Proof that leaves the system that made it.

Prove API and agent actions without sharing logs.

Q: Is this observability?

No. Observability helps your team understand system behavior. Originary creates records another party can verify independently.

Q: Do I need Originary to verify a record?

No. Verification should work offline with issuer public keys. Originary helps teams run issuance, verification, and export workflows in production.

Q: What happens if I stop using Originary?

Your records remain portable. PEAC is open, and verification does not require a callback to Originary.

Q: Is this only for AI agents?

No. It is for automated actions across APIs, MCP servers, tools, gateways, and agent workflows.

Originary adds portable signed records to API, MCP, gateway, A2A, and payment workflows, so customers, partners, and auditors can verify what happened without accessing your dashboard.

Start with one API response, MCP tool call, gateway decision, payment event, or agent handoff.

Start a pilot Verify a sample record See how it works

Offline verificationPortable signed recordsSelf-hostableDownloadsOpen standardNo vendor callback

Input event

API callpolicy + result

MCP tool callparams + output

Payment eventterms + access

Runtime decisionapproval + reason

Signed interaction record

Signed record

issuerapi.company.com

timestamp2026-04-24T12:21Z

policy bindingverified

terms digestmatched

result hashsha256:b7f4...91ac

Signaturevalid

Verifier reportVerified

Signaturevalid

Issuerverified

Policymatched

Termsmatched

Recordportable

Microsoft AGT

Claude Managed Agents

Works with x402, MCP, MPP, Stripe, A2A, AP2, Cloudflare, Vercel, Visa, Mastercard, OpenAI, OpenTelemetry, LangChain, Microsoft AGT, and Claude Managed Agents.

Why It Matters

Logs help your team debug. They do not settle what happened between companies.

When an automated action crosses a company boundary, the proof needs to cross too.

Usage dispute

A customer challenges API usage, pricing, policy, or scope.

Audit or procurement review

A buyer asks what an agent did, what policy applied, and who can verify it.

Agent or payment handoff

An MCP, A2A, gateway, or payment flow needs context another party can inspect.

Company B APISigned record

Shared proof artifact

Company A's agent called Company B's priced API.

The response included a signed record carrying the action, policy, issuer, timestamp, verification mode, and signature. Three weeks later, both sides can inspect the same artifact.

Issuerapi.company-b.com

Actionpriced API response

Policypolicy:v42

Timestamp2026-04-29T04:41Z

Verificationoffline-capable

Signatureed25519:valid

Counterparty verifierNo callback

Same recordboth sides inspect one artifact

Issuer keychecked against trusted keys

Policy bindingsame terms the action used

Offline modeverification does not phone home

Logs vs Records

Logs stay inside your system. Records survive the handoff.

A signed record can show who issued it, what action happened, what policy applied, when it happened, and whether the record verifies offline.

Internal logs

Useful for debugging. Weak as counterparty proof.

Signed record

Portable, signed, independently verifiable.

QuestionLogsRecords

Debug system behaviorYesPartial

Verify policy and signatureNoYes

Share with another partyWeakYes

Use in dispute or auditWeakYes

Verify offlineNoYes

Where To Start

Add records where proof already matters.

Start with one workflow. Keep your stack. Make selected events signed, verifiable, and exportable.

Proof Check

Find the workflows where logs, traces, or webhooks are not enough.

Agent Auditor

Inspect and verify a signed record locally.

Originary Verify

Run signed-record verification workflows in production.

Gateway 402

Record paid access decisions and API commerce events.

MCP Server

Bring signed-record verification into tool and agent workflows.

Trace

Export records from selected access, runtime, and handoff events.

Originary helps you:

issue records when automated actions happen
verify records independently, including offline
export records for disputes, audits, procurement, and incident review
add gateway-adjacent record issuance without replacing your gateway

How It Works

Keep your control plane. Add proof that travels.

Your stack decides

API, gateway, MCP server, runtime, or payment rail approves, denies, routes, settles, or responds.

Originary records

Selected facts, policy digest, result digest, issuer, timestamp, and signature become a signed record.

Another party verifies

A customer, partner, auditor, or support team verifies the record without your dashboard.

The key property is not signing alone. It is independent verification across company boundaries.

Independent Verification

Built to be verified without us.

Originary can help issue, manage, and export records in production. Verification remains local, offline-capable, and independent.

Self-hostable

Offline verification

Exportable records

Apache-2.0 standard

Ed25519 signatures

Audit and dispute ready

View PEAC on GitHub Downloads

Teams

Built for teams who need proof outside their own dashboard.

API and data providers

Prove usage, policy, and authorization when customers dispute automated traffic.

MCP and tool hosts

Export signed records for tool calls, delegated actions, and production-impacting automation.

AI platform teams

Give security, procurement, and audit teams records they can verify independently.

Security and compliance teams

Review what happened without relying on screenshots, vendor portals, or private logs.

Compatibility

Works beside your stack.

Originary does not replace your gateway, runtime, payment rail, observability stack, or policy engine. It records selected facts from them in a format another party can verify.

APIs

MCP servers

Agent gateways

A2A handoffs

Payment flows

Runtime governance

Observability exports

Audit workflows

Verifier Report

A signed record becomes a report another party can trust.

Issuer, signature, policy binding, terms digest, record format, and verification mode are visible without relying on your internal dashboard.

Verification reportVerified

Statusverified

Issuervalid

Signaturevalid

Policy bindingverified

Terms digestmatched

Record formatPEAC

Verification modeoffline-capable

Pilot

Start with one workflow where logs already fail.

Bring one API, MCP, commerce, or runtime flow. Originary will help make selected events signed, verifiable, and exportable without replacing your stack.

Usage dispute
Customer audit request
MCP tool-call review
Procurement proof
Incident reconstruction

Start a pilot Verify a sample record

FAQ

Frequently asked questions.

Is this observability?

No. Observability helps your team understand what happened inside your systems. Originary creates signed records another party can verify without access to your logs, traces, or dashboard.

Do I need Originary to verify a record?

No. PEAC records are designed for independent verification. Originary provides product workflows for issuing, managing, reviewing, and exporting records in production.

What happens if I stop using Originary?

Records that were already issued remain verifiable according to their issuer keys, expiry, and trust policy. Verification does not depend on an Originary callback.

Is this only for AI agents?

No. The first use cases are agent, API, MCP, gateway, A2A, and payment workflows, but the primitive is broader: signed records for automated actions that cross boundaries.

Next Step

If one flow needs stronger proof, start there.

Logs stay local. Records cross boundaries. Bring one API, MCP, commerce, or runtime flow and start there.

Start a pilot Verify a sample record