Agent Auditor | Originary

Open Source — Apache-2.0

AGENT AUDITOR

Open and verify signed interaction records

Inspect who acted, what happened, and whether the record is genuine. Local verification in browser or CLI.

Best for support, audit, disputes, technical review, and debugging trust boundaries.

Open a signed record now View on GitHub

An agent calls an API

Signed record of: who called, what endpoint, when

A payment is authorized

Signed record of: amount, rail, parties, timestamp

A user grants consent

Signed record of: scope, subject, conditions

Agent Auditor opens any of these and shows you what's inside.

No outbound verification or artifact fetches

Signature verified locally

Live — runs in your browser

Drop a signed record and see what is inside

No setup. Drop any signed record file and see it decoded and verified instantly. Inspection and verification happen locally in your browser or CLI. No outbound verification or artifact fetches.

Browser: verifies record signatures and structureCLI: full bundle integrity verification

agent-auditor.originary.xyz

Open

↑

Drop a signed record, JWS, JSON file, or bundle here

or click to browse (.jws, .json, .zip)

Valid recordTry a sample

Invalid recordTry a sample

BundleTry a sample

Open Inspector

Opens at agent-auditor.originary.xyz — no signup, no backend

What you get when you open a signed record

Four things, every time.

Who did it

The issuer, subject, and type of interaction — decoded from the signed record.

Is it genuine

Ed25519 signature verification against the public key. Pass or fail, locally.

What happened

Timestamps, extension fields (commerce, identity, access), and structured details.

Full bundles too

Drop a dispute bundle (.zip) and inspect every receipt inside it, individually.

Or use it from the terminal

Works in CI, scripts, and local dev. Same verification, no browser required.

npm install -g @originaryx/agent-auditor

# inspect a signed record file
agent-auditor inspect ./record.jws

# verify the signature
agent-auditor verify ./record.jws --key ./public-key.bin

# inspect a dispute bundle
agent-auditor inspect ./bundle.zip

# run the demo with a sample record
agent-auditor demo

@originaryx/agent-auditor on npm

Read-only by design

Agent Auditor never writes, signs, or transmits anything.

Does not issue or sign records. Use @peac/protocol for issuance.

Does not send data anywhere. Inspection and verification happen locally.

Does not store keys or state. No database, no config, no session.

Does not validate business logic. It checks signature and structure only.

Want to issue and verify at scale?

Agent Auditor inspects individual records. Originary Verify runs verification at production scale with managed keys, record exports, and enterprise deployment options.

Got a signed record? Open it.

No signup. No backend. Drop a file and see what it says.

Do not have a signed record yet? Use Proof Check to see what your team can observe, what another party can verify, and what is still missing.