learn

Verifiable interaction records

What a signed interaction record contains, how offline verification works, and why server logs are not portable signed records.
2 min read

Key takeaways

  • Records are JWS-signed JSON proving what happened in an interaction.
  • Verifiable offline using public keys. No API callback.
  • Carried in the PEAC-Receipt HTTP header.

What is a signed interaction record?

A PEAC interaction record is a JWS-signed JSON payload that records what happened during an agent interaction: who issued it, what resource was accessed, when, under what terms, and with what payment (if any). The signature uses Ed25519.

Anyone with the issuer's public key can verify the record offline. No API callback, no trust in the verifier, no phone call. The record travels in the PEAC-Receipt HTTP header as a compact JWS string.

Why records matter

Billing proof

The signed record proves which resource was accessed and what was paid. Reviews resolve by checking the signature, not by arguing about server logs.

Audit trails

Timestamped, tamper-evident records of every agent action. When an auditor or partner asks what your agent did, you produce the signed records. They verify independently.

Attribution chains

Content usage gets recorded. Creators verify credit and compensation.

Anatomy of a signed record

A signed interaction record contains several key fields:

{
  "iss": "api.example.com",        // Issuer
  "sub": "agent-xyz-123",          // Agent ID
  "aud": "originary.xyz",          // Audience
  "iat": 1702834800,               // Issued at
  "exp": 1702921200,               // Expiration
  "rid": "rcpt_abc123",            // Record ID
  "resource": "/v1/translate",     // Resource accessed
  "action": "POST",                // HTTP method
  "payment": {
    "amount": "0.001",
    "currency": "USD",
    "evidence": "pi_xxx"
  },
  "aipref_hash": "sha256:abc..."   // Policy snapshot
}

The entire payload is signed using JWS (JSON Web Signature), typically with Ed25519. The signature can be verified using the issuer's public key referenced in /.well-known/peac.txt (which points to a JWKS endpoint).

Use cases

  • API providers. Issue records to prove service delivery; resolve billing reviews instantly.
  • Content platforms. Track AI consumption of licensed content with verifiable attribution.
  • Enterprise AI. Maintain audit trails for regulatory compliance workflows.
  • Agent frameworks. Collect records to track costs and prove work completion.

Implementation

Start working with signed records using Originary's tools:

related