# What Did My Agent Do? > Local-only checker for logs and signed records. Paste logs, traces, JSON payloads, signed records, or plain-English incident descriptions and see what is observable, what another party can independently verify, and what evidence is missing. Everything runs client-side. No signup. No data leaves the browser. ## What this site does This site helps anyone working with AI agents understand the difference between internal observability and cross-boundary evidence. It provides: - An analyzer that classifies input and returns an evidence scorecard - A logs-vs-signed-record comparison for the same sample interaction - Hard questions for disputes, incidents, and audits that logs alone cannot settle - Methodology and source links that document scoring rules and limitations - A collapsible technical background on how signed records work ## Key concepts - **Cross-party evidence**: Evidence that travels across organizational boundaries and can be verified by any party, unlike logs and traces which stay local. - **Signed records**: Cryptographically signed records (Ed25519, compact JWS) returned by APIs, MCP servers, and tools after processing an agent request. - **Offline verification**: Records are verified locally with the issuer's public key. No dependency on any central authority. Works offline once public keys are available or bundled. - **Evidence scorecard**: A breakdown of what is observable, what is independently verifiable, what evidence is missing, and what to collect next. Uses client-side heuristics to classify input and estimate evidence strength. ## Analyzer details The analyzer is heuristic. It inspects structure and fields only. It does not verify cryptographic signatures or fetch issuer keys. ### Input types - Logs (timestamped lines, status codes, agent/tool references) - Trace / request (HTTP methods, trace IDs, headers, timing) - JSON payload (structured data with issuer, timestamp, policy fields) - Signed record (JWS compact serialization with base64url-encoded header/payload) - Plain English (natural language incident or event descriptions) ### Scorecard columns - **Observable**: What is visible inside your system - **Independently verifiable**: What another party could verify - **Missing**: What evidence properties are absent - **Next steps**: What to collect or do next ## The open format underneath This site uses PEAC Protocol, an open format (Apache-2.0) for verifiable interaction records. TypeScript implementation with conformance fixtures. PEAC does not replace auth, payment rails, observability platforms, or MCP/A2A runtimes. It adds signed records alongside those systems. ## Maintainer Maintained openly by Originary and community contributors. Verification does not depend on any commercial vendor. ## How signed records work 1. **Publish policy**: Services expose machine-readable terms and policy at the edge. 2. **Return a signed record**: When an agent request is processed, the service returns a signed record of what happened. 3. **Verify anywhere**: The receiver verifies the record locally using the issuer's public key. 4. **Keep or bundle evidence**: Use the record for incident review, disputes, compliance, or cross-party workflows. ## Who benefits from this - Incident response teams - Customer and vendor support teams handling disputes - Payment and authorization reviewers - Audit, legal, and compliance stakeholders ## FAQ ### How does verification work? The analyzer is heuristic and does not verify signatures or fetch issuer keys. Cryptographic verification should be done with a dedicated verifier and issuer public keys. ### Does this replace auth, observability, or payment systems? No. Signed records work alongside those systems. ### Is the evidence score precise? The analyzer uses client-side heuristics to classify input and estimate evidence strength. It checks for structural properties like signatures, timestamps, issuer fields, and policy references. The score reflects what evidence properties are detectable in the input, not a formal security audit. ### Is this tied to PEAC or Originary? This checker is a standalone public utility. It uses PEAC concepts in the background, but you can use the site without adopting PEAC or any commercial product. ### What happens to my pasted data? Nothing leaves your browser. The analyzer runs entirely client-side. No input is uploaded, stored, or sent to any server. ## Links - Homepage: https://whatdidmyagentdo.com - Methodology: https://whatdidmyagentdo.com/methodology - PEAC Protocol: https://www.peacprotocol.org - PEAC Documentation: https://www.peacprotocol.org/docs - PEAC Specification: https://www.peacprotocol.org/docs/specs/protocol-behavior - PEAC Verifier: https://www.peacprotocol.org/verify - Source: https://github.com/peacprotocol/peac - Originary: https://www.originary.xyz ## Technical details - Wire format: interaction-record+jwt (compact JWS) - Signature algorithm: Ed25519 - License: Apache-2.0 - Language: TypeScript - Verification: Offline once issuer's public key is available (JWKS) - Discovery: /.well-known/peac-issuer.json -> jwks_uri -> JWKS -> verify