Truss Labs Inc.

Show me: process-level wrap

You don't need to rebuild your agents or modify their codebase. Truss wraps existing tools (like gemini-cli, in-house python pipelines, Cursor, or SDK-based agents) by pointing their client base-URLs at a local uvicorn proxy on your machine.

# Install (bootstraps a private venv + ledger under ~/.truss/)
curl -sSL https://trusslabs.org/install.sh | bash

# Wrap gemini-cli (works the same for `claude` — sets ANTHROPIC_BASE_URL)
truss proxy exec -- gemini-cli

# Inside the wrapped CLI, ask something that contains a patient address:
#   → Patient lives at 1234 Main St. Summarize their case.
# Truss intercepts before the model sees it. Receipt:
ls ~/.truss/ledger/receipts/$(date -u +%F)/

# An auditor can verify every receipt in the ledger:
truss receipt verify ~/.truss/ledger/receipts

Provider-agnostic by design — Gemini and Claude both wired today; OpenAI is the same reverse-proxy shape. Truss holds no upstream model credentials. The wrapped CLI's own API key (or OAuth token) flows through the inbound request and truss forwards it.

Source: github.com/trusslabs-org/truss-labs. Live audit-proxy demo: demo.trusslabs.org.

Also: offline trace analysis

The same truss CLI ships three primitives for offline analysis of session logs you already have — truss trace translate turns hooks.jsonl into traceable nodes, truss trace analyze finds retry loops and circular-reasoning flags, truss trap halts on the patterns you care about. The original "Unix pipes for AI behavior" story.

cat hooks.jsonl | truss trace translate | truss trace analyze --json --flag FLAG_CIRCULAR_REASONING | truss trap run