Verify every agent request.
Prove every decision.
Originary verifies agent requests, applies policy, and returns signed records you can prove later. PEAC is the open standard underneath.
Who called. What happened. Where's the proof?
Most systems do not make agent request decisions explicit. What teams usually lack is a verifiable interaction record of how the request was evaluated, what policy was applied, and what decision was made.
When an agent hits your API, tool, or MCP server, three things matter:
Originary gives you that record without asking you to replace the rest of your stack.
Logs show what happened. Originary proves it.
Logs and traces help with debugging. They do not replace explicit policy decisions or exportable records.
| Need | Logs / traces | Originary |
|---|---|---|
| Debug system behavior | Yes | Partial |
| Make access decisions | Limited | Yes |
| Keep an exportable record | No | Yes |
| Support cross-team review | Weak | Yes |
| Open standard underneath | No | Yes |
Debug system behavior
Make access decisions
Keep an exportable record
Support cross-team review
Open standard underneath
Originary adds:
Built for operators, not just builders
Originary is built first for teams running the systems that agents access. If your stack receives agent requests, Originary gives you the verification layer.
An agent books a resource through your API
You need to know who authorized it, under what policy, and prove the decision later when the charge is disputed.
An MCP tool call modifies production data
The tool host needs a signed record of what was requested, what was allowed, and what the agent actually did.
A partner asks for proof of an agent interaction
You export a portable record they can verify independently, offline, without calling your systems.
An auditor reviews agent-driven transactions
Compliance needs exportable evidence tied to the policy that applied at decision time, not just logs.
Works with your existing gateway, auth, payments, and observability stack.
Agent traffic is exploding. Controls are not.
Agents are crossing boundaries
APIs, tools, and MCP servers handle agent traffic from organizations they do not control. Standard proof is missing.
Compliance is catching up
EU AI Act transparency obligations apply from August 2, 2026. Auditable records of automated decisions will be expected.
Logs are not enough
Internal observability helps you debug. It does not help a partner, auditor, or regulator verify what happened.
Built for verification, not vendor dependency
Every record is self-contained. Verification is local. No dependency on Originary at verification time.
Self-hostable
Run on your own infrastructure. No external dependency.
Offline verification
Verify with the public key alone. No network required.
Exportable records
Inspect, share, archive, and use in disputes.
Open standard
PEAC Protocol, Apache-2.0. Portable across vendors.
Ed25519 signatures
Every record is cryptographically signed and verifiable.
Audit and dispute ready
Timestamped evidence for compliance and procurement.
Deploy Originary. Keep your records portable.
Originary is the product you deploy. PEAC is the open standard that keeps your records portable across systems and vendors. No lock-in.
Ed25519 signatures, verified offline with a public key
28 packages on npm, 6,443 tests
Offline-verifiable with public key alone
Apache-2.0, self-hostable, vendor-neutral
Frequently asked questions
See it for yourself
Open a real signed record, inspect every claim, and verify the signature. No account required.
Not a developer? Talk to us about enterprise deployment · Security and procurement · Press