Agent Auditor | Inspect and Verify Signed Interaction Records

Open Source — Apache-2.0

What did that agent just do?
Open a record. See for yourself.

Agent Auditor opens any signed interaction record and shows you who acted, what happened, and whether the proof is genuine. Drop a receipt file, and see it decoded and verified instantly. For raw JWS token inspection, see the Inspector.

Open a receipt now View on GitHub

An agent calls an API

Signed record of: who called, what endpoint, when

A payment is authorized

Signed record of: amount, rail, parties, timestamp

A user grants consent

Signed record of: scope, subject, conditions

Agent Auditor opens any of these and shows you what's inside.

No outbound verification or artifact fetches

Signature verified locally

Live — runs in your browser

Drop a receipt and see what's inside

No setup. Drop any receipt file and see it decoded and verified instantly. Inspection and verification happen locally in your browser or CLI. No outbound verification or artifact fetches.

Browser: verifies receipt signatures and structureCLI: full bundle integrity verification

agent-auditor.originary.xyz

Open

↑

Drop a receipt or bundle here

or click to browse (.jws, .json, .zip)

Valid ReceiptTry a sample

Invalid ReceiptTry a sample

BundleTry a sample

Open Inspector

Opens at agent-auditor.originary.xyz — no signup, no backend

What you get when you open a receipt

Four things, every time.

Who did it

The issuer, subject, and type of interaction — decoded from the signed record.

Is it genuine

Ed25519 signature verification against the public key. Pass or fail, locally.

What happened

Timestamps, extension fields (commerce, identity, access), and structured details.

Full bundles too

Drop a dispute bundle (.zip) and inspect every receipt inside it, individually.

Or use it from the terminal

Works in CI, scripts, and local dev. Same verification, no browser required.

npm install -g @originaryx/agent-auditor

# inspect a receipt file
agent-auditor inspect ./receipt.jws

# verify the signature
agent-auditor verify ./receipt.jws --key ./public-key.bin

# inspect a dispute bundle
agent-auditor inspect ./bundle.zip

# run the demo with a sample receipt
agent-auditor demo

@originaryx/agent-auditor on npm

Read-only by design

Agent Auditor never writes, signs, or transmits anything.

Does not issue or sign receipts. Use @peac/protocol for that.

Does not send data anywhere. Inspection and verification happen locally.

Does not store keys or state. No database, no config, no session.

Does not validate business logic. It checks signature and structure only.

Want to issue receipts, not just read them?

Agent Auditor reads receipts issued by the PEAC Protocol open standard. If you want to add receipt issuance to your own agent or API, PEAC Protocol is where to start.

Got a signed record? Open it.

No signup. No backend. Drop a file and see what it says.

What did that agent just do?Open a record. See for yourself.