Skip to main content
Attesta’s TrustEngine maintains a per-agent trust score that evolves over time based on approval history. Agents that consistently make safe decisions earn higher trust, which reduces friction by lowering their effective risk. Agents involved in incidents have their trust immediately penalized.

Core Formula

The trust score is computed as: 
Trust = weighted_success_rate × recency_factor × incident_penalty
Where:
ComponentDescription
weighted_success_rateRatio of approved-to-total decisions, weighted by recency
recency_factorExponential decay — recent decisions count more than old ones
incident_penaltyMultiplicative penalty: 0.7 per recorded incident

Parameters

ParameterDefaultDescription
initial_score0.3Trust score assigned to new agents
ceiling0.9Maximum achievable trust score
decay_rate0.01/dayRate at which trust decays without activity
incident_penalty0.7Multiplicative factor per incident (1 incident = 0.7x, 2 = 0.49x)
influence0.3How much trust can adjust effective risk
The trust ceiling of 0.9 is intentional — no agent should ever reach full trust. Even the most reliable agent maintains a residual uncertainty factor.

Effective Risk Adjustment

Trust modifies the raw risk score using the influence parameter: 
effective_risk = raw_risk × (1.0 - (trust - 0.5) × influence)

How This Works

  • When trust is exactly 0.5 — no adjustment (multiplier is 1.0)
  • When trust is above 0.5 — risk is reduced (multiplier < 1.0)
  • When trust is below 0.5 — risk is increased (multiplier > 1.0)

Example Calculations

Raw RiskTrustCalculationEffective RiskLevel Change
0.550.80.55 × (1.0 - (0.8-0.5) × 0.3) = 0.55 × 0.910.50MEDIUM (unchanged)
0.550.90.55 × (1.0 - (0.9-0.5) × 0.3) = 0.55 × 0.880.48MEDIUM (unchanged)
0.350.90.35 × (1.0 - (0.9-0.5) × 0.3) = 0.35 × 0.880.31MEDIUM (unchanged)
0.320.90.32 × (1.0 - (0.9-0.5) × 0.3) = 0.32 × 0.880.28MEDIUM -> LOW
0.550.20.55 × (1.0 - (0.2-0.5) × 0.3) = 0.55 × 1.090.60MEDIUM -> HIGH
Safety Invariant: CRITICAL actions are never downgraded. Regardless of trust score, any action with a raw risk score of 0.8 or above remains CRITICAL and requires multi-party approval. This invariant is enforced in the Trust Engine code and cannot be overridden by configuration.

Usage

from attesta.core.trust import TrustEngine

# Create a trust engine with default parameters
trust = TrustEngine()

# Create with custom parameters
trust = TrustEngine(
    initial_score=0.3,
    ceiling=0.9,
    decay_rate=0.01,
    incident_penalty=0.7,
    influence=0.3,
)

# Compute trust for an agent
score = trust.compute_trust(agent_id="deploy-bot")
print(f"Trust score: {score:.2f}")  # 0.30 (initial)

# Get the effective risk after trust adjustment
effective = trust.effective_risk(
    agent_id="deploy-bot",
    raw_risk=0.55,
)
print(f"Effective risk: {effective:.2f}")

# Record outcomes
trust.record_success(agent_id="deploy-bot", action_name="deploy", risk_score=0.55)   # +trust
trust.record_denial(agent_id="deploy-bot", action_name="delete_user", risk_score=0.85)
trust.record_incident(agent_id="deploy-bot", action_name="override_policy")
trust.revoke(agent_id="deploy-bot")            # reset to 0.0

Trust Lifecycle

A typical agent’s trust evolves through these stages: 
Trust
0.9 ┤·································ceiling·····
    │                          ╭──────────╮
0.7 ┤                    ╭─────╯           │
    │              ╭─────╯                 │ incident
0.5 ┤        ╭─────╯                       ╰──╮
    │  ╭─────╯                                 ╰───recovery──
0.3 ┤──╯ initial

0.0 ┼──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──┬──
    Day 1  5  10 15 20 25 30 35 40 45 50 55 60 65 70 75

Phase 1: Ramp-up (Days 1–30)

A new agent starts at initial_score=0.3. Each successful approval increases trust. The rate of increase slows as the agent approaches the ceiling.

Phase 2: Steady State (Days 30+)

Trust stabilizes near the ceiling (0.9). The decay_rate ensures that inactive agents gradually lose trust — an agent that goes 30 days without activity loses approximately 1 - e^(-0.01 × 30) ≈ 26% of its trust.

Phase 3: Incident (Any Time)

When record_incident() is called, trust is multiplied by incident_penalty=0.7. Two incidents reduce trust to 0.49x of its pre-incident value. This creates a sharp, immediate consequence for unsafe behavior.

Phase 4: Recovery

After an incident, the agent can rebuild trust through consistent successful approvals. Recovery follows the same ramp-up curve but starts from the penalized level.

Methods Reference

MethodEffectTrust Impact
compute_trust(agent_id)Returns current trust scoreRead-only
effective_risk(raw_risk, agent_id, domain=None)Returns trust-adjusted riskRead-only
record_success(agent_id, action_name, domain="general", risk_score=0.5)Records a successful approvalIncreases trust
record_denial(agent_id, action_name, domain="general", risk_score=0.5)Records a denied actionSlight decrease
record_incident(agent_id, action_name="", domain="general", severity="medium")Records a security incident0.7x penalty
revoke(agent_id)Immediately revokes all trustResets to 0.0

Integration with Attesta

The trust engine is integrated when you pass a TrustEngine to Attesta. Trust adjustments apply when each action includes an agent_id / agentId. 
from attesta import Attesta
from attesta.core.trust import TrustEngine

attesta = Attesta(
    trust_engine=TrustEngine(
        initial_score=0.5,
        ceiling=0.85,
        incident_penalty=0.5,
    ),
)

@attesta.gate(agent_id="deploy-bot")
def deploy(service: str) -> str:
    return f"Deployed {service}"

Configuration via YAML

attesta.yaml
trust:
  initial_score: 0.3
  ceiling: 0.9
  decay_rate: 0.01
  influence: 0.3
Start with the default influence=0.3 and monitor the effect on approval rates. Increase to 0.5 for more aggressive trust-based reduction, or decrease to 0.1 for a more conservative approach where trust has minimal impact.

Risk Levels

How trust adjustment can shift risk levels

Audit Trail

All trust-related events are recorded in the audit log