Technical Reference · June 2026

TrustLoop Technical Reference

TrustLoop is a governance proxy and API for AI agent tool calls. It sits between your agent and external actions, evaluating each call against your rules before allowing it to proceed. Every decision is logged to Supabase and anchored to the Polygon blockchain hourly.

API Base URL
https://api.trustloop.live
Auth Header
x-api-key: tl_your_key

Quick Start

The fastest path is the drop-in proxy — change one environment variable and every OpenAI or Anthropic call is governed automatically.

Option A — OpenAI proxy (no code change)

python
from openai import OpenAI

client = OpenAI(
    api_key="sk-your-openai-key",
    base_url="https://api.trustloop.live/v1",        # ← only change needed
    default_headers={"x-api-key": "tl_your_key"}     # ← add TrustLoop auth
)
# Everything else is identical to normal OpenAI usage

Option B — Python SDK (explicit intercept)

bash
pip install trustloop-sdk
python
from trustloop import TrustLoop

tl = TrustLoop(api_key="tl_your_key", agent_name="my-agent")

# Option 1: explicit intercept
result = tl.intercept("send_email", {"to": "user@example.com"})
if result["allowed"]:
    send_email(...)

# Option 2: decorator — wraps a function, blocks it if not allowed
@tl.guard()
def delete_records(table: str, where: dict):
    ...

Authentication

All authenticated endpoints require your TrustLoop API key. Pass it as a header:

http
x-api-key: tl_your_key_here

Keys are created when you sign up at trustloop.live/signup. Each key belongs to a tenant and carries all associated limits and rules. Retrieve a lost key via POST /api/resend-key with your email.

OpenAI Drop-in Proxy

Endpoint: POST /v1/chat/completions Requires x-api-key

A transparent proxy to the OpenAI Chat Completions API. Set this as your client's base_url. Your OpenAI key goes in the standard Authorization: Bearer header. TrustLoop key goes in x-api-key.

Zero code change. If your agent already uses the OpenAI SDK, you only need to change 2 lines: add base_url and default_headers to your client constructor.

Headers

HeaderRequiredDescription
AuthorizationRequiredYour OpenAI key: Bearer sk-xxx
x-api-keyRequiredYour TrustLoop key: tl_xxx
x-agent-nameOptionalAgent identifier for per-agent tracking in the dashboard

Python

python
from openai import OpenAI

client = OpenAI(
    api_key="sk-your-openai-key",
    base_url="https://api.trustloop.live/v1",
    default_headers={
        "x-api-key": "tl_your_key",
        "x-agent-name": "finance-agent"  # optional
    }
)

Node.js

javascript
const { OpenAI } = require('openai')

const client = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  baseURL: 'https://api.trustloop.live/v1',
  defaultHeaders: {
    'x-api-key': process.env.TRUSTLOOP_API_KEY,
    'x-agent-name': 'my-agent'
  }
})
Streaming: Streaming calls are passed through transparently — governance (kill-switch, rules) is enforced on non-streaming calls only. Streaming calls are logged post-stream. If you need enforcement, disable streaming or use the REST intercept endpoint.

Anthropic Drop-in Proxy

Endpoint: POST /proxy/anthropic/v1/messages Requires x-api-key

Transparent proxy to the Anthropic Messages API. Intercepts tool_use content blocks before returning the response to your agent. Same governance pipeline as the OpenAI proxy.

Headers

HeaderRequiredDescription
x-anthropic-api-keyRequiredYour Anthropic API key
x-api-keyRequiredYour TrustLoop key
anthropic-versionOptionalForwarded to Anthropic. Default: 2023-06-01
x-agent-nameOptionalAgent identifier for dashboard tracking

Python

python
import anthropic

client = anthropic.Anthropic(
    api_key="sk-ant-your-key",
    base_url="https://api.trustloop.live/proxy/anthropic",
    default_headers={
        "x-api-key": "tl_your_key",
        "x-agent-name": "my-claude-agent"
    }
)

Python SDK

bash
pip install trustloop-sdk                      # sync (requests)
pip install "trustloop-sdk[async]"             # + async (httpx)
pip install "trustloop-sdk[langchain]"         # + LangChain helpers
pip install "trustloop-sdk[crewai]"            # + CrewAI helpers
pip install "trustloop-sdk[all]"               # everything

Core client

python
from trustloop import TrustLoop, TrustLoopBlockedError

tl = TrustLoop(api_key="tl_xxx", agent_name="my-agent")

# Explicit intercept
result = tl.intercept("send_email", {"to": "...", "subject": "..."})
if result["allowed"]:
    send_email(...)

# Guard decorator — raises TrustLoopBlockedError if blocked
@tl.guard("delete_records")
def delete_records(table: str, where: dict):
    ...

# LangChain integration
from trustloop.integrations.langchain import wrap_tools
governed_tools = wrap_tools(tl, tools)

# CrewAI integration
from trustloop.integrations.crewai import governed_tool

@governed_tool(tl)
class SendEmailTool(BaseTool):
    ...

Node.js SDK

bash
npm install trustloop
javascript
const { TrustLoop } = require('trustloop')

const tl = new TrustLoop({ apiKey: process.env.TRUSTLOOP_API_KEY, agentName: 'my-agent' })

const result = await tl.intercept('send_email', { to: 'user@example.com' })
if (result.allowed) {
  await sendEmail(...)
}

MCP — Claude Desktop

Connect Claude Desktop by adding TrustLoop as an MCP server in your config. Every tool call Claude makes passes through TrustLoop's governance pipeline.

json — claude_desktop_config.json
{
  "mcpServers": {
    "trustloop": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://api.trustloop.live/sse?api_key=tl_xxx"]
    }
  }
}

REST Intercept

Use the REST endpoint when you want explicit control — call it before any sensitive action in your own code, no SDK needed.

