Skip to content

Trustabl

Trustabl is a static analyzer for agent reliability. It scans a repository that builds AI agents — across the Claude Agent SDK, OpenAI Agents SDK, Google ADK, LangChain / LangGraph, CrewAI, AutoGen, Pydantic AI, the Vercel AI SDK, and MCP servers — discovers every agent, tool, subagent, skill, guardrail, and MCP server in the code, and reports the reliability and safety weaknesses it finds.

It runs as a single binary, reads your repo without writing anything into it, and produces a deterministic report you can read by eye, pipe as JSON, or upload to GitHub Code Scanning as SARIF. It runs as a CLI or as a local stdio MCP server, so an agent can self-audit code it just wrote before it ever reaches CI.

The problem it addresses

Agent code fails in ways ordinary linters don't see. A tool that shells out without a human-approval step, an agent wired with no input guardrails, a network call with no timeout, a project that sets bypassPermissions repo-wide — none of these are syntax errors, but each is a real reliability or safety hazard. Trustabl knows the shapes of the major agent SDKs and checks for exactly these problems.

How it works, in one breath

A flat, deterministic pipeline: recon (cheap, no parsing) → inventory (per-language AST discovery of tools/agents/guardrails) → policy selection (load only the rule packs for the SDKs actually present) → analysis (run scope-aware detectors against typed inputs) → scoring. Identical inputs always produce an identical report. See How it works → Architecture for the full detail.

What it covers

Nine agent SDKs, across seven languages:

  • Claude Agent SDK — Python and TypeScript, plus the Claude Code surfaces: subagents (.claude/agents/*.md), skills (SKILL.md), slash commands, plugin manifests, and .claude/settings.json
  • OpenAI Agents SDK — Python and TypeScript
  • Google ADK — Python and TypeScript
  • LangChain / LangGraph — Python and TypeScript
  • CrewAI — Python
  • AutoGen / AG2 — Python
  • Pydantic AI — Python
  • Vercel AI SDK — TypeScript / JavaScript
  • MCP tool registrations and config — Python, TypeScript, Go, C#/.NET, PHP, and Rust (the cross-language wedge)

It also flags the shell-invocation risk surface (subprocess / os.system / os.popen) and, opt-in, scans declared dependencies against the OSV database for known CVEs. Detection rules ship in the separate trustabl-rules repository — currently 183 rules resolved at scan time.

The full SDK-by-language matrix is on the Coverage page.

Where to go next

  • Installation — Homebrew, Scoop, Docker, or a direct binary
  • Quick start — your first scan in two commands
  • Use cases — CI gates, pre-merge audits, agent hardening
  • CLI reference — every flag and exit code
  • Rules — every check Trustabl runs, with the threat model behind it

Two-part project

The engine (this scanner) and its detection rules live in separate repositories. The engine ships with no rules embedded; it resolves them at scan time from the trustabl-rules repository. That is why a rule can be added or updated without rebuilding the binary.