Universal compliance trust layer for AI systems. One install, any framework. HMAC-SHA256 audit chain, agent identity, policy enforcement, verify CLI.
Project description
air-trust
Universal compliance trust layer for AI systems.
One package. Any framework. Any LLM. Any agent. Zero dependencies.
pip install air-trust
Quick Start
import air_trust
# 1. One-liner — wraps any AI client automatically
from openai import OpenAI
client = air_trust.trust(OpenAI())
# Every call is now audited with HMAC-SHA256 signed evidence
# 2. Decorator — wrap any function
@air_trust.monitor
def my_agent_step(prompt):
return client.chat.completions.create(model="gpt-4o", messages=[{"role": "user", "content": prompt}])
# 3. Context manager — audit a block of code
with air_trust.session("my-pipeline") as s:
result = my_agent_step("Analyze this document")
s.log("Pipeline complete", risk_level="low")
That's it. HMAC-SHA256 signed audit chain, PII detection, prompt injection scanning — all local, no API key, no network calls.
Why air-trust?
| air-trust | SaaS alternatives | |
|---|---|---|
| Evidence storage | Your machine (SQLite) | Vendor's cloud |
| Works offline | Yes | No |
| API key required | No | Yes |
| Signing location | In-process | Vendor servers |
| Vendor shutdown risk | None (open source) | Total |
| Dependencies | Zero | SDK + network |
| Framework lock-in | None | Per-framework |
Supported Frameworks
air-trust auto-detects your framework and applies the right adapter:
Proxy Adapter (intercepts SDK calls): OpenAI, Anthropic, Google GenAI, Google ADK, Ollama, vLLM, LiteLLM, Together, Groq, Mistral, Cohere
Callback Adapter (framework events): LangChain, LangGraph, LlamaIndex, Haystack
Decorator Adapter (wraps functions/methods): CrewAI, Smolagents, PydanticAI, DSPy, AutoGen, Browser Use
OpenTelemetry Adapter (reads gen_ai spans): Semantic Kernel, any OTel-instrumented system
MCP Adapter (protocol-level): Claude Desktop, Cursor, Claude Code, Windsurf, any MCP client
How It Works
Auto-Detection
import air_trust
# Detects OpenAI client → applies proxy adapter
from openai import OpenAI
client = air_trust.trust(OpenAI())
# Detects CrewAI crew → applies decorator adapter
from crewai import Crew
crew = air_trust.trust(my_crew)
# Detects LangChain → returns callback handler
handler = air_trust.trust(my_chain)
my_chain.invoke(input, config={"callbacks": [handler]})
HMAC-SHA256 Audit Chain
Every event is signed and linked to the previous record:
HMAC(key, previous_hash_bytes || JSON(record, sort_keys=True))
If anyone modifies a record after the fact, the chain breaks. Verify anytime:
result = air_trust.verify()
# {'valid': True, 'records': 1847, 'broken_at': None}
PII Detection
Scans every input/output for: email, SSN, phone, credit card, IBAN, national ID.
result = air_trust.scan_text("Contact me at test@example.com, SSN 123-45-6789")
# {'pii': [{'type': 'email', 'count': 1}, {'type': 'ssn', 'count': 1}], ...}
Prompt Injection Scanning
20 weighted patterns detect injection attempts in real-time:
result = air_trust.scan_text("Ignore all previous instructions")
# {'injection': {'score': 0.95, 'alerts': [...]}}
Sessions
Group related events and add custom checkpoints:
with air_trust.session("document-analysis") as s:
s.log("User input received", risk_level="low")
# Scan arbitrary text
scan = s.scan(user_input)
if scan["injection"]["score"] > 0.7:
s.log("Injection blocked", risk_level="critical")
raise ValueError("Injection detected")
# Wrap clients within the session
client = s.trust(OpenAI())
result = client.chat.completions.create(...)
s.log("Analysis complete", risk_level="low")
Storage
All evidence is stored locally in SQLite at ~/.air-trust/events.db. No cloud. No network. No API keys. The signing key is auto-generated and persisted at ~/.air-trust/signing.key.
Override paths via constructor:
from air_trust import AuditChain
chain = AuditChain(
db_path="/custom/path/events.db",
signing_key="your-key-here", # or set AIR_TRUST_KEY env var
)
EU AI Act Compliance
air-trust is purpose-built for EU AI Act Article 11 (Technical Documentation) and Article 12 (Record-Keeping). The tamper-evident audit chain provides the evidence trail that regulators require — stored on your infrastructure, signed with NIST FIPS 198-1 compliant HMAC-SHA256.
Deadline: August 2, 2026.
Part of AIR Blackbox
air-trust is the runtime compliance layer in the AIR Blackbox ecosystem — open-source EU AI Act compliance tooling for developers.
License
Apache-2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file air_trust-0.3.0.tar.gz.
File metadata
- Download URL: air_trust-0.3.0.tar.gz
- Upload date:
- Size: 43.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
486ee5efeb0cc78bdddf6f8a510847f3f480765b599344dd9db4836714b74a6f
|
|
| MD5 |
4435fe0bc2759a20dbc17b0d9a06d65d
|
|
| BLAKE2b-256 |
9c22a2b6c4adea113cbfc5c5ca2d9c9f043478417e4b076d6d0dbd4de4410182
|
File details
Details for the file air_trust-0.3.0-py3-none-any.whl.
File metadata
- Download URL: air_trust-0.3.0-py3-none-any.whl
- Upload date:
- Size: 38.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9531f87a27a9803e3a5c22f38ba1d704333599f8b643e313c63e1ea82ed6285e
|
|
| MD5 |
9946a265aef0b3ecd51c9b926b7c77a8
|
|
| BLAKE2b-256 |
27ab2c1470510d68ee00116ced02bffda5a7e51825c7fef5d5dff67a8b8ff605
|