POST /api/intercept POST Auth

Evaluates a tool call against your governance rules. Call this before executing any sensitive action.

Request body

FieldTypeRequiredDescription
tool_namestringRequiredThe action or tool being called. Use descriptive names: send_email, delete_record, transfer_funds.
argumentsobjectOptionalParameters passed to the tool. Included in AI rule evaluation and audit log (PII masked before storage).
agent_namestringOptionalIdentifier for the calling agent. Enables per-agent tracking, breakdowns, and scoped kill-switches.

Response

json — ALLOWED
{ "allowed": true, "decision": "ALLOWED" }
json — BLOCKED
{ "allowed": false, "decision": "BLOCKED", "message": "Blocked by governance rule: ..." }
json — PENDING APPROVAL
{ "allowed": false, "decision": "ESCALATED", "status": "pending_approval", "approval_id": "uuid" }

GET /api/logs GET Auth

Returns the last 100 tool call records for your account, newest first.

Query params

ParamDescription
agentFilter by agent name. Use all or omit for all agents.
limitMax results. Default 100.

GET /api/stats GET Auth

Returns aggregate counts for the current month plus per-agent breakdown.

json
{
  "total": 1842,
  "allowed": 1790,
  "blocked": 48,
  "pending": 4,
  "usage": { "plan": "growth", "used": 1842, "limit": 1000000 },
  "agents": {
    "used": 3, "limit": 10,
    "breakdown": [
      { "name": "finance-agent", "total": 920, "allowed": 898, "blocked": 22 }
    ]
  }
}

Approval Rules Auth

GET /api/approval-rules
List all governance rules for your account.
POST /api/approval-rules
Create a new governance rule in plain English.
FieldRequiredDescription
rule_textRequiredPlain-English rule: "Block any action that deletes customer data"
actionRequiredblock or approve (requires human approval)
approver_emailOptionalOverride notification email for this rule. Falls back to account default.
DELETE /api/approval-rules/:id
Delete a rule by ID. Invalidates rule and AI decision caches immediately.

Kill-Switch Auth

GET /api/blocked-tools
List all currently blocked tools. Returns agent_name: null for global blocks.
POST /api/blocked-tools
Immediately block a tool. Takes effect on the next intercept call.
FieldRequiredDescription
tool_nameRequiredTool to block
reasonOptionalReason stored in audit log
agent_nameOptionalScope block to a specific agent. Omit or null for all agents.
DELETE /api/blocked-tools/id/:id
Unblock by row ID. Use this (not tool name) to avoid accidentally removing the wrong scoped rule.

Pending Approvals Auth

GET /api/pending-approvals
List all tool calls currently awaiting human decision.
POST /api/pending-approvals/:id/decide
Approve or deny a pending tool call.
FieldRequiredDescription
actionRequired"approved" or "denied"

Governance Pipeline

Every call to /api/intercept or through the proxy runs this pipeline in order. The first rule that matches stops evaluation and returns a decision.

1
Authentication
API key validated against api_keys table. tenant_id resolved.
401 if invalid
2
Usage limit check
Monthly tool call count checked against plan limit. Free = 5K, Starter = 100K, Growth = 1M, Business = 5M.
429 if exceeded
3
Agent limit check
If agent_name is new this month, checks whether the tenant has capacity for another agent under their plan.
429 if exceeded
4
Kill-switch check
Checks blocked_tools table for global rules (agent_name IS NULL) and agent-scoped rules matching the calling agent. Instant — no AI involved.
BLOCKED
5
AI rule evaluation
Plain-English rules fetched (cached 60s). AI (claude-haiku) evaluates whether the call matches any rule. Decision cached 5min per tenant+tool+argsHash. ~90% cache hit rate in practice.
BLOCKED
6
Pending approval (if rule action = approve)
Creates a record in pending_approvals. Sends notification to Slack, Teams, Discord, and/or email. Call returns PENDING — agent must retry after human decides.
PENDING
7
Log + ALLOWED
Tool call logged to Supabase tool_calls table with PII masking applied. Decision returned to caller.
ALLOWED

AI Rule Caching

To avoid hitting the Anthropic API on every tool call, TrustLoop uses two in-memory caches:

Important: After you add or delete a rule, the next tool call for that tenant will always re-run the AI evaluation — the caches are invalidated synchronously on rule changes.

PII & Compliance

Before any tool call is written to the audit log, TrustLoop's compliance middleware automatically:

Additional compliance endpoints:

Blockchain Anchoring

Every hour, TrustLoop hashes all tool call logs from the previous hour and records the hash on the Polygon Mainnet via a smart contract at 0xd2544fc3164ac0eBfb6B7A2c193800F9651Fc46F.

This creates an independently verifiable tamper-evident record. If any logs are deleted or modified in Supabase, recomputing the hash from the remaining records will not match what's on-chain.

Anchor records are stored in the blockchain_anchors table: { log_hash, tx_hash, log_count, created_at }. Anyone can verify a hash by querying Polygon directly (polygonscan.com).

Current implementation: Batch-level hashing — proves a batch of records was unchanged, but doesn't prove completeness (a deleted record before the hash is taken won't be detected). Per-record Merkle proofs are on the roadmap.

Plan Limits

PlanPriceCalls/moAgentsRetention
Free£05,00017 days
Starter£29/mo100,000330 days
Growth£149/mo1,000,0001090 days
Business£499/mo5,000,000Unlimited1 year
EnterpriseCustomCustomUnlimitedCustom

Limits are enforced at the intercept point. When a limit is exceeded, the API returns HTTP 429 with a clear error message. Usage resets on the 1st of each calendar month.

Ready to connect?
Follow the interactive setup guide for your exact stack.
Open Setup Guide →