs` delegates to `computeJsonDocumentDigestJcs` internally; public API and byte output unchanged.
+- `packages/discovery/src/`: narrowed to policy-document parsing; legacy `verify` / `public_keys` / `jwks` fields in `peac.txt` emit a structured `PEAC_LEGACY_PEAC_TXT_KEY_FIELD` deprecation warning.
+- `packages/aipref/`: deprecated facade over `@peac/mappings-content-signals`; network I/O removed; digests widened to full SHA-256 (`sha256:<64 hex>`); a one-shot `PEAC_DEPRECATED_PREF` structured deprecation warning is emitted.
+- OpenAPI `verify.yaml` and `apps/api/openapi.yaml` refreshed to `info.version: 0.12.14` with the additive `bindings` field on both `VerifySuccessResponse` and `ExtendedVerifyReport` schemas.
+
+### Deprecated
+
+- `@peac/disc` (legacy key-discovery fields): deprecated and narrowed. Full removal owned by the next cleanup release.
+- `@peac/pref`: deprecated facade over `@peac/mappings-content-signals`. Full removal owned by the next cleanup release.
+
+### Deferred
+
+The following items are deferred to v0.13.0:
+
+- Naming and terminology cleanup; legacy quarantine of `peac.receipt/0.9` off active surfaces.
+- Scheduled removals: `ProofMethodSchema`, A2A v0.3.0 compatibility, legacy `/verify` endpoint, `sdk-js` workspace stub.
+- Full removal of `@peac/disc` and `@peac/pref` deprecated facades.
+- Reboot baseline capture, resource-limit spec, and `docs/STANDARDS_LEDGER.md`.
+- Package-surface reduction program with measurable gate.
+- Hosted Issue GA decision.
+
+## [0.12.13] - 2026-04-20
 
 Compliance mappings, verifier contract alignment, portable proof workflows, and Go adapter follow-through. Documentation, tests, workflows, and SDK support tooling only. No wire, schema, kernel, crypto, or protocol public-API change.
 

REPO_SURFACE_STATUS.json

@@ -1,7 +1,7 @@
 {
   "description": "Machine-readable surface classification for PEAC Protocol workspace. CI fails if any workspace member is missing. See docs/PACKAGE_STATUS.md for human-readable view.",
-  "version": "0.12.13",
-  "updated": "2026-04-20",
+  "version": "0.12.14",
+  "updated": "PENDING",
   "states": {
     "default": "Current recommended path. Actively maintained, Wire 0.2 native.",
     "supported": "Actively maintained, published, production-ready. May not be on default quickstart path.",

apps/api/openapi.yaml

@@ -1,7 +1,7 @@
 openapi: 3.1.1
 info:
   title: PEAC Hosted Verify API
-  version: 0.12.13
+  version: 0.12.14
   description: >
     Hosted verification service for signed interaction records.
     Request body is `application/json` carrying a compact JWS in the
@@ -180,6 +180,23 @@ components:
           type: string
           enum: [unavailable, verified, failed]
           description: Three-state policy binding result
+        bindings:
+          type: object
+          description: >
+            Optional top-level bindings object (v0.12.14). Present only when caller supplied
+            bindings.terms or a non-empty bindings.documents to verifyLocal. Absent when no
+            terms or document digests were supplied (byte-stable with v0.12.13). Report-only;
+            not stamped into the emitted record or envelope shape.
+          properties:
+            policy:
+              type: string
+              enum: [unavailable, verified, failed]
+            terms:
+              type: object
+              description: Per-representation terms-binding result when caller supplied a terms digest.
+            documents:
+              type: array
+              description: Per-document binding results when caller supplied document digests.
         issuer:
           type: string
           description: Issuer URI from the receipt
@@ -252,6 +269,23 @@ components:
         policy_binding:
           type: string
           enum: [unavailable, verified, failed]
+        bindings:
+          type: object
+          description: >
+            Optional top-level bindings object (v0.12.14). Present only when caller supplied
+            bindings.terms or a non-empty bindings.documents to verifyLocal. Absent when no
+            terms or document digests were supplied (byte-stable with v0.12.13). Report-only;
+            not stamped into the emitted record or envelope shape.
+          properties:
+            policy:
+              type: string
+              enum: [unavailable, verified, failed]
+            terms:
+              type: object
+              description: Per-representation terms-binding result when caller supplied a terms digest.
+            documents:
+              type: array
+              description: Per-document binding results when caller supplied document digests.
         issuer:
           type: string
         kid:

apps/api/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/app-api",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "PEAC Protocol API server with OpenAPI 3.1, RFC 9457 Problem Details, and content negotiation",
   "type": "module",
   "main": "dist/index.js",

apps/sandbox-issuer/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/app-sandbox-issuer",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "PEAC Protocol Sandbox Issuer - Test receipt issuance for development",
   "type": "module",
   "main": "dist/node.js",

apps/verifier/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/app-verifier",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "PEAC Protocol Browser Verifier - Client-side receipt verification",
   "type": "module",
   "private": true,

contracts/api/crypto.json

@@ -1,6 +1,6 @@
 {
   "package": "@peac/crypto",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "extracted_at": "2026-04-22",
   "node_version": "v24.13.0",
   "value_exports": [

contracts/api/kernel.json

@@ -1,6 +1,6 @@
 {
   "package": "@peac/kernel",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "extracted_at": "2026-04-22",
   "node_version": "v24.13.0",
   "value_exports": [

contracts/api/protocol.json

@@ -1,6 +1,6 @@
 {
   "package": "@peac/protocol",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "extracted_at": "2026-04-22",
   "node_version": "v24.13.0",
   "value_exports": [

contracts/api/schema.json

@@ -1,6 +1,6 @@
 {
   "package": "@peac/schema",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "extracted_at": "2026-04-22",
   "node_version": "v24.13.0",
   "value_exports": [

docs/SURFACE_STATUS.md

@@ -2,7 +2,7 @@
 
 Do not edit manually. Source: `REPO_SURFACE_STATUS.json`. Rebuild via `node scripts/generate-surface-status.mjs`.
 
