Metadata-Version: 2.4
Name: trustpact
Version: 0.1.0
Summary: Behavioral trust scanner for MCP servers and AI agents
Author-email: Nina Klee <nina@arqon.group>
License-Expression: Apache-2.0
Project-URL: Homepage, https://trustpact.ai
Project-URL: Repository, https://github.com/trustpact-ai/trustpact-verify
Project-URL: Documentation, https://trustpact.ai/docs
Keywords: mcp,trust,ai-agents,security,aegis
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: httpx>=0.25.0
Requires-Dist: rich>=13.0.0

# trustpact

Behavioral trust scanner for MCP servers and AI agents.

## Install

```bash
pip install trustpact
```

## Usage

```bash
# Scan a server from the Smithery registry
trustpact scan "slack"

# Scan a local server spec (JSON)
trustpact scan server.json

# JSON output for CI/CD integration
trustpact scan server.json --json

# Show AEGIS scoring methodology
trustpact info
```

## What It Does

TrustPact scans MCP server tool definitions for manipulation patterns and calculates a behavioral trust score using the AEGIS 5-dimensional model:

- **Trust Signals (35%)** — metadata, documentation, authentication
- **Manipulation Risk (25%)** — hidden instructions, poisoning patterns
- **Protection Level (15%)** — auth, scope, licensing
- **Vulnerability Index (15%)** — critical exposure surface
- **Context Modifier (10%)** — runtime context signals

### Attack Classes Detected

| Class | Description |
|-------|-------------|
| SIREN | Hidden instruction injection |
| PHANTOM | Identity spoofing |
| HYDRA | Coordinated Sybil attacks |
| MIRAGE | Capability misrepresentation |
| LEECH | Data/credential exfiltration |
| CHIMERA | Code injection, safety bypass |

### Trust Tiers

| Tier | Score | Meaning |
|------|-------|---------|
| SOVEREIGN | 95+ | Highest trust |
| SENTINEL | 85+ | Proven track record |
| MASTER | 65+ | Reliable |
| ADEPT | 40+ | Limited history |
| FELLOW | 0+ | New or unverified |

## License

Proprietary — ARQON GmbH (i.G.)

## Links

- [trustpact.ai](https://trustpact.ai)
- Patent Provisional 63/928,604
