What Did My Agent Do?
Prove where an API response came from
An API trace is internal. A signed api-receipt is portable evidence another party can verify with the issuer key.
Analyze an API response →- Turn an internal trace into portable, signed evidence.
- Verify a signed api-receipt locally with the issuer key.
- See the gap between what you log and what others can verify.
Example input
POST /v2/tools/check_inventory HTTP/1.1
Host: api.vendor.com
X-Request-Id: req-8a3f2b
HTTP/1.1 200 OK
Content-Type: application/json
{"available": true, "quantity": 847}
What the checker shows
Observable: request/response, status, request id. Independently verifiable: nothing. Missing: signature, issuer, signed timestamp.
What is missing for cross-party proof
| Evidence | Status |
|---|---|
| Response body / status | observable, not verifiable |
| Issuer identity | missing |
| Signature binding the response | missing (return PEAC-Receipt) |
Close the gap
import { issue } from '@peac/protocol';
// after handling the request, sign a record of what happened:
const { jws } = await issue({
iss: 'https://your-service.example.com',
kind: 'evidence',
type: 'org.peacprotocol/api-receipt',
privateKey, kid,
});
res.setHeader('PEAC-Receipt', jws);
Analyze an API response →
Show your records are verifiable
Issuing signed records already? Add a badge to your README:
[](https://whatdidmyagentdo.com)
PEAC issues signed records via a PEAC-Receipt response header (compact JWS).
Open the verifier · Full checker · How it works · PEAC standard