For teams running agent-facing systems

Verify agent requests, apply policy, return portable signed records

Start with middleware or the MCP server. Keep the rest of your stack.

Logs stay local. Signed records travel.

Start buildingVerify a sample record
Open sourceSelf-hostableOffline verificationNo lock-in
Book a demo/Install MCP server/Read the spec/Downloads
request → policy → signed record → verify
POST /api/bookings
Authorization: Bearer <agent-token>

// Originary evaluates
-> agent identity: verified
-> policy matched: bookings.default
-> decision: allow

// Signed record returned
PEAC-Receipt: eyJhbGciOiJFZERTQ...
// Ed25519 · portable · offline-verifiable
Local verificationVerified
SignatureEd25519 valid
Issuerhttps://api.example.com
Agentdid:key:z6Mkf5r...
Decisionallow
ResourcePOST /api/bookings
Policybookings.default
Recordportable, exportable
No network call required. Verified with public key alone.

28 packages · 6,443 tests · Apache-2.0 · v0.12.3

Who this is for

Built for operators, not just builders

Originary is built first for teams running the systems that agents access. If your stack receives agent requests, Originary gives you the verification layer.

APIs receiving agent traffic

Evaluate incoming agent requests, apply rate and access policy, return signed records of every decision.

MCP servers and tool hosts

Add verification middleware to any tool endpoint. Signed records travel with the response.

Platforms exposing actions to agents

Policy sits at the boundary. Records prove what was allowed, denied, or challenged.

Security and compliance teams

Exportable, portable records for audit, disputes, and procurement review. Offline-verifiable.

Works with your existing gateway, auth, payments, and observability stack.

Three steps

How it works

01

Evaluate the request

Classify inbound agent requests before action is taken.

02

Apply policy

Allow, deny, review, rate-limit, require approval, or charge based on your rules.

03

Emit the record

Create a portable signed record your team can inspect, verify, and export later.

Request lifecycle

1

Evaluate

Classify inbound request using available signals

2

Apply policy

Your rules determine the access decision

3

Emit record

Signed record returned and exportable

Works with the signals you have today. More signals produce stronger decisions and more complete records.

Why trust it

Built for verification, not vendor dependency

Self-hostable

Run verification on your own infrastructure. No external service dependency.

Offline verification

Verify any record using the public key alone. No API calls, no network required.

Exportable records

Portable signed records your team can inspect, share, archive, and use in disputes.

Open standard, no lock-in

Built on PEAC Protocol (Apache-2.0). Records are portable across systems and vendors.

Logs vs. decisions

Why logs are not enough

Logs and traces help with debugging. They do not replace explicit policy decisions or exportable records.

Originary adds:

  • Evaluate requests before action is taken
  • Apply explicit policy decisions
  • Keep exportable records for review and disputes

Debug system behavior

LogsYes
OriginaryPartial

Make access decisions

LogsLimited
OriginaryYes

Keep an exportable record

LogsNo
OriginaryYes

Support cross-team review

LogsWeak
OriginaryYes

Open standard underneath

LogsNo
OriginaryYes
Open standard

Use the product now. Keep the record portable.

Originary is the product. PEAC keeps the record portable across systems and vendors.

Learn about PEAC

Ed25519 signatures, JWS compact serialization

28 packages on npm, 6,443 tests

Offline-verifiable with public key alone

Apache-2.0, self-hostable, vendor-neutral

FAQ

Frequently asked questions

No. Originary is built first for operators of systems that agents access: APIs, tools, MCP servers, and platforms exposing actions.

See how a request becomes a signed record

Open a real signed record, inspect the claims, and verify the signature. No account required.

Try Agent AuditorDeveloper quickstartBook a demo