-**Version:** 0.12.13 | **Updated:** 2026-04-20
+**Version:** 0.12.14 | **Updated:** PENDING
 
 ## Layer 1
 

docs/releases/current.json

@@ -1,8 +1,8 @@
 {
   "description": "PEAC release manifest: CI-enforceable source of truth for release state",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "wire_format_version": "0.2",
-  "dist_tag": "latest",
+  "dist_tag": "next",
   "registries_version": "0.6.0",
-  "errors_version": "0.12.13"
+  "errors_version": "0.12.14"
 }

docs/releases/facts.json

@@ -1,13 +1,13 @@
 {
   "description": "Canonical source of truth for PEAC Protocol release metrics. Website, docs, and release notes consume this file. CI validates derived metrics (tests, build_targets, published_packages, conformance_*) against actual build output. On release-prep branches, mutable release-state fields (release_date, dist_tag) carry placeholder values and are stamped post-tag and post-promotion via scripts/stamp-release-state.mjs per docs/RELEASING.md.",
   "schema_version": "1.0.0",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "wire_format_version": "0.2",
-  "dist_tag": "latest",
-  "release_date": "2026-04-20",
+  "dist_tag": "next",
+  "release_date": "2026-04-22",
   "metrics": {
-    "tests": 7600,
-    "test_files": 304,
+    "tests": 7680,
+    "test_files": 308,
     "published_packages": 37,
     "build_targets": 106,
     "conformance_requirement_ids": 224,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/monorepo",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "private": true,
   "description": "Portable signed records for agent, API, MCP, and cross-runtime interactions.",
   "repository": {
@@ -58,6 +58,7 @@
     "verify:codegen-drift": "bash scripts/verify-codegen-drift.sh",
     "verify:distribution": "node scripts/verify-distribution.mjs",
     "verify:release": "node scripts/verify-release.mjs",
+    "verify:no-widening": "node scripts/verify-no-semantic-widening.mjs",
     "api-contract:extract": "tsx scripts/extract-api-contract.ts",
     "api-contract:check": "tsx scripts/extract-api-contract.ts --check",
     "verify:contracts:drift": "tsx scripts/extract-api-contract.ts --check",

packages/access/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/access",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "private": true,
   "description": "PEAC access pillar (placeholder for v0.9.18+)",
   "type": "module",

packages/adapters/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-core",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Shared utilities for PEAC payment rail adapters and commerce mappings (Result types, validators, payment-proof contracts, mapper-boundary finality guard)",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/adapters/did/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-did",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "DID document resolution for PEAC receipt verification (did:key, did:web)",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/adapters/eat/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-eat",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "EAT (Entity Attestation Token, RFC 9711) passport decoder and PEAC claim mapper",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/adapters/managed-agents/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-managed-agents",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Vendor-neutral managed agent runtime event adapter for PEAC interaction evidence",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",

packages/adapters/openai-compatible/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-openai-compatible",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "OpenAI-compatible chat completion adapter for PEAC interaction evidence (hash-first)",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/adapters/openclaw/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-openclaw",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "OpenClaw adapter for PEAC interaction evidence capture",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/adapters/runtime-governance/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-runtime-governance",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Runtime governance adapter for PEAC interaction records with AGT mapper",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",

packages/adapters/x402/daydreams/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-x402-daydreams",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Daydreams AI inference event normalizer for PEAC protocol",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/adapters/x402/fluora/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-x402-fluora",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Fluora MCP marketplace event normalizer for PEAC protocol",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/adapters/x402/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-x402",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "x402 offer/receipt verification, term-matching, and PEAC record mapping",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/adapters/x402/pinata/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/adapter-x402-pinata",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Pinata private IPFS objects event normalizer for PEAC protocol",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

packages/aipref/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/pref",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Deprecated facade over @peac/mappings-content-signals (AIPREF / robots.txt / tdmrep). Use @peac/mappings-content-signals directly.",
   "type": "module",
   "main": "dist/index.js",

packages/attribution/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/attribution",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "PEAC attribution attestation - content derivation and usage proofs",
   "type": "module",
   "main": "./dist/index.js",

packages/audit/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/audit",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Audit logging and case bundle generation for PEAC protocol disputes",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/capture/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/capture-core",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Runtime-neutral capture pipeline for PEAC interaction evidence",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/capture/node/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/capture-node",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "Node.js durable storage for PEAC capture pipeline (filesystem spool store and dedupe index)",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/cli",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "description": "PEAC protocol command-line tools",
   "main": "dist/index.cjs",
   "types": "dist/index.d.ts",

packages/compliance/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/compliance",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "private": true,
   "description": "PEAC compliance pillar (placeholder for v0.9.18+)",
   "type": "module",

packages/conformance-harness/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/conformance-harness",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "private": true,
   "description": "Conformance test harness for PEAC protocol fixtures",
   "main": "dist/index.cjs",

packages/consent/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peac/consent",
-  "version": "0.12.13",
+  "version": "0.12.14",
   "private": true,
   "description": "PEAC consent pillar (placeholder for v0.9.18+)",
   "type": "module",