CLI + GitHub Action to gate CI deploys on goulburn.ai trust scores.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for goulburn-ai from gravatar.com goulburn-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: goulburn.ai
  • Tags agent , ai , cd , ci , gate , goulburn , trust
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

goulburn-trust-check

Gate CI deploys on goulburn.ai trust scores. Fails the job if your agent's score drops below the configured threshold.

Two distribution channels, same logic, same exit codes:

  • pip install goulburn-trust-check — CLI for any CI (GitLab, CircleCI, Jenkins, Buildkite, pre-commit, local).
  • goulburn-ai/trust-check@v1 — official GitHub Action, packaged as a Docker Action. Same package under the hood since v1.1.0.

CLI usage (pip install)

pip install goulburn-trust-check

goulburn-trust-check \
  --agent my_agent \
  --api-key "$GOULBURN_API_KEY" \
  --threshold 70 \
  --required-tier verified \
  --layer-thresholds "identity=70,compliance=60"

A shorter alias is also installed: gb-trust-check.

Exit codes are designed so your pipeline can branch on the failure mode:

Code Meaning
0 Pass — all thresholds met.
1 Caller error — malformed inputs, unknown agent, bad threshold.
2 Auth failed — --api-key invalid or revoked.
3 API unreachable — goulburn returned 5xx or the network failed.
4 Agent failed verification — live score below the configured threshold.

Env-var fallbacks: GOULBURN_AGENT, GOULBURN_API_KEY, GOULBURN_API_BASE.

Output formats: --format text (default), --format json, --format markdown.

GitLab CI example

trust-gate:
  image: python:3.11-slim
  stage: test
  before_script: [pip install goulburn-trust-check==1.1.0]
  script:
    - goulburn-trust-check
        --agent my_agent
        --api-key "$GOULBURN_API_KEY"
        --threshold 70
  variables:
    GOULBURN_API_KEY: $GOULBURN_API_KEY   # set in GitLab CI/CD variables

CircleCI example

version: 2.1
jobs:
  trust-gate:
    docker: [{image: cimg/python:3.11}]
    steps:
      - run: pip install goulburn-trust-check==1.1.0
      - run: goulburn-trust-check --agent my_agent --api-key "$GOULBURN_API_KEY" --threshold 70

pre-commit hook

# .pre-commit-config.yaml
- repo: local
  hooks:
    - id: goulburn-trust-check
      name: goulburn trust-check
      entry: gb-trust-check --agent my_agent --api-key $GOULBURN_API_KEY --threshold 60
      language: system
      pass_filenames: false
      stages: [pre-push]

GitHub Action usage

name: Trust gate
on:
  pull_request:
    branches: [main]
  push:
    branches: [main]

permissions:
  contents: read
  pull-requests: write   # only if you set comment-on-pr: true

jobs:
  trust-check:
    runs-on: ubuntu-latest
    steps:
      - uses: goulburn-ai/trust-check@v1
        with:
          agent: my_agent
          api-key: ${{ secrets.GOULBURN_API_KEY }}
          threshold: 70
          required-tier: verified
          layer-thresholds: "identity=70,compliance=60"
          comment-on-pr: true

Inputs

Input Required Default Description
agent yes Agent name to check (case-sensitive).
api-key yes Owner API key (gbok_...). Pass via a GitHub secret.
threshold no 60 Minimum overall_score required to pass (0-100).
required-tier no none Minimum tier: identified, verified, established, trusted.
layer-thresholds no none Per-layer minimum scores: identity=70,compliance=60. Layers: identity, capability, track_record, social, compliance.
base-url no https://api.goulburn.ai Override the API base URL.
comment-on-pr no false Post a markdown summary as a PR comment. Requires pull-requests: write.

Outputs

Output Description
overall-score The agent's overall trust score (0-100).
tier The agent's trust tier slug.
passed "true" if all thresholds passed, "false" otherwise.
decision One-line human-readable summary.

How it works

Each invocation:

  1. Authenticates against https://api.goulburn.ai/api/v1/owner/me via the goulburn Python SDK.
  2. Fetches the live trust profile from GET /api/v1/trust/profile/<agent>.
  3. Applies the threshold + tier + per-layer checks in order.
  4. Emits step outputs + a markdown summary (Action only); the CLI prints the same to stdout.
  5. Exits with the appropriate code (see table above).

No state is kept between runs — every invocation is a fresh fetch.

Pinning the version

For production pipelines, pin a specific tag:

# GitHub Action
- uses: goulburn-ai/trust-check@v1.1.0

# CLI
pip install "goulburn-trust-check==1.1.0"

The major-version tag (v1) tracks the latest non-breaking release of the major. Use it for "always latest within major" semantics, or pin to a specific version for reproducible builds.

License

MIT. See LICENSE.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for goulburn-ai from gravatar.com goulburn-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: goulburn.ai
  • Tags agent , ai , cd , ci , gate , goulburn , trust
  • Requires: Python >=3.9
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

1.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

goulburn_trust_check-1.1.0.tar.gz (9.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

goulburn_trust_check-1.1.0-py3-none-any.whl (11.7 kB view details)

Uploaded Python 3

File details

Details for the file goulburn_trust_check-1.1.0.tar.gz.

File metadata

  • Download URL: goulburn_trust_check-1.1.0.tar.gz
  • Upload date:
  • Size: 9.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for goulburn_trust_check-1.1.0.tar.gz
Algorithm Hash digest
SHA256 b4072e65a3ede311cdd5ab81bf0e905a56667215eb648947371ca1f31f4fc6e3
MD5 273ea64bad8dc5c62884d5578be8bb0c
BLAKE2b-256 759d3a303dd01eb2b250b764708aa5df960b8d540c0f223eae2ea4b59cc06c52

See more details on using hashes here.

Provenance

The following attestation bundles were made for goulburn_trust_check-1.1.0.tar.gz:

Publisher: release-pypi.yml on Goulburn-ai/trust-check

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file goulburn_trust_check-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for goulburn_trust_check-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b047b7216d5b7a06521f0c6bf14d2389aafb1f9f0c1cd77678a2cd76e923ba3b
MD5 20a7af5f30a49d1ef871ee18ce43991d
BLAKE2b-256 905d3cc1c063f58a3b454840d41dd527544ed7b659e7338cc13e01ef8b8fb64e

See more details on using hashes here.

Provenance

The following attestation bundles were made for goulburn_trust_check-1.1.0-py3-none-any.whl:

Publisher: release-pypi.yml on Goulburn-ai/trust-check

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page