Kira

Agent Trust Score

58/100

Scanned 4/7/2026

Agent Safety (40%)

Code Security (25%)

Cost Governance (20%)

Compliance (15%)

Findings (14)

[AS-01]Write Guard Semantic Integrity

MEDIUM

No write guard patterns detected — may not apply if project has no write operations

Fix: If project has write operations, add intent classification.

[AS-02]Caller Authentication on All Endpoints

CRITICAL

0 API route(s) missing authentication

Fix: Add caller_context or auth middleware to all API routes.

[AS-03]Resource Ceiling Enforcement

HIGH

Missing: max iterations/turns

Fix: Add resource ceiling env vars, rate limiting middleware, and max_turns config.

[AS-04]Session Identity Integrity

HIGH

Missing: session token rotation and identity re-validation

Fix: Rotate session tokens on SessionStart. Validate identity on every new session.

[AS-05]Social Engineering Resistance

MEDIUM

Behavioural probe required — static analysis cannot verify social engineering resistance

Fix: Run behavioural probes to test multi-turn social pressure scenarios.

[AS-09]Safety Coordination Logging

LOW

No safety coordination logging found (design credit — not penalised in grade override)

Fix: Add safety_coordination_log table. Wire agent refusal events to log.

[CS-04]Token/Key Governance

MEDIUM

2/3 governance controls present (expiry: true, hash: true, rotation: false)

Fix: Hash tokens at rest. Add expiry. Track rotation.

[CG-01]Per-Session Token Budget

HIGH

No per-session token budget enforcement found

Fix: Add MAX_SESSION_TOKENS env var. Alert at 80% threshold.

[CG-02]Model Tier Governance

MEDIUM

No model routing or tier governance detected

Fix: Use model routing table. Route lightweight tasks to Haiku.

[CG-03]Parallel Agent Budget Control

MEDIUM

Parallel agent patterns found but no concurrency or budget limits

Fix: Add MAX_AGENTS_CONCURRENT. Add per-session cost budget.

[CG-04]Pre-Flight Cost Estimation

MEDIUM

No cost visibility at any point

Fix: Add cost estimation step before dispatch.

[CG-05]Spend Alerting

MEDIUM

No spend alerting or daily tracking

Fix: Add spend tracking. Alert at configurable thresholds.

[CO-01]Australian Privacy Act (APP 11)

HIGH

PII handling: yes, Retention: no, Access logging: yes

Fix: Ensure all PII access is logged with retention policy.

[CO-04]Data Residency

MEDIUM

No data residency documentation or AU region configuration found

Fix: Document data storage locations. Ensure AU data stays in AU Supabase region.

Scan History

Date	Grade	Score	Safety	Code	Cost	Comply	Type
4/7/2026	C	58	61	93	0	70	portfolio_scan

Audit Log

No audit events recorded yet.

Permission Policies

No policies configured.

Rate Limits

No rate limits configured.