Skip to main content
Flagship product

Originary Verify

Operationalize signed interaction records in production. Validate signatures, policy binding, and exports at scale. Hosted or self-hosted. Offline verification with no vendor dependency.

Built for enterprise AI platform teams, API publishers, MCP operators, and teams that need deployment-ready verification workflows for audits, disputes, procurement, and technical review.

Logs explain what your systems observed

They do not create portable proof another party can verify independently. Originary Verify does.

Enterprise AI platform teams

Verify every agent interaction across your platform. Export signed records for compliance reviews and incident investigations.

API operators and MCP hosts

Issue signed records on every response. Give consumers portable proof of what happened, verifiable without calling you back.

Security and procurement teams

Evaluate vendor agent interactions with third-party-verifiable records. No proprietary tooling required for verification.

Cross-boundary workflows

When agents act across organizational boundaries, both sides need proof. Originary Verify creates records that survive vendors, audits, disputes, and time.

Verification capabilities

What Originary Verify handles under the hood.

Signature verificationEd25519 (RFC 8032). Compact JWS (RFC 7515). Offline with issuer public key only.
Policy bindingJCS (RFC 8785) + SHA-256 digest. Three-state result: verified, failed, unavailable.
Key management5-state rotation lifecycle. 30-day overlap. Revocation tracking. KMS integration.
Evidence exportsSigned records, policy hashes, timestamps. Portable across vendors, audits, and disputes.
Offline verificationNo callback to Originary or any vendor. Verifiers need only the issuer public key via JWKS.
Network postureNo implicit fetch. No SSRF. URL fields are locator hints only, never auto-dereferenced.
Transport supportHTTP headers, MCP metadata, A2A envelopes, gRPC carriers. 8 KB header / 64 KB embed limits.
Wire formatinteraction-record+jwt (current stable). Legacy peac-receipt/0.1 decoded but not issued.

Three ways to deploy

Start with open source. Add support or managed verification when needed.

Self-hosted (OSS)

$0 forever

Run the full verification stack in your own infrastructure. All signing keys, policy, and records stay in your environment.

  • Your keys, your infrastructure
  • No data leaves your environment
  • 37 packages on npm
  • Apache-2.0 license, no CLA
  • Community support via GitHub
Get started on GitHub

Supported self-host

Custom

Self-hosted deployment with Originary integration support, architecture review, and SLA.

  • Guided integration and rollout
  • Self-managed or KMS-backed keys
  • Dedicated engineering access
  • Defined response windows
  • Compliance evidence guidance
Talk to us
Recommended

Managed verification

Custom

Originary operates the verification layer. You integrate via SDK or gateway. Evidence exports and key lifecycle included.

  • Originary operates the stack
  • KMS-backed attested signing keys
  • Pre-packaged evidence bundles
  • Monitoring and alerting
  • Full SLA and priority support
Talk to us

What leaves your environment?

Verification never depends on Originary being online.

DataSelf-hostedSupportedManaged
Signing keysStays localSelf-managed or KMSOriginary KMS
Policy filesStays localStays localOriginary hosts
Request payloadsNever collectedNever collectedNever collected
Signed recordsStays localStays localOriginary stores
VerificationLocal, offlineLocal, offlineLocal, offline
Calls to OriginaryNoneKey lifecycle onlyRecord storage only

How it fits together

PEAC Protocol defines the open standard for verifiable interaction records.

Originary Verify operationalizes it at production scale.

Agent Auditor inspects and verifies individual records.

Gateway 402 enforces policy and issues records at the edge.

Proof Check evaluates what your logs can and cannot prove.

Ready to evaluate?

Start with the open-source packages. Add support, managed keys, or hosted verification when you need it.