The web was built for humans clicking links. Agents need something different.
Machine-readable terms, predictable enforcement, and a durable way to verify what happened without relying on a single vendor's logs. We make agent interactions verifiable through portable decision records: cryptographically signed receipts that bind outcomes to the policy state in force at decision time.
A portable decision record can be verified offline by any party, stored independently of the issuing service, and used across audits, disputes, and partner workflows.
PEAC Protocol
The open standard for policy discovery and verifiable receipts. Settlement is optional and adapter-based.
Originary Platform
Production components that help teams author policy, enforce decisions, and verify receipts in real systems.
Scope
Ten Verification Domains
Every receipt can attest to one or more of these dimensions, ordered from identity establishment through compliance reporting.
Identity
Cryptographic proof-of-control for agents and operators.
Purpose
Declared intent for each interaction.
Consent
What is allowed under stated terms.
Privacy
What is collected, retained, and disclosed.
Safety
Defense-in-depth security and safe-by-default design.
Access
Who can read or call what.
Commerce
Optional settlement terms and evidence.
Attribution
How creators and sources are credited.
Provenance
How outputs trace to inputs and decisions.
Compliance
How obligations map to verifiable controls.
How it works
Evidence Layer, Not Another Platform
PEAC sits between application logic and the compliance surface. It does not replace payment rails, identity providers, or AI frameworks: it gives them a shared way to produce and verify interaction evidence.
Not a payment protocol
Settlement adapters (Stripe, x402, card networks) plug in; PEAC captures the evidence.
Not an identity system
PEAC verifies key control (Ed25519); the identity layer above decides what keys mean.
Not an AI framework
PEAC works with any agent stack. Receipts travel alongside tool calls, not inside them.
Typical Adoption Path
Start small, expand as trust requirements grow.
Declare
Publish a peac.txt and start issuing signed receipts with the SDK or CLI.
Enforce + Verify
Add middleware or gateway rules. Third parties verify receipts offline.
Operate
Export evidence bundles, run conformance checks, and feed receipts into audits and dispute workflows.
Built for
Who It's For
API Providers
Publish interaction terms and issue receipts to every caller, human or agent.
AI Agent Builders
Collect verifiable proof of what your agent did, under which terms, for audit or dispute resolution.
Compliance Teams
Map regulatory obligations to receipt-backed evidence without building custom logging.
Payment Platforms
Attach settlement evidence to existing rails through adapter-based integration.
What We Build
Modular surfaces: adopt one or deploy the full stack.
Declare
Define interaction terms once in a format that is human-readable and machine-enforceable.
Trace
Evidence exports and decision views for audits, disputes, and operations.
Gateway 402
Edge enforcement with HTTP 402 challenges and consistent receipt issuance.
Verify API
Verify receipt signatures and bind outcomes to the policy state at decision time.
Studio
Policy review, testing, and evidence workflow tooling.
Teams typically start with Declare + the SDK/CLI, then add Gateway and Verify when they need enforcement and third-party verifiability. Trace and Studio follow when audits or scale require structured evidence workflows.
Built on an Open Foundation
PEAC (Programmable Environment for Agent Coordination) is the open protocol behind our receipts. It defines how policies are published and how cryptographically signed receipts provide portable evidence of an interaction outcome under declared terms.
PEAC Protocol (Open)
- Apache-2.0 licensed, no CLA required
- Full spec, test vectors, and conformance suite
- Anyone can implement without permission
- Wire format frozen until v1.0
- Independent implementations encouraged
Originary Platform (Hosted)
- Managed policy authoring and enforcement
- Evidence export, audit views, dashboards
- Gateway for edge enforcement and HTTP 402
- Support, SLAs, and compliance guidance
- Interoperable with any conformant issuer
Trust and Governance
The protocol specification, conformance vectors, and reference implementation are all published under Apache-2.0 on GitHub. There is no contributor license agreement.
Normative changes follow a public decision record process. Every new field, header, or protocol behavior requires spec text, schema updates, and conformance vectors before shipping.
Originary is the primary implementer, not the sole authority. The conformance suite lets any team validate their implementation independently.
How We Work
Receipts-first
Durable evidence that can be verified independently and used across audits, disputes, and partner workflows.
Protocol-driven
Clear specifications, test vectors, and governance so anyone can implement without permission.
Developer-led
Start with a single file (peac.txt) and the SDK/CLI. Adopt hosted services only when you need them.
Company
Originary is the steward and primary implementer of PEAC, operated by Poem, Inc.
ORIGINARYTM is a brand of Poem, Inc.
Poem, Inc. builds AI infrastructure software and tools for the agentic web, and maintains the Originary products and services that run on top of PEAC Protocol.
In the U.S., “Originary” is used by Poem, Inc. as a brand for its AI infrastructure software and tools for the agentic web. Poem, Inc. is not affiliated with Originary Inc.