TrustLoop Technical Reference
TrustLoop is a governance proxy and API for AI agent tool calls. It sits between your agent and external actions, evaluating each call against your rules before allowing it to proceed. Every decision is logged to Supabase and anchored to the Polygon blockchain hourly.
https://api.trustloop.live
x-api-key: tl_your_key
Quick Start
The fastest path is the drop-in proxy — change one environment variable and every OpenAI or Anthropic call is governed automatically.
Option A — OpenAI proxy (no code change)
from openai import OpenAI client = OpenAI( api_key="sk-your-openai-key", base_url="https://api.trustloop.live/v1", # ← only change needed default_headers={"x-api-key": "tl_your_key"} # ← add TrustLoop auth ) # Everything else is identical to normal OpenAI usage
Option B — Python SDK (explicit intercept)
pip install trustloop-sdk
from trustloop import TrustLoop tl = TrustLoop(api_key="tl_your_key", agent_name="my-agent") # Option 1: explicit intercept result = tl.intercept("send_email", {"to": "user@example.com"}) if result["allowed"]: send_email(...) # Option 2: decorator — wraps a function, blocks it if not allowed @tl.guard() def delete_records(table: str, where: dict): ...
Authentication
All authenticated endpoints require your TrustLoop API key. Pass it as a header:
x-api-key: tl_your_key_here
Keys are created when you sign up at trustloop.live/signup. Each key belongs to a tenant and carries all associated limits and rules. Retrieve a lost key via POST /api/resend-key with your email.
OpenAI Drop-in Proxy
Endpoint: POST /v1/chat/completions Requires x-api-key
A transparent proxy to the OpenAI Chat Completions API. Set this as your client's base_url. Your OpenAI key goes in the standard Authorization: Bearer header. TrustLoop key goes in x-api-key.
base_url and default_headers to your client constructor.Headers
| Header | Required | Description |
|---|---|---|
| Authorization | Required | Your OpenAI key: Bearer sk-xxx |
| x-api-key | Required | Your TrustLoop key: tl_xxx |
| x-agent-name | Optional | Agent identifier for per-agent tracking in the dashboard |
Python
from openai import OpenAI client = OpenAI( api_key="sk-your-openai-key", base_url="https://api.trustloop.live/v1", default_headers={ "x-api-key": "tl_your_key", "x-agent-name": "finance-agent" # optional } )
Node.js
const { OpenAI } = require('openai') const client = new OpenAI({ apiKey: process.env.OPENAI_API_KEY, baseURL: 'https://api.trustloop.live/v1', defaultHeaders: { 'x-api-key': process.env.TRUSTLOOP_API_KEY, 'x-agent-name': 'my-agent' } })
Anthropic Drop-in Proxy
Endpoint: POST /proxy/anthropic/v1/messages Requires x-api-key
Transparent proxy to the Anthropic Messages API. Intercepts tool_use content blocks before returning the response to your agent. Same governance pipeline as the OpenAI proxy.
Headers
| Header | Required | Description |
|---|---|---|
| x-anthropic-api-key | Required | Your Anthropic API key |
| x-api-key | Required | Your TrustLoop key |
| anthropic-version | Optional | Forwarded to Anthropic. Default: 2023-06-01 |
| x-agent-name | Optional | Agent identifier for dashboard tracking |
Python
import anthropic client = anthropic.Anthropic( api_key="sk-ant-your-key", base_url="https://api.trustloop.live/proxy/anthropic", default_headers={ "x-api-key": "tl_your_key", "x-agent-name": "my-claude-agent" } )
Python SDK
pip install trustloop-sdk # sync (requests) pip install "trustloop-sdk[async]" # + async (httpx) pip install "trustloop-sdk[langchain]" # + LangChain helpers pip install "trustloop-sdk[crewai]" # + CrewAI helpers pip install "trustloop-sdk[all]" # everything
Core client
from trustloop import TrustLoop, TrustLoopBlockedError tl = TrustLoop(api_key="tl_xxx", agent_name="my-agent") # Explicit intercept result = tl.intercept("send_email", {"to": "...", "subject": "..."}) if result["allowed"]: send_email(...) # Guard decorator — raises TrustLoopBlockedError if blocked @tl.guard("delete_records") def delete_records(table: str, where: dict): ... # LangChain integration from trustloop.integrations.langchain import wrap_tools governed_tools = wrap_tools(tl, tools) # CrewAI integration from trustloop.integrations.crewai import governed_tool @governed_tool(tl) class SendEmailTool(BaseTool): ...
Node.js SDK
npm install trustloop
const { TrustLoop } = require('trustloop') const tl = new TrustLoop({ apiKey: process.env.TRUSTLOOP_API_KEY, agentName: 'my-agent' }) const result = await tl.intercept('send_email', { to: 'user@example.com' }) if (result.allowed) { await sendEmail(...) }
MCP — Claude Desktop
Connect Claude Desktop by adding TrustLoop as an MCP server in your config. Every tool call Claude makes passes through TrustLoop's governance pipeline.
