Skip to main content
The attesta trust subcommands let you inspect and manage the per-agent trust profiles stored by Attesta’s Bayesian trust engine. Trust scores influence risk assessment — trusted agents experience reduced friction on non-critical actions, while agents with incidents face elevated scrutiny.

Shared Options

All attesta trust subcommands accept:
FlagDefaultDescription
--store PATH.attesta/trust.jsonPath to the trust store JSON file

attesta trust show

Display the full trust profile for a specific agent, including their overall score, incident count, domain-specific scores, and history size.

Usage

attesta trust show <agent_id> [--store PATH]

Example Output

Trust Profile: gpt-4-agent

  Overall score  : 0.723
  Stored score   : 0.710
  Incidents      : 0
  Created        : 2025-01-10T08:30:00
  Last action    : 2025-01-16T14:22:15

  Domain Scores
    finance             : 0.650
    general             : 0.780
    infrastructure      : 0.690

  History entries : 142

Understanding the Output

FieldDescription
Overall scoreThe computed trust score after applying decay and recency weighting (0.0 - 1.0)
Stored scoreThe raw score stored in the trust file before decay adjustment
IncidentsNumber of security incidents recorded for this agent. Each incident applies a penalty multiplier
Domain ScoresPer-domain trust scores. An agent trusted in finance may not be trusted in infrastructure
History entriesTotal number of recorded evaluations (approvals, denials, incidents)
Score coloring in the terminal:
Score RangeColorMeaning
0.70 - 1.00GreenHigh trust — risk reduction applied
0.40 - 0.69YellowModerate trust — limited risk reduction
0.00 - 0.39RedLow trust — no risk reduction, possible amplification

Error Case

$ attesta trust show nonexistent-agent
error: Agent 'nonexistent-agent' not found in trust store.

attesta trust list

Display a table of all known agents with their trust score, incident count, and last active timestamp.

Usage

attesta trust list [--store PATH]

Example Output

Agents

  Agent ID                       Score  Incidents Last Active
  -------------------------------------------------------------------
  claude-agent                   0.823          0 2025-01-16 14:30
  gpt-4-agent                    0.723          0 2025-01-16 14:22
  ops-bot                        0.412          2 2025-01-15 09:15
  security-scanner               0.156          5 2025-01-10 11:00

  4 agent(s) total
Agents with incidents have their incident count displayed in red. Trust decays over time — an agent with no recent activity will see their score decrease by the configured decay_rate per day.

Empty Store

$ attesta trust list
No agents found in trust store.

attesta trust revoke

Immediately revoke all trust for a specific agent. This is a severe action that adds 3 incident penalties to the agent’s profile, effectively reducing their trust score to near zero.

Usage

attesta trust revoke <agent_id> [-y] [--store PATH]
FlagDescription
-y, --yesSkip the confirmation prompt

Interactive Confirmation

$ attesta trust revoke ops-bot
Revoke all trust for agent 'ops-bot'? This cannot be undone. [y/N] y
Revoked trust for agent 'ops-bot'.
  New score: 0.000

Non-Interactive (CI/Automation)

$ attesta trust revoke ops-bot -y
Revoked trust for agent 'ops-bot'.
  New score: 0.000

Aborting

$ attesta trust revoke ops-bot
Revoke all trust for agent 'ops-bot'? This cannot be undone. [y/N] n
Aborted.
Trust revocation cannot be undone through the CLI. The agent must rebuild trust through successful, approved actions over time. Use this command when you suspect an agent has been compromised or is behaving maliciously.

Practical Workflows

Investigating a Suspicious Agent

1

Check the agent's trust profile

attesta trust show suspicious-agent
2

Review their rubber-stamp history

attesta audit rubber-stamps --min-risk medium
3

Revoke trust if warranted

attesta trust revoke suspicious-agent -y
4

Verify the revocation

attesta trust show suspicious-agent
The overall score should now be at or near 0.000.

Monitoring Trust Across Agents

# Quick overview of all agents
attesta trust list

# Detailed view of a specific agent
attesta trust show my-agent-id

# Check if any agents have incidents
attesta trust list --store /path/to/trust.json

How Trust Affects Risk

The trust engine adjusts risk scores for agents with established profiles:
  • High trust (0.7+): Risk score reduced by up to trust.influence (default 0.3)
  • Low trust (below 0.4): No risk reduction applied
  • CRITICAL actions: Never downgraded regardless of trust — this is a safety invariant
effective_risk = raw_risk × (1.0 - (trust_score - 0.5) × trust_influence)
# But: if raw_risk >= 0.8 (CRITICAL), effective_risk = raw_risk

Next Steps

Trust Engine Concepts

Learn how the Bayesian trust engine works

attesta audit

Inspect the audit trail for evidence