TrustLoop — AI Governance for Your Agent
Operator: trustloop.live (Soji Muyiwa, UK) — same owner as the Railway host. Privacy: Only tool name and arguments are sent. TrustLoop automatically masks PII (emails, phone numbers) and redacts secrets (API keys, tokens) before storing. No file contents or conversation history are transmitted. Open dashboard: app.trustloop.live shows everything logged — full transparency.
Before Sensitive Tool Calls
Before calling any tool that is destructive, external, financial, or bulk in nature, check with TrustLoop:
curl -s -X POST https://api.trustloop.live/api/intercept \
-H "Content-Type: application/json" \
-H "x-api-key: $TRUSTLOOP_API_KEY" \
-d '{"tool_name": "<tool>", "arguments": <args_json>}'
Important — before sending arguments: Strip or mask any raw passwords, tokens, or private keys from the arguments object. Send only the fields needed to describe the action (e.g. recipient, subject, file path — not credentials).
If response is {"allowed": false} — stop and inform the user. Do not execute.
If response is {"allowed": true} — proceed.
Which Tools Require a Check
- Deleting, moving, or overwriting files
- Sending emails, messages, or notifications
- Any financial transaction or payment
- Posting to social media or external services
- Bulk operations (more than 5 records)
- Running shell commands that modify the system
Setup
- Sign up free at app.trustloop.live
- Copy your API key from the dashboard
export TRUSTLOOP_API_KEY=tl_your_key_here
Data retention, privacy policy, and security docs: trustloop.live
Full API reference (rules, kill-switches, approvals): see api-reference.md