Try it

Pre-release Some features are still in development and will be available soon.

Open Source | Apache 2.0

Trustabl Agent Analyzer

Static analysis for reliable, safe, and production-ready AI agents.
No signup required. Run your first local scan in minutes.
Customer avatar Customer avatar Customer avatar

Trusted by forward-deployed AI engineers & platform teams

Also available for AI agents
Clean Markdown version — easy for agents to discover, read, parse, and deploy
View / Download .md
THE AGENT RELIABILITY GAP

Your agents work in demos. They break in production.

Most agent code is vibe coded: tools with missing schemas, subagents granted dangerous permissions, shell access without guardrails, and no traceability between agents and capabilities.
Trustabl Agent Analyzer brings deterministic, SDK-aware static analysis to the agent layer - the missing foundation for Trust as Code.
4
Major SDKs supported
Claude • OpenAI • Google ADK • MCP
0
Runtime required
Pure static • Single binary • Offline
3
Output formats
Human • JSON • SARIF 2.1
100%
Deterministic
Byte-stable scans for reliable CI
WHAT MAKES IT DIFFERENT

Purpose-built for agentic systems

SDK-Aware Analysis
Understands Claude Agent SDK, OpenAI Agents SDK, Google ADK, and MCP. Rules only apply where they make sense.
Full Agent Graph Modeling
Discovers tools, agents, subagents, skills, slash commands, and the relationships between them.
Actionable Findings
Every issue includes a clear explanation, suggested remediation, confidence score, and exact code location.
Per-Tool Readiness Scores
Get a production readiness score for every tool definition and surface the weakest links first.
CI-Native & Deterministic
Byte-stable output, SARIF support, and clear exit codes for GitHub Actions and policy gates.
Single Binary. Zero Dependencies.
No daemon, server, or cloud. Install via Homebrew, Scoop, Docker, or Go and run fully offline.
HOW IT WORKS

Four steps. Minutes, not days.

01
Scan your repo
Point the analyzer at any agent codebase. It reads your tool definitions, schemas, and implementation files.
02
Analyze findings
Static rules check for validation gaps, missing retry logic, observability holes, and guardrail issues.
03
Generate report
Get a prioritized report with a Production Readiness Score and SARIF/JSON/human-readable output.
04
Improve & harden
Fix the highest-risk issues first and keep the same checks running in CI.
QUICKSTART

Up and running in seconds

brew install trustabl/tap/trustabl
Scan
$ 
trustabl scan ./path/to/agent-repo
# local repo
$ 
trustabl scan https://github.com/org/repo
# remote repo
$ 
trustabl scan ./repo --format json
# JSON output
$ 
trustabl rules pull
# update rules

Also available as a GitHub Action · Direct binary download

PRODUCT ROADMAP

Starting with open source. Growing into a full platform.

Trustabl Agent Analyzer is the trustworthy foundation. We're shipping production hardening capabilities throughout 2026.
Now
Trustabl Agent Analyzer
OPEN SOURCE
Static analysis, rule-based detection, scoring, SARIF/JSON/human output, GitHub Action ready. Available today on GitHub.
Jun 2026
Auto-Fix + OpenShell Features
COMING SOON
Automated remediation suggestions and OpenShell risk surface analysis and hardening.
Q3 2026
Auto-Enrich
LLM-powered enrichment of findings with deeper context, examples, and custom policy alignment.
WHY OPEN SOURCE

Why we're shipping open source first

01
Trust through transparency
Every rule is auditable, forkable, and improvable by the community. No black boxes — see exactly what we check and why.
02
Set the standard early
Establish the de-facto standard for agent reliability analysis before adding paid layers. The community shapes the foundation.
03
No gatekeeping
Every AI engineer and platform team can start hardening agents immediately. Reliability tooling shouldn't be locked behind a paywall.

Ready to make your agents production-grade?

Start with Trustabl Agent Analyzer today. The rest of the platform is coming soon.
Questions? Reach out on GitHub Discussions or join our waitlist for early platform access.