Transparent Revocable Unified Security & Trust
Store credentials agents can use but never see.
curl -fsSL https://agitrust.network/install.sh | bash
AI agent platforms face security challenges that no single tool solves today.
Most platforms inject API keys as environment variables. A compromised agent can exfiltrate them in a single request.
Anyone can publish a skill package. There is no supply-chain signing or verification -- the agent equivalent of unsigned binaries.
An agent is either fully authorized or not. No way to say "one credential for one hour" and expand access as reliability is proven.
Once an agent has access, nobody watches for anomalies -- unusual request rates, error spikes, or pattern deviations.
Revoking access means rotating keys, restarting services, and hoping you caught everything. No single button stops it all.
Log files can be edited after the fact. There is no cryptographic proof of what happened and when.
A Python package and Docker container that exposes a REST API. Designed to be adopted by any agent platform -- not to replace one.
AES-256-GCM encrypted storage. Agents execute API calls through a proxy that injects credentials at runtime. The agent never sees the raw value.
Ed25519 digital signatures for agent skill packages. Publishers sign locally; any platform can verify against registered public keys.
Five graduated levels from NOVICE to SACRED. Access evolves through demonstrated behavior over time, not administrative switches.
Metrics collection, anomaly detection, and behavior-gated token renewal. Trust is continuously verified, not assumed.
Kill switches at three scopes: global, per-agent, per-credential. File-based brakes survive restarts. One command stops everything.
HMAC-signed hash-chained append-only log. Tampering with any entry breaks the chain. Cryptographic proof of what happened and when.
Trust evolves through behavior, not administrative fiat. Each tier is a relationship, not a clearance level.
New and untested. First contact.
Proven reliable. Expanded access.
Deep collaboration. Commitment demonstrated.
Trusted deeply. System steward.
Highest trust. The circle still does not close.
Agents use credentials without ever seeing them.
Agent sends request with {{CREDENTIAL}} placeholder
TRUST Protocol injects the real key from the encrypted vault
Calls the external API on behalf of the agent
Returns only the response. The agent never sees the secret.
# Install
curl -fsSL https://agitrust.network/install.sh | bash
# Start the server
trust-protocol serve
# Check health
curl http://localhost:9500/v1/health“Trust is built, not enforced.”
The tier names — NOVICE, COMPANION, PARTNER, GUARDIAN, SACRED — describe relationships, not clearance levels. Systems that treat access as relational encourage genuine accountability. The protocol does not replace human judgment. It gives humans better tools: cryptographic proof of what happened, behavioral signals for how agents are performing, and instant controls when something goes wrong.