Protect agent runs. Record evidence. Audit claims. Train only from trusted traces.
The table below is the human-readable view of
docs/project-index.json, the machine-readable
source of truth for the project list. Profile generation consumes that index so
the public matrix stays complete and in sync across repos.
| Repository | Role |
|---|---|
| wasmagent | Project home · Public landing page that directs readers to .github for the full roadmap and project list |
.github |
Org hub · Org-wide documentation and ledger hub — public home for the roadmap, claims registry, release ledger, and cross-repo coordination |
| wasmagent-js | Runtime · Embedded agent runtime — WASM sandbox, MCP firewall, capability manifests, signed AEP event emitter |
| bscode | Workload · Real coding-agent workload and evidence collection surface on Cloudflare Workers with AEP evidence export |
| trace-pipeline | Evidence pipeline · Trace-to-training backend and data factory — ingests AEP traces, gates training-data admission, and records every training run as auditable evidence |
| agent-trust-infra | Trust artifacts · AgentBOM, MCP Posture, and Trust Passport spec, reference impl, and CLI |
| open-agent-audit | Audit · Enterprise audit product; deployed at trustavo.com |
| fresharena | Evaluation protocol · Dynamic, verifiable, adversarial evaluation protocol for coding agents |
The runtime layer — wasmagent-js — protects agent execution and emits
signed AEP events that flow into verifiable runtime traces.
trace-pipeline audits benchmark claims with paired statistics, gates training
data admission, and records every training run as auditable evidence.
agent-trust-infra layers on trust artifacts — AgentBOM, MCP Posture, and
Trust Passport — giving every agent run a machine-readable identity and
policy posture that feeds downstream audit.
open-agent-audit turns the full evidence chain into enterprise-readable
audit reports — deployed at trustavo.com.
fresharena closes the loop with dynamic, verifiable, adversarial evaluation
of coding agents, ensuring the runtime, evidence, and audit story is grounded
in real benchmark performance.
Trustavo is the production deployment of OpenAgentAudit. The name combines trust with -avo — evoking a trustworthy, authoritative voice. In AI governance, evidence only counts when it is trusted; Trustavo exists to make that trust legible to enterprise teams, auditors, and regulators.
We are looking for maintainers across several focus areas. Open to part-time and async contribution; commit access is granted after a sustained track record.
- Runtime —
wasmagent-js, AEP, MCP firewall, capability manifests - Pipelines —
trace-pipeline(measurement trust, admission, training audit) - Trust artifacts —
agent-trust-infra(AgentBOM, MCP Posture, Trust Passport) - Audit product —
open-agent-audit/ Trustavo (evidence reports, Cloudflare Workers) - Evaluation —
fresharena(dynamic, verifiable, adversarial evaluation protocol for coding agents) - Adapters — OpenTelemetry GenAI, Langfuse, LangSmith ingestion
- Regulatory profiles — OWASP Agentic Top 10, NIST AI RMF, ISO/IEC 42001, EU AI Act Annex IV mappings
- DevRel & docs — quickstart guides, integration walkthroughs, sample reports
Interested? Open an issue titled maintainer: <area> in the relevant
repository, or start a GitHub Discussion in the project home repository.
Public ledgers and shared docs live in this repository so they belong to the org, not any single product.
- Claims registry — org claims mapped to evidence and review status
- Release ledger — public releases across repositories
- Media & posts — talks, posts, and appearances
- Project index — machine-readable source of truth for the project list
- Roadmap — living roadmap mirroring the public repo list
Repositories in this organization produce technical evidence and research tooling. They do not provide legal advice, regulatory certification, or compliance determinations.