{
"mcpServers": {
"trustloop": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://api.trustloop.live/sse?api_key=tl_xxx"]
}
}
}
REST Intercept
Use the REST endpoint when you want explicit control — call it before any sensitive action in your own code, no SDK needed.
POST /api/intercept POST Auth
Evaluates a tool call against your governance rules. Call this before executing any sensitive action.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| tool_name | string | Required | The action or tool being called. Use descriptive names: send_email, delete_record, transfer_funds. |
| arguments | object | Optional | Parameters passed to the tool. Included in AI rule evaluation and audit log (PII masked before storage). |
| agent_name | string | Optional | Identifier for the calling agent. Enables per-agent tracking, breakdowns, and scoped kill-switches. |
Response
{ "allowed": true, "decision": "ALLOWED" }
{ "allowed": false, "decision": "BLOCKED", "message": "Blocked by governance rule: ..." }
{ "allowed": false, "decision": "ESCALATED", "status": "pending_approval", "approval_id": "uuid" }
GET /api/logs GET Auth
Returns the last 100 tool call records for your account, newest first.
Query params
| Param | Description |
|---|---|
| agent | Filter by agent name. Use all or omit for all agents. |
| limit | Max results. Default 100. |
GET /api/stats GET Auth
Returns aggregate counts for the current month plus per-agent breakdown.
{
"total": 1842,
"allowed": 1790,
"blocked": 48,
"pending": 4,
"usage": { "plan": "growth", "used": 1842, "limit": 1000000 },
"agents": {
"used": 3, "limit": 10,
"breakdown": [
{ "name": "finance-agent", "total": 920, "allowed": 898, "blocked": 22 }
]
}
}
Approval Rules Auth
| Field | Required | Description |
|---|---|---|
| rule_text | Required | Plain-English rule: "Block any action that deletes customer data" |
| action | Required | block or approve (requires human approval) |
| approver_email | Optional | Override notification email for this rule. Falls back to account default. |
Kill-Switch Auth
agent_name: null for global blocks.| Field | Required | Description |
|---|---|---|
| tool_name | Required | Tool to block |
| reason | Optional | Reason stored in audit log |
| agent_name | Optional | Scope block to a specific agent. Omit or null for all agents. |
Pending Approvals Auth
| Field | Required | Description |
|---|---|---|
| action | Required | "approved" or "denied" |
Governance Pipeline
Every call to /api/intercept or through the proxy runs this pipeline in order. The first rule that matches stops evaluation and returns a decision.
api_keys table. tenant_id resolved.agent_name is new this month, checks whether the tenant has capacity for another agent under their plan.blocked_tools table for global rules (agent_name IS NULL) and agent-scoped rules matching the calling agent. Instant — no AI involved.pending_approvals. Sends notification to Slack, Teams, Discord, and/or email. Call returns PENDING — agent must retry after human decides.tool_calls table with PII masking applied. Decision returned to caller.AI Rule Caching
To avoid hitting the Anthropic API on every tool call, TrustLoop uses two in-memory caches:
- Rules cache — fetched rules per tenant, TTL 60 seconds. Invalidated immediately on rule create/delete.
- Decision cache — AI decision keyed by
tenantId:toolName:argsHash, TTL 5 minutes. Invalidated when rules change. In practice this achieves ~90%+ cache hit rate for agents with consistent calling patterns.
PII & Compliance
Before any tool call is written to the audit log, TrustLoop's compliance middleware automatically:
- Masks PII — emails, phone numbers, card numbers, names, national IDs replaced with
[PII MASKED] - Redacts secrets — API keys, passwords, tokens, bearer credentials replaced with
[REDACTED] - Scores risk — each tool call assigned LOW / MEDIUM / HIGH risk based on tool name and argument patterns
Additional compliance endpoints:
GET /api/compliance/stats— PII masked count, secrets redacted count, risk breakdownGET /api/compliance/dsar— Full GDPR Art. 15 / CCPA data subject access request export (JSON)DELETE /api/logs/purge?days=N— Delete logs older than N days (data retention)
Blockchain Anchoring
Every hour, TrustLoop hashes all tool call logs from the previous hour and records the hash on the Polygon Mainnet via a smart contract at 0xd2544fc3164ac0eBfb6B7A2c193800F9651Fc46F.
This creates an independently verifiable tamper-evident record. If any logs are deleted or modified in Supabase, recomputing the hash from the remaining records will not match what's on-chain.
Anchor records are stored in the blockchain_anchors table: { log_hash, tx_hash, log_count, created_at }. Anyone can verify a hash by querying Polygon directly (polygonscan.com).
Plan Limits
| Plan | Price | Calls/mo | Agents | Retention |
|---|---|---|---|---|
| Free | £0 | 5,000 | 1 | 7 days |
| Starter | £29/mo | 100,000 | 3 | 30 days |
| Growth | £149/mo | 1,000,000 | 10 | 90 days |
| Business | £499/mo | 5,000,000 | Unlimited | 1 year |
| Enterprise | Custom | Custom | Unlimited | Custom |
Limits are enforced at the intercept point. When a limit is exceeded, the API returns HTTP 429 with a clear error message. Usage resets on the 1st of each calendar month.