Is Originary only for people building agents?

No. Originary is built first for operators of systems that agents access: APIs, tools, MCP servers, and platforms exposing actions.

Does Originary still work if agents do not comply?

Yes, partially. Originary can still enforce operator-side policy and generate operator-side records. Full cross-party proof gets stronger when both sides participate.

Is Originary just observability?

No. Observability helps you inspect behavior. Originary adds access-time control and a verifiable interaction record you can use outside one product.

Do I need PEAC to use Originary?

No. Originary delivers product value directly. PEAC keeps the records portable and standards-aligned.

For AI agents, APIs, tools, and MCP servers

Prove what
agents did

Originary verifies requests, applies policy, and returns signed records you can prove later, across teams, vendors, and audits.

Start here See what your logs can't prove

Open source·Self-hostable·Offline verification·Portable·Downloads

Already have a signed record? Open Agent Auditor·See a full transaction trace →

Signed interaction recordVerified locally

ISSUERtools.vendor.com

TYPEorg.peacprotocol/access

POLICYsha256:3f8a...c7e1

SIGNEDEd25519 valid

VERIFYlocal, no callback

No Originary dependency in verificationInspect →

Sample record. Verified with issuer public key only.

The real question

Who called. What happened. Where's the proof?

An agent running on Company A's infrastructure calls Company B's inventory API. Company B's gateway returns a signed record proving the request was authorized under the published terms. Three weeks later, when a billing dispute arises, Company B exports that record. Company A's auditor verifies it offline using the issuer's public key. No dashboard access needed. No phone call. No screenshot.

Logs vs. decisions

Logs explain behavior. Records prove decisions.

Logs are useful for debugging inside your systems. They are weak evidence outside them. Originary returns signed records another party can inspect and verify independently.

Internal logsLocal only

14:23:01Agent invoked tool: check_inventory

14:23:01External API call: GET /api/v2/inventory

14:23:02Policy: tools.check_inventory → allow

14:23:02Result returned to agent

Useful for debugging. Not portable.

Signed recordPortable proof

✓

Issuer: tools.vendor.com

✓

Type: org.peacprotocol/access

✓

Policy: sha256:3f8a...c7e1 ✓

✓

Signature: Ed25519, valid

✓

Verify: local, no callback

Verifiable by any party, offline.

Signed recordPortable proof

✓

Issuer: tools.vendor.com

✓

Type: org.peacprotocol/access

✓

Policy: sha256:3f8a...c7e1 ✓

✓

Signature: Ed25519, valid

✓

Verify: local, no callback

Verifiable by any party, offline.

Internal logsLocal only

14:23:01Agent invoked tool: check_inventory

14:23:01External API call: GET /api/v2/inventory

14:23:02Policy: tools.check_inventory → allow

14:23:02Result returned to agent

Useful for debugging. Not portable.

Need	Logs / traces	Originary
Debug system behavior	Yes	Partial
Make access decisions	Limited	Yes
Keep an exportable record	No	Yes
Support cross-team review	Weak	Yes
Open standard underneath	No	Yes

Debug system behavior

LogsYes

OriginaryPartial

Make access decisions

LogsLimited

OriginaryYes

Keep an exportable record

LogsNo

OriginaryYes

Support cross-team review

LogsWeak

OriginaryYes

Open standard underneath

LogsNo

OriginaryYes

Originary adds:

Evaluate requests before action is takenApply explicit policy decisionsKeep exportable records for review and disputes

Who this is for

Built for the systems agents touch

Originary is for teams operating APIs, tools, gateways, MCP servers, and review workflows. If your systems receive automated requests, you need evidence that survives beyond your own dashboards.

API operators

An agent books a resource through your API

You need to know who authorized it, under what policy, and prove the decision later when the charge is disputed.

MCP server hosts

An MCP tool call modifies production data

The tool host needs a signed record of what was requested, what was allowed, and what the agent actually did.

Platform teams

A partner asks for proof of an agent interaction

You export a portable record they can verify independently, offline, without calling your systems.

Security and compliance

An auditor reviews agent-driven transactions

Compliance needs exportable evidence tied to the policy that applied at decision time, not just logs.

Works with your existing gateway, auth, payments, and observability stack.

Why trust Originary

Built to be verified without us

Every record should survive vendor boundaries. Originary can issue and manage records in production, but verification should remain local, portable, and independent.

Trust center

Self-hostable

Run on your own infrastructure. No external dependency.

Offline verification

Verify with the public key alone. No network required.

Exportable records

Inspect, share, archive, and use in disputes.

Open standard

PEAC Protocol, Apache-2.0. Portable across vendors.

Ed25519 signatures

Every record is signed with Ed25519 and independently verifiable.

Audit and dispute ready

Timestamped evidence for compliance and procurement.

Recognized in x402 ecosystem

PEAC receipt verification contributed to technical discussions with the Coinbase x402 protocol team.

Why this matters now

Evidence is not keeping up with automation

Agents are crossing boundaries

APIs, tools, and MCP servers handle agent traffic from organizations they do not control. Standard proof is missing.

Compliance is catching up

Compliance and review expectations for automated decisions are rising. Auditable records will be expected.

Disputes need portable artifacts

When an incident involves multiple teams, partners, or vendors, the party with exportable evidence resolves faster than the party with screenshots.

Open standard

Deploy Originary. Keep your records portable.

Originary is the product you deploy. PEAC is the open standard that keeps your records portable across systems and vendors. No lock-in.

Learn about PEAC

Ed25519 signatures, verified offline with a public key

29 packages on npm, 6,664 tests

Offline-verifiable with public key alone

Apache-2.0, self-hostable, vendor-neutral

FAQ

Frequently asked questions

A log is a local observation: your system saw something happen. A signed record is a portable, independently verifiable artifact: it proves what happened, what policy applied, who issued it, and when. Logs help you debug. Signed records help you prove.

Developers

Open a signed record or start issuing one

Try Agent Auditor Start here

Teams

Planning a deployment or procurement review?

Talk to us Trust and security

Prove whatagents did

Who called. What happened. Where's the proof?

Logs explain behavior. Records prove decisions.

Built for the systems agents touch

An agent books a resource through your API

An MCP tool call modifies production data

A partner asks for proof of an agent interaction

An auditor reviews agent-driven transactions

Built to be verified without us

Self-hostable

Offline verification

Exportable records

Open standard

Ed25519 signatures

Audit and dispute ready

Recognized in x402 ecosystem

Evidence is not keeping up with automation

Agents are crossing boundaries

Compliance is catching up

Disputes need portable artifacts

Deploy Originary. Keep your records portable.

Frequently asked questions

Developers

Teams

Prove what
agents did