ai gateway

Your gateway decides. Records make each decision provable.

An AI gateway, LLM gateway, model router, or egress proxy sits at the boundary where agent and model traffic crosses company lines. Originary uses PEAC to issue a signed record for each decision the gateway already makes, so a client, auditor, or partner can verify it later, without your logs or dashboards.

org.peacprotocol/access-decisionverified offline
Issuer
https://gateway.vendor.example
Request
tools.call market_data
Decision
allow - policy applied
Signature
Ed25519 e02d7f15...
sample record - demo signature
Gateway decisionsDeny as evidenceRedaction digestsSpend attribution
The problem

Gateway logs explain decisions internally. Signed records let others verify them.

A gateway log can help you debug a routing or policy decision internally. It cannot be handed to a customer, auditor, or counterparty as independent proof. A signed record answers the questions that cross the boundary:

  • Which policy version applied at that moment?
  • Was the request allowed, denied, or modified?
  • What content was actually delivered, versus what was produced?
  • Which agent or workload spent what through the gateway?
  • Can any of this be verified later, without access to our systems?
The specimen

One gateway decision. One signed record.

org.peacprotocol/access-decisionverified offline
Issuer
https://gateway.vendor.example
Request
tools.call market_data
Decision
allow
Policy
tool-policy:v2 sha256:4e21b8...
Produced
sha256:9a3c1d...
Delivered
sha256:9a3c1d...
Time
2026-07-02T09:14:31Z
Signature
Ed25519 30cf81d6... kid 2026-07-key1
sample record - demo signature
Verify on any machine, later
$ npx -y @peac/cli verify ./gateway-decision.jws --public-key ./jwks.json
Signature valid (offline)
How it travels
"_meta": {
  "org.peacprotocol/receipt_ref": "sha256:f04d11...",
  "org.peacprotocol/receipt_jws": "eyJhbGciOiJFZERTQSIs..."
}

Records ride existing gateway response metadata or export as bundles. They travel separately from the gateway that created them.

Deny as evidence

A refused or redacted request is still an event.

A signed deny records what was refused, when, and why: the reason code, the policy digest, and the timestamp travel together with the signature.

When the gateway redacts rather than blocks, the produced and delivered digest pair proves the content was modified in transit, without revealing the content itself.

org.peacprotocol/access-decisiondecision: denied
Issuer
https://gateway.vendor.example
Request
tools.call export_billing
Decision
denied - policy_violation
Policy
tool-policy:v2 sha256:4e21b8...
Time
2026-07-02T09:16:04Z
Signature
Ed25519 e02d7f15... valid
deny-as-evidence - portable proof of a refusal
Spend attribution

When agent traffic hits a metered or paid endpoint, the record binds who spent what.

Each call yields a signed record binding the caller identity or agent reference, the action, and the observed payment context. Finance and audit review can reconcile agent spend against signed records instead of one side's counters.

org.peacprotocol/access-decisionverified offline
Issuer
https://gateway.vendor.example
Agent
research-agent-v3
Request
POST /v1/market-data/search
Decision
allow - metered
Payment
observed context - x402-style
Time
2026-07-02T09:17:52Z
Signature
Ed25519 c9a012ff...
observation record - not a payment instruction
Fits your stack

Records compose with what your gateway already touches.

  • OpenTelemetry trace correlation: records carry W3C trace context, so a gateway decision links to the same trace in your OpenTelemetry backend via the peac.record.ref span attribute.
  • In front of MCP servers: per-tool-call records travel alongside the gateway decision. See /mcp.
  • In front of paid or metered endpoints: x402-style payment observation binds the decision to the call it metered. See /agentic-commerce.
  • Evidence bundles: export a set of decision records for a dispute or a review, verifiable without access to the gateway.
Boundaries

What Originary does not do here.

  • It does not route or proxy traffic.
  • It does not enforce or decide policy.
  • It does not rate-limit or gate anything.
  • It does not replace your gateway, WAF, or observability stack.
  • It does not move or settle money.
  • It does not score or rank counterparties.

It records the decisions your gateway already makes.

Add records to one gateway route this week.

Start with the route another party already asks about. We will show what the signed record should contain.

Verify it
npx -y @peac/cli verify ./gateway-decision.jws --public-key ./jwks.json
Logs stay local. Signed records travel.