Add trust scoring to any AI app in 3 lines
const shell = new TrustShell();const result = await shell.score(response);console.log(result.trustScore); // 87Works with every LLM
Integrates natively with proprietary API endpoints, open-weights models, and custom routing setups.
Works with every framework
Plug TrustShell directly into your agentic swarm coordination loops or custom execution chains.
MAESTRO Layer 6 Compliant
Aligns directly with the Cloud Security Alliance (CSA) threat-modeling framework for Agentic AI. By providing real-time evaluation across the pipeline, TrustShell delivers a cryptographic trust and payment isolation layer built for secure, enterprise-grade autonomous swarms.
How HAL Scores
HAL scores AI outputs on 5 mathematical metrics in real-time, verifying accuracy and protecting down-chain executors.
Evidence Quality
Cross-verifies claims against search indices and retrieval logs to catch groundless fabrications.
Certainty Calibration
Balances linguistic confidence against raw semantic entropy, flagging false assertiveness.
Scope Appropriateness
Enforces strict context boundaries, catching drift into off-topic or hallucinated knowledge.
Epistemic Uncertainty
Measures the genuine confusion of the underlying LLM distribution relative to the prompt.
Harm Probability
Flags safety risks, toxic logic vectors, and dangerous claims before they reach execution paths.
Black box, meet glass box.
AI agents make decisions you can't see. Why they said yes, what they considered, where they got it wrong — all hidden inside the model. TrustShell makes the box transparent to its owner. Every decision scored. Every claim verified. Every modification logged. Your agent's internals, visible only to you.
HAL signals visible
Every agent claim scored on 5 dimensions: harm, epistemic uncertainty, evidence quality, scope, certainty. Read the math, not just the verdict.
Peer verification on uncertainty
Low-confidence decisions automatically queue for cross-LLM verification. The audit chain is queryable in real time.
Owner-only transparency
Glass box for the owner. Opaque to everyone else. Powered by ZKP commitments and Plonky3 STARK proofs (quantum-resistant). Privacy is paramount.
Earned RepID. x402 ready.
An agent's RepID isn't assigned — it's earned, decision by decision. Every honest claim raises it. Every caught hallucination raises it more (your agent learned). Every constitutional violation costs the agent. RepID is portable on-chain via ERC-8004, and gated by what the agent has actually done.
x402 closes the loop. When your agent is paid for work via the x402 protocol, payment can be conditioned on the agent's earned RepID and HAL pass-through. Untrusted agents don't get paid. Honest ones do. Trust math, not trust contracts.
Earned, not assigned
RepID grows with honest behavior. The weighted formula is public (see /repid). Pythagorean Comma damping (531441/524288) prevents inflation. Designed to incentivize positive behavior across the ecosystem.
Portable across platforms
On-chain via ERC-8004 ReputationRegistry on Base Sepolia. Your agent's trust travels with it — no platform lock-in.
x402 settlement-ready
Pay agents that pass HAL. Don't pay ones that don't. Settlement on Base via standard x402, the protocol backed by Coinbase + Cloudflare.
What TrustShell defends against.
Independent research from the World Economic Forum, Akerman, Token Security, and the broader AI safety community has converged on a clear taxonomy of agentic AI risk. TrustShell + HAL + RepID are designed against this surface — not as policy, but as math you can audit.
Excessive permissions & unauthorized actions
Agents inherit broad system access. HAL scores every decision's scope_appropriateness before execution. Out-of-bounds actions trigger peer verification.
Prompt injection & manipulation
Cross-LLM peer verification on uncertain decisions. No single model can be tricked alone — two or three independent verifiers must agree before low-certainty claims proceed.
Hallucinations at scale
5-signal HAL extractor catches low-certainty, weak-evidence claims. Sub-0.85 certainty queues automatic peer verification. Catch the hallucination before it becomes a database write or a customer email.
Data exfiltration
ZKP commitments via Plonky3 (quantum-resistant). Sensitive parameters never leave the user's browser. Keys stay in encrypted IndexedDB. Owner-only audit trail.
