Internal logs
Useful for debugging. Weak as counterparty proof.
For AI agents, APIs, tools, and MCP servers
Prove what AI agents and APIs did.
Originary turns API calls, MCP tool use, runtime decisions, and payment events into signed records another party can verify.
Built on PEAC Protocol, the open standard for portable signed interaction records.
Input event
API callpolicy + result
MCP tool callparams + output
Payment eventterms + access
Runtime decisionapproval + reason
Signed interaction record
Signed record
issuerapi.company.com
timestamp2026-04-24T12:21Z
policy bindingverified
terms digestmatched
result hashsha256:b7f4...91ac
Signaturevalid
Verifier reportVerified
Signaturevalid
Issuerverified
Policymatched
Termsmatched
Recordportable
Agent Governance Toolkit
Claude Managed AgentsWorks with x402, MCP, MPP, Stripe, A2A, AP2, Cloudflare, Vercel, Visa, Mastercard, OpenAI, OpenTelemetry, LangChain, Microsoft Agent Governance Toolkit, and Claude Managed Agents.
Problem
Who called? What happened? Where's the proof?
An agent running on Company A's infrastructure calls Company B's API. The API returns a signed record showing the action, policy, issuer, timestamp, and verification status. Three weeks later, when a billing dispute or audit question appears, both sides can verify the same record offline. No dashboard access. No screenshot. No phone call.
Company B APISigned record
Boundary event
Company A agent called a priced API.
The record carries the action, policy, issuer, timestamp, verification status, and signature beyond either party's dashboard.
Issuerapi.company-b.com
Actionpriced API response
Policypolicy:v42
Timestamp2026-04-29T04:41Z
Verificationoffline-capable
Signatureed25519:valid
Counterparty verifierNo callback
Same recordboth sides inspect one artifact
Issuer keychecked against trusted keys
Policy bindingsame terms the action used
Offline modeverification does not phone home
Logs vs Records
Logs explain behavior. Records prove what crossed the boundary.
A signed record can show who issued it, what action happened, what policy applied, when it happened, and whether the record verifies offline.
Signed record
Portable, signed, independently verifiable.
QuestionLogsRecords
Debug system behaviorYesPartial
Verify policy and signatureNoYes
Share with another partyWeakYes
Use in dispute or auditWeakYes
Verify offlineNoYes
Product
Originary is the operating layer for signed records.
PEAC defines the open standard. Originary helps teams run it in production.
Verify API
Validate signed records, policy bindings, issuer keys, and verification reports.
Issuer operations
Key rotation, revocation, policy binding, and production-safe record issuance.
Audit bundles
Export a package a counterparty, auditor, or customer can verify independently.
Dispute workflows
Turn signed records into reviewable proof for billing, procurement, incident, and compliance questions.
Originary adds:
- Issue records when automated actions happen.
- Verify records independently, including offline.
- Export records for disputes, audits, procurement, and incident review.
- Optional policy enforcement when deployed at the gateway.
Architecture
A record that survives the boundary.
Service publishes policy or terms.
Automated action happens.
Signed record is issued.
Counterparty verifies offline.
Audit bundle exports when needed.
The key property is not signing alone. It is independent verification across company boundaries.
Trust
Built to be verified without us.
Originary can help issue, manage, and export records in production. Verification remains local, offline, and independent.
Self-hostable
Offline verification
Exportable records
Apache-2.0 standard
Ed25519 signatures
Audit and dispute ready
Who It Is For
Built for the systems agents touch.
API operators
Prove usage, policy, and authorization when customers dispute automated traffic.
MCP server hosts
Export signed records for tool calls, production changes, and delegated actions.
AI platform teams
Give security, procurement, and audit teams records they can verify independently.
Security and compliance teams
Review what happened without relying on screenshots, vendor portals, or private logs.
Verifier Report
A signed record becomes a report another party can inspect.
The report is concrete: issuer, signature, policy binding, terms, record format, and verification mode are visible without relying on your internal dashboard.
Verification reportVerified
Statusverified
Issuervalid
Signaturevalid
Policy bindingverified
Terms digestmatched
Record formatPEAC
Verification modeoffline-capable
Pilot
Start with one workflow where logs already fail.
Bring one API, MCP, commerce, or runtime flow. Originary will help make it signed, verifiable, and exportable without replacing your stack.
- Usage dispute
- Customer audit request
- MCP tool-call review
- Procurement proof
- Incident reconstruction
FAQ
Frequently asked questions.
Is this observability?
No. Observability helps your team understand system behavior. Originary creates records another party can verify independently.
Do I need Originary to verify a record?
No. Verification should work offline with issuer public keys. Originary helps teams run issuance, verification, and export workflows in production.
What happens if I stop using Originary?
Your records remain portable. PEAC is open, and verification does not require a callback to Originary.
Is this only for AI agents?
No. It is for automated actions across APIs, MCP servers, tools, gateways, and agent workflows.
Next Step
If one flow needs stronger proof, start there.
Logs stay local. Records cross boundaries. Bring one API, MCP, commerce, or runtime flow and start there.