What Did My Agent Do?
Could your logs survive an incident review?
Incident reviews need evidence another party trusts. See what is independently verifiable and what to collect next.
Analyze incident evidence →- Identify which claims are observable but not verifiable.
- Get a checklist of missing evidence.
- Learn how signed records support audit and dispute workflows.
Example input
We are reviewing an incident where an agent took an unexpected action across a third-party API.
What the checker shows
Described events only. Independently verifiable: nothing. Missing: structured data, signature, signed timestamp, issuer identity, policy binding.
What is missing for cross-party proof
| Evidence | Status |
|---|---|
| A reconstructable timeline | often only in local logs |
| Who attested each step | missing without signed records |
| Tamper-evidence | missing without signatures |
Close the gap
import { issue } from '@peac/protocol';
// after handling the request, sign a record of what happened:
const { jws } = await issue({
iss: 'https://your-service.example.com',
kind: 'evidence',
type: 'org.peacprotocol/api-receipt',
privateKey, kid,
});
res.setHeader('PEAC-Receipt', jws);
Analyze incident evidence →
Show your records are verifiable
Issuing signed records already? Add a badge to your README:
[](https://whatdidmyagentdo.com)
PEAC records are designed to be preserved and verified across organizational and runtime boundaries.
Open the verifier · Full checker · How it works · PEAC standard