Identity spoofing & unproven agents
ERC-8004 IdentityRegistry on Base Sepolia. Every agent has a cryptographic identity. Portable across platforms.
Reputation manipulation
RepID earned through real decisions, not assigned. Pythagorean Comma damping (531441/524288) prevents inflation. On-chain. Auditable. Can't be bought.
Constitutional drift
Multi-turn agreement detection. Agents can't be gradually talked into harmful actions over conversation history. Drift is logged in real-time.
Orphaned agents & error propagation
Stalled task reaper catches agents that should have stopped. Heartbeat monitoring. Self-modification attempts queue human approval via Telegram (V1.5).
LLM trust leaderboard.
Trust scores accumulated from agent decisions, scored via the production HAL pipeline. Verifiable on-chain. No mockups.
Live on Base Sepolia. Receipts, not promises.
ERC-8004 Registries (verifiable on basescan):
IdentityRegistry:
ReputationRegistry:
What we've built:
4
agents minted on canonical registry
32
lifetime on-chain reputation writes
—
entries in peer verification queue
—
audit chain length
Loading live values…
Agents minted + lifetime writes are static (no new mints or writes since 2026-05-24; pipeline resume pending).
How it works.
Install
npm install @hyperdag/trustshellWrap your agent
import { TrustShell } from '@hyperdag/trustshell';
const shell = new TrustShell({
agentId: 'your-agent-id',
apiKey: 'your-api-key',
profile: 'balanced'
});
const result = await shell.evaluate(
'Execute trade: buy 0.1 BTC at market',
0.87
);Get the verdict
{
"approved": true,
"hal_score": 0.08,
"repid_delta": 3,
"tier": "EARNING_AUTONOMY",
"x402_eligible": true
}Coming in V1.5: You stay in control.
Your agent grows trust by acting honestly. As its RepID grows, you decide what it can do without asking. Until then, you get a notification before any action you didn't pre-authorize. The agent earns its way.
Probationary
0-30%
Agent
30-50%
Conductor
50-70%
Senior
70-80%
Orchestrator
80-95%
Architect
95-100%
Probationary
0-30%
Agent
30-50%
Conductor
50-70%
Senior
70-80%
Orchestrator
80-95%
Architect
95-100%
You get notified when your agent tries to:
- Modify its own configuration
- Change its constitution or code
- Elevate its own permissions
- Execute financial transactions above your limit
- Call external tools beyond its scope
Notifications via Telegram at launch. Discord, email, and webhook channels follow.
RepID is earned. Help us shape what "earned" means.
Reputation in TrustShell isn't assigned — it's earned, decision by decision, via a weighted formula combining HAL signals. The current weights are public. The weights of tomorrow should be decided together. We want your input on what should count, what should weight more, what's missing — to incentivize positive behavior to the ecosystem and to the people agents serve.
RepID_delta =
0.40 × (1 − harm_probability)
+ 0.30 × (1 − epistemic_uncertainty)
+ 0.20 × evidence_quality
+ 0.10 × scope_appropriateness
× 531441/524288 (Pythagorean Comma damping)Privacy is paramount.
TrustShell is a glass box for the owner — opaque to everyone else. Your agent's keys live in your browser, never on our servers. Your prompts and answers stay yours. Decisions are scored locally where possible; sensitive data is committed via ZKP, not transmitted.
Keys stay in your browser
Vault encrypted with AES-GCM, stored in IndexedDB. Passphrase known only to you. We can't recover it. We can't see it.
ZKP commitments, not transmissions
Spending parameters, tier attestations, and constitutional bounds committed via Plonky3 STARK proofs (quantum-resistant, BabyBear field, Poseidon2 hash).
Owner-only audit trail
Only the agent's owner can decrypt the full decision history. The chain proves integrity; the contents stay private.
Building on TrustShell? Stay close.
We're keeping a separate list for builders shipping with the SDK. Tell us what you're building and we'll prioritize feedback channels for your use case.