Skip to content

vigilancetrent/truststack

Repository files navigation

Trust Stack for Agent Apps

Because agent failures are trust failures.

The infrastructure layer that makes AI agents reliable, auditable, and accountable.

Docs CI License: MIT Python Typed Pydantic v2

📖 Documentation: vigilancetrent.github.io/truststack


The thesis

Most agent failures are not intelligence failures — they are trust failures.

Agents hallucinate dates, claim deployments that never happened, duplicate tasks, create duplicate entities, and mishandle authentication tokens. Each of these is a recurring, operational failure that no amount of prompt engineering fully fixes.

The Trust Stack is a suite of small, independently installable Python libraries — each one targeting a single real-world trust failure observed repeatedly in production AI systems.

The libraries

Package Trust problem it solves Import
truststack-agent-clock Agents answer with the wrong date because time isn't injected into prompts. agent_clock
truststack-shipped-or-not Agents claim software is deployed when the deploy actually failed. shipped_or_not
truststack-task-dedupe The same task gets created from email, chat, and transcripts. task_dedupe
truststack-entity-canon Name variants (Jatin/Jhatin/Jatyn) create duplicate entities. entity_canon
truststack-meta-token-vault Every Meta/WhatsApp integration rebuilds token management from scratch. meta_token_vault

Shared foundation:

Package Provides
truststack-core The shared contract: TrustComponent (health_check()/metrics()/version()), structured logging (truststack.logging), the trust event bus (truststack.events), and OpenTelemetry helpers (truststack.observability).

Install

Each library is independent — install only what you need:

pip install truststack-agent-clock
pip install truststack-shipped-or-not
pip install truststack-task-dedupe
pip install truststack-entity-canon
pip install truststack-meta-token-vault

Every library depends on truststack-core, which is installed automatically.

Design contract

Every Trust Stack component implements the same interface so they can be supervised, scraped, and audited uniformly:

component.version()            # -> "1.2.0"
await component.health_check() # -> HealthStatus(state=HEALTHY, ...)
await component.metrics()      # -> ComponentMetrics(counters=..., gauges=...)

All libraries are Python 3.11+, fully typed (mypy strict), Pydantic v2, async-first, ship structured logs and OpenTelemetry spans, and target 95%+ test coverage.

Repository layout

truststack/
├── packages/
│   ├── truststack-core/      # shared contract + logging + events + observability
│   ├── agent-clock/          # truststack-agent-clock
│   ├── shipped-or-not/       # truststack-shipped-or-not
│   ├── task-dedupe/          # truststack-task-dedupe
│   ├── entity-canon/         # truststack-entity-canon
│   └── meta-token-vault/     # truststack-meta-token-vault
├── docs/{api,schemas}/       # API specs + database schemas
├── .github/workflows/        # CI matrix + PyPI publish
├── ARCHITECTURE.md
└── ROADMAP.md

Development

This is a uv workspace.

uv sync --all-packages                    # install all packages + dev tools
uv run pytest --cov --cov-report=term     # run the whole suite with coverage
uv run ruff check . && uv run mypy packages
uv run --group docs mkdocs serve          # preview the docs site locally

Documentation

Full docs — guides, per-library API reference, architecture, and database schemas — are published at vigilancetrent.github.io/truststack.

License

MIT — see LICENSE.

About

The Trust Stack for Agent Apps — independently installable Python libraries that make AI agents reliable, auditable, and accountable. Because agent failures are trust failures.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages