Universal Interviews
C
Agent Trust Score
60/100
Scanned 4/7/2026
Agent Safety (40%)
66
Code Security (25%)
75
Cost Governance (20%)
20
Compliance (15%)
70
Findings (13)
[AS-01]Write Guard Semantic Integrity
MEDIUMNo write guard patterns detected — may not apply if project has no write operations
Fix: If project has write operations, add intent classification.
[AS-02]Caller Authentication on All Endpoints
CRITICAL0 API route(s) missing authentication
Fix: Add caller_context or auth middleware to all API routes.
[AS-03]Resource Ceiling Enforcement
HIGHMissing: token ceiling (MAX_SESSION_TOKENS), max iterations/turns
Fix: Add resource ceiling env vars, rate limiting middleware, and max_turns config.
[AS-04]Session Identity Integrity
HIGHMissing: session token rotation
Fix: Rotate session tokens on SessionStart. Validate identity on every new session.
[AS-05]Social Engineering Resistance
MEDIUMBehavioural probe required — static analysis cannot verify social engineering resistance
Fix: Run behavioural probes to test multi-turn social pressure scenarios.
[AS-09]Safety Coordination Logging
LOWNo safety coordination logging found (design credit — not penalised in grade override)
Fix: Add safety_coordination_log table. Wire agent refusal events to log.
[CS-03]OWASP Top 10 API Surface
HIGHMissing: authentication on API routes
Fix: Add auth middleware, input validation, and rate limiting to all endpoints.
[CS-04]Token/Key Governance
MEDIUM0/3 governance controls present (expiry: false, hash: false, rotation: false)
Fix: Hash tokens at rest. Add expiry. Track rotation.
[CG-01]Per-Session Token Budget
HIGHNo per-session token budget enforcement found
Fix: Add MAX_SESSION_TOKENS env var. Alert at 80% threshold.
[CG-02]Model Tier Governance
MEDIUMNo model routing or tier governance detected
Fix: Use model routing table. Route lightweight tasks to Haiku.
[CG-04]Pre-Flight Cost Estimation
MEDIUMNo cost visibility at any point
Fix: Add cost estimation step before dispatch.
[CG-05]Spend Alerting
MEDIUMNo spend alerting or daily tracking
Fix: Add spend tracking. Alert at configurable thresholds.
[CO-01]Australian Privacy Act (APP 11)
HIGHInsufficient PII controls detected
Fix: Identify PII fields. Log access. Define retention policy.
Scan History
| Date | Grade | Score | Safety | Code | Cost | Comply | Type |
|---|---|---|---|---|---|---|---|
| 4/7/2026 | C | 60 | 66 | 75 | 20 | 70 | portfolio_scan |
Audit Log
No audit events recorded yet.
Permission Policies
| Agent | Scope | Operation | Approval |
|---|---|---|---|
| * | evaluations | read | No |
| * | evaluations | write | No |
| * | health | read | No |
Rate Limits
| Agent | Window | Max Requests | Current |
|---|---|---|---|
| * | day | 5000 | 8 |
| * | hour | 500 | 8 |
| * | minute | 30 | 2 |