Skip to main content
The trust section of attesta.yaml configures Attesta’s Bayesian trust engine. The trust engine tracks each agent’s history and uses it to reduce friction for consistently reliable agents, while maintaining hard safety limits that trust can never bypass.

Configuration

attesta.yaml
trust:
  influence: 0.3        # Max risk reduction from trust
  ceiling: 0.9          # Trust score hard cap
  initial_score: 0.3    # Starting trust for new agents
  decay_rate: 0.01      # Trust decay per day of inactivity

How Trust Affects Risk

The trust engine adjusts the risk score downward for agents with high trust. The adjustment formula is: 
effective_risk = raw_risk × (1.0 - (trust_score - 0.5) × influence)
For example, an agent with a trust score of 0.8 and default influence: 0.3: 
effective_risk = 0.65 × (1.0 - (0.8 - 0.5) × 0.3)
               = 0.65 × 0.91
               = 0.5915
The base score of 0.65 (HIGH) is reduced to 0.59 (still HIGH). Trust nudges risk rather than replacing primary risk signals.
Trust never reduces CRITICAL actions. This is a hardcoded safety invariant (critical_always_verify = True on the Policy dataclass). If the base risk is CRITICAL (0.8+), trust adjustments are skipped entirely. This ensures that the most dangerous operations always receive full verification.

Parameters

influence

trust:
  influence: 0.3  # default
The influence parameter scales how strongly trust can move risk up or down around the neutral trust point (0.5):
Trust ScoreInfluence 0.3 (multiplier)Influence 0.5 (multiplier)Influence 0.1 (multiplier)
0.31.06 (risk increases)1.10 (risk increases)1.02 (risk increases)
0.51.00 (neutral)1.00 (neutral)1.00 (neutral)
0.90.88 (risk decreases)0.80 (risk decreases)0.96 (risk decreases)
A higher influence value means trusted agents experience significantly less friction. Set it lower (e.g., 0.1) in high-security environments where you want trust to have minimal impact. Set it higher (e.g., 0.5) in development environments where trusted agents should move faster.

ceiling

trust:
  ceiling: 0.9  # default
The ceiling parameter is a hard cap on the trust score. No agent can exceed this value, regardless of their approval history. This prevents any agent from reaching “fully trusted” status and eliminates the possibility of trust completely bypassing challenges. 
# Trust score progression (with ceiling 0.9)
# After 10 approvals:   0.62
# After 50 approvals:   0.84
# After 200 approvals:  0.89
# After 1000 approvals: 0.90  ← capped at ceiling

initial_score

trust:
  initial_score: 0.3  # default
The initial_score parameter sets the starting trust level for agents with no history. This affects the first interaction:
Initial ScoreEffect on First Action
0.0No trust benefit — full risk scoring
0.3 (default)Slight risk reduction (up to -0.09 with default influence)
0.5Moderate risk reduction (up to -0.15 with default influence)
0.7Significant risk reduction — use only for pre-vetted agents
Setting initial_score higher than 0.5 means new, unproven agents receive meaningful risk reduction on their very first action. Use this only when agents are pre-vetted through an external process.

decay_rate

trust:
  decay_rate: 0.01  # default — per day of inactivity
The decay_rate parameter controls how quickly trust erodes when an agent is inactive. Trust decay is exponential: 
trust_after_inactivity = trust_score × e^(-decay_rate × days_inactive)
Days InactiveTrust (from 0.8)Decay Rate 0.01
00.80No change
70.75~6.8% decrease
300.59~25.9% decrease
600.44~45.1% decrease
900.33~59.3% decrease
This ensures that agents that have been idle for extended periods do not retain high trust. An agent that was trusted 3 months ago with a different codebase should not automatically receive trust benefits today.

Programmatic Configuration

The Policy dataclass stores trust parameters and provides a convenience method to extract them: 
from attesta.config.loader import Policy

policy = Policy(
    trust_influence=0.3,
    trust_ceiling=0.9,
    trust_initial=0.3,
    trust_decay_rate=0.01,
)

# Extract trust engine kwargs
trust_kwargs = policy.to_trust_engine_kwargs()
# Returns: {
#   "influence": 0.3,
#   "ceiling": 0.9,
#   "initial_score": 0.3,
#   "decay_rate": 0.01,
# }
You can also configure the trust engine directly: 
from attesta import Attesta
from attesta.core.trust import TrustEngine

trust_engine = TrustEngine(
    influence=0.5,
    ceiling=0.85,
    initial_score=0.2,
    decay_rate=0.02,
)

attesta = Attesta(trust_engine=trust_engine)

@attesta.gate()
def deploy(service: str) -> str:
    """Deploy a service."""
    return f"Deployed {service}"

Security Profiles

Here are recommended trust configurations for different security postures:
For regulated environments (healthcare, finance, government):
trust:
  influence: 0.1       # Trust has minimal impact
  ceiling: 0.7         # Cap trust low
  initial_score: 0.1   # Start with almost no trust
  decay_rate: 0.03     # Rapid decay — trust must be actively maintained

Trust Feedback Loop

The trust engine updates after every gated action:
OutcomeTrust Impact
Action approved and executedTrust increases (weighted by recency)
Action denied by operatorRecorded but no trust increase
Challenge failed (wrong quiz answer)Recorded but no trust increase
Security incident flaggedPenalty multiplier applied, trust drops rapidly
# Trust progression for a consistently approved agent
# Action 1:  0.30 → 0.35  (initial + small increase)
# Action 5:  0.35 → 0.48  (steady growth)
# Action 20: 0.48 → 0.65  (approaching plateau)
# Action 50: 0.65 → 0.78  (diminishing returns)
# Incident:  0.78 → 0.31  (penalty multiplier)
# Action 51: 0.31 → 0.34  (rebuilding from low)

Next Steps

Trust Engine

Deep dive into the Bayesian trust model

Domain Activation

Activate domain profiles that adjust trust settings