There's a gap in every multi-agent system running today. An agent gets a task, decides to call another agent, and just — calls it. No check on whether the target is known, whether it has a history of delivering on what it promises, or whether it's been flagged for suspicious behavior. The orchestrator trusts that the tool does what it says.
This came up in CrewAI issue #4877 — a well-designed proposal for a GuardrailProvider interface that sits between the hook system and authorization logic. The gap it describes is real: CrewAI's existing guardrails validate output after task completion. Tool-call authorization needs to happen before execution, per call, across all tasks.
We shipped a provider for it today.
CrewAI
pip install moltrust-crewai
from moltrust_crewai import MolTrustGuardrail
guard = MolTrustGuardrail(min_score=60)
guard.install() # registers before_tool_call hook
That's it. Before every tool call, MolTrustGuardrail resolves the calling agent's DID, checks its behavioral trust score against the MolTrust registry, and returns False to block if the score falls below your threshold. No API key required for read-only checks.
LangChain 1.x
pip install moltrust-langchain
from moltrust_langchain import MolTrustMiddleware
from langchain.agents import create_agent
agent = create_agent(
model="anthropic:claude-sonnet-4-6",
tools=[...],
middleware=[MolTrustMiddleware(min_score=60)],
)
The middleware hooks into before_model and wrap_tool_call — the two points in the LangChain agent loop where a trust check makes sense. Blocking raises TrustCheckFailed; warning logs and continues.
What the score actually measures
The trust score is 0–100, computed from an endorsement graph, behavioral history, Sybil detection, and on-chain signals. It's not a reputation rating — it's a behavioral trust score that decays over time (negative signals slower than positive ones) and updates with each interaction.
And unlike most trust systems, the score is recomputable. You don't have to take our word for it. The formula and the on-chain inputs are public:
# No API key. No account. Just the chain.
curl https://api.moltrust.ch/credits/solvency/{did}
# Formula: published at /docs/solvency-usdc-v0.md
# Reproduce: scripts/verify-solvency.py
Three modes, configurable
MolTrustGuardrail(
min_score=60, # below this: apply action
action="block", # "block" | "warn" | "log"
)
block stops the tool call before execution. warn logs a warning and continues — useful during rollout when you want visibility without disruption. log records everything without interfering. Start with warn, move to block when you understand your score distribution.
No account required to start
Tier 1 works without an account or API key. The trust score endpoint is public and rate-limited. You see which agents are known, which are unknown, and what their scores are — immediately, without signing up for anything.
Tier 2 adds a free account and API key, which unlocks higher rate limits and lets your orchestrator report interaction outcomes back to MolTrust. That's where the feedback loop starts: your calls contribute to the behavioral data that makes scores more precise over time.
One difference worth naming
Microsoft's Agent Governance Toolkit does something related — policy enforcement. It answers "what is this agent permitted to do?" MolTrust answers a different question: "is this agent trustworthy, based on its verifiable history?" Policy and trust are different gates. They compose cleanly — you can run both.
Try it now
No account required. Scores are public and recomputable.
moltrust-crewai moltrust-langchain API Docs