Open-source agent safety tooling

The flight recorder and preflight checklist for AI agents.

AgentTrust OS scans an agent manifest, maps tools and permissions, checks human approval rules, and generates a trust report before an AI agent touches real business systems.

$ PYTHONPATH=src python3 -m agenttrust scan agenttrust.example.yaml
AgentTrust OS trust report preview showing risk score, passing checks, tool permissions, and scan command.
7/7 manifest checks in the starter report
0 runtime dependencies for the first CLI
MIT open-source license

How it works

Make agent risk visible before launch.

01

Declare the agent

Use `agenttrust.yaml` to list tools, sensitive fields, data sources, approval rules, and blocked patterns.

02

Scan the permissions

The CLI checks risky write tools, critical approvals, sensitive data declarations, and denied-action logging.

03

Share the report

Generate a Markdown trust report that builders, clients, and reviewers can inspect without a cloud account.

Why it matters

AI agents are starting to act, not just answer.

When an agent can send emails, update CRM records, read customer notes, or trigger automations, the hard question becomes: should this agent be allowed to act?

AgentTrust OS starts with a simple local workflow so teams can review capabilities, approvals, and sensitive data exposure before a workflow reaches production.

Tool inventory
Read/write permission map
Critical action approval checks
Sensitive data declarations
Trust report export

Use cases

Built for agent builders who need trust artifacts.

AI agencies

Show clients what an automation can access, what requires approval, and where risk remains.

Startup teams

Compare agent versions and keep a plain-English review artifact for internal launches.

Security-minded developers

Start reviewing prompt-injection, data access, and tool misuse risks before integrations expand.

Roadmap

From manifest scanner to agent replay.

  1. v0.1Manifest scanner and Markdown trust report.
  2. v0.2Scenario runner for prompt injection, data leak, and approval bypass tests.
  3. v0.3Local dashboard and tool-call replay timeline.
  4. v0.4n8n, Dify, LangChain, and OpenAI Agents SDK adapters.

Try it locally

Scan your first agent manifest in under a minute.

Star and clone the repo