When software acts on behalf of people, every decision should be provable.
When software acts on behalf of people, every important action needs a record another party can verify. Logs help inside your systems. Signed records help across teams, vendors, audits, disputes, and reviews.
PEAC Protocol
The open standard underneath: protocol specification, wire format, conformance suite, and reference implementation. Apache-2.0, no CLA.
Originary Products
Originary Verify, Agent Auditor, Gateway 402, MCP Server, and Trace: production surfaces that help teams verify requests, apply policy, and prove what agents did.
How it works
Evidence Layer, Not Another Platform
PEAC sits between application logic and the compliance surface. It does not replace payment rails, identity providers, or AI frameworks: it gives them a shared way to produce and verify interaction evidence.
Not a payment protocol
Settlement adapters (Stripe, x402, card networks) plug in; PEAC captures the evidence.
Not an identity system
PEAC verifies key control (Ed25519); the identity layer above decides what keys mean.
Not an AI framework
PEAC works with any agent stack. Receipts travel alongside tool calls, not inside them.
Typical Adoption Path
Start small, expand as trust requirements grow.
Declare
Publish a peac.txt and start issuing signed receipts with the SDK or CLI.
Enforce + Verify
Add middleware or gateway rules. Third parties verify receipts offline.
Operate
Export evidence bundles, run conformance checks, and feed receipts into audits and dispute workflows.
Built for
Who It's For
API Providers
Publish interaction terms and issue receipts to every caller, human or agent.
AI Agent Builders
Collect verifiable proof of what your agent did, under which terms, for audit or dispute resolution.
Compliance Teams
Map regulatory obligations to receipt-backed evidence without building custom logging.
Payment Platforms
Attach settlement evidence to existing rails through adapter-based integration.
What We Build
Most teams start with Agent Auditor or Gateway 402 and add lower-level building blocks as their verification needs grow.
Originary Verify
Operationalize signed records in production. Validate signatures, policy binding, and exports at scale. Hosted or self-hosted.
Agent Auditor
Open a signed record, inspect every field, and verify the signature locally. No outbound verification required.
Gateway 402
Edge enforcement with signed record issuance on every response for priced APIs, automated payments, and related machine-payment flows.
MCP Server
Verification tools for MCP tool endpoints. Signed records travel with the response and remain independently verifiable.
Teams typically start with Declare + the SDK/CLI, then add Gateway and Verify when they need enforcement and third-party verifiability. Trace and Studio follow when audits or scale require structured evidence workflows.
Built on an Open Foundation
Originary is the product company. PEAC is the open protocol underneath. We build the production surfaces that make signed records practical to deploy, verify, inspect, and export in real workflows.
PEAC Protocol (Open Format)
- Protocol spec, wire format, and conformance suite
- Apache-2.0 licensed, no CLA required
- Anyone can implement without permission
- Wire format frozen until v1.0
- Independent implementations encouraged
Originary Platform (Product Surface)
- Middleware, tools, and SDKs for production use
- Managed policy authoring and enforcement
- Evidence export, audit views, dashboards
- Gateway for edge enforcement and HTTP 402
- Support, SLAs, and compliance guidance
Trust and Governance
The protocol specification, conformance vectors, and reference implementation are all published under Apache-2.0 on GitHub. There is no contributor license agreement.
Normative changes follow a public decision record process. Every new field, header, or protocol behavior requires spec text, schema updates, and conformance vectors before shipping.
Originary is the primary implementer, not the sole authority. The conformance suite lets any team validate their implementation independently.
How We Work
Receipts-first
Durable evidence that can be verified independently and used across audits, disputes, and partner workflows.
Protocol-driven
Clear specifications, test vectors, and governance so anyone can implement without permission.
Developer-led
Start with a single file (peac.txt) and the SDK/CLI. Adopt hosted services only when you need them.
Scope
Ten Verification Domains
Every receipt can attest to one or more of these dimensions, ordered from identity establishment through compliance reporting.
Identity
Verifiable proof-of-control for agents and operators.
Purpose
Declared intent for each interaction.
Consent
What is allowed under stated terms.
Privacy
What is collected, retained, and disclosed.
Safety
Defense-in-depth security and safe-by-default design.
Access
Who can read or call what.
Commerce
Optional settlement terms and evidence.
Attribution
How creators and sources are credited.
Provenance
How outputs trace to inputs and decisions.
Compliance
How obligations map to verifiable controls.
Company
Originary is operated by Poem, Inc., a Delaware corporation. We build practical verification software around PEAC while keeping the protocol open, portable, and implementation-independent.
ORIGINARYTM is a brand of Poem, Inc.
Poem, Inc. maintains the Originary products and services that run on top of PEAC Protocol.
In the U.S., “Originary” is used by Poem, Inc. as a brand for its AI infrastructure software and tools for the agentic web. Poem, Inc. is not affiliated with Originary Inc.