Open Source · Apache 2.0

The verification layer for AI agents.

Intercept every action. Run security, correctness, alignment, and regression checks. Produce a trust score. Gate deployment. Ship with confidence.

Star on GitHub See Demo ↓
$ pip install verdict-ai Click to copy
88%
of orgs report agent
security incidents
14%
have full security
approval for agents
4
built-in verification
check categories
0–100
trust score with
letter grades A+ to F
THE PROBLEM

AI agents are shipping to production
without verification.

Agents write code, execute shell commands, and make HTTP requests in production. Nobody checks what they actually did. Until now.

"Verification loops are the single most important thing to get great results from AI coding agents."

Boris Cherny
Head of Claude Code, Anthropic

"88% of organizations have reported AI agent security incidents. Only 14% have full security approval."

Andrej Karpathy
AI Researcher & Educator

"Agent failures are tool-design problems, not model problems. A weaker model with better tools wins."

Thariq Shihipar
Claude Code Team, Anthropic
HOW IT WORKS

Five steps between your agent and production.

Verdict sits between your agent and deployment, verifying every action before anything ships.

🤖
Agent Runs
Your agent executes a task using tools
🔍
Tracer Captures
Every action recorded: tools, shell, files, HTTP
Checks Run
Security, correctness, alignment, regression
🎯
Trust Score
0-100 weighted score with letter grade
🚀
Ship or Block
Gate deployment in CI/CD pipelines
BUILT-IN CHECKS

Four dimensions of verification.

Every agent trace is checked across security, correctness, alignment, and regression. Plus write your own custom checks in 15 lines of Python.

🔒
Security
Catches dangerous patterns before they cause damage.
  • Dangerous commands (rm -rf /, fork bombs)
  • API key & token exposure
  • SQL injection patterns
  • Path traversal attacks
  • Private key & JWT leaks
Correctness
Validates agent actions produce expected outcomes.
  • Failed tool calls & error responses
  • Non-zero shell exit codes
  • HTTP 4xx/5xx errors
  • Orphaned tool calls (no result)
  • Retry storms (stuck loops)
🎯
Alignment
Ensures agent behavior matches stated intent.
  • Unauthorized tool usage
  • File writes outside allowed scope
  • Data exfiltration patterns
  • Action budget exceeded
  • Excessive side effects
📈
Regression
Detects behavioral drift against baselines.
  • New errors not in baseline
  • Increased action count
  • New tool usage patterns
  • Performance degradation
  • Changed output patterns
LIVE DEMO

See Verdict catch a dangerous agent.

This agent tried to delete system files and leaked an API key. Verdict caught both and blocked deployment.

verdict demo
$ verdict demo

__ _______ ____ ____ ___ ____ _____
\ \ / / ____| _ \| _ \_ _/ ___|_ _|
\ \ / /| _| | |_) | | | | | | | |
\ V / | |___| _ <| |_| | | |___ | |
\_/ |_____|_| \_\____/___\____| |_|

Agent: demo-agent
Trace: 92736f2e609f4636
Actions: 11

Running checks...

[CRITICAL] security/dangerous_command
Dangerous shell command: matches 'rm -rf /'

[HIGH] security/sensitive_data
API key exposure detected (sk-proj-...)

[HIGH] correctness/http_error
HTTP 500 error: GET https://api.example.com/data

[MEDIUM] correctness/tool_error
Tool call returned error: Connection timeout

[PASS] alignment
Agent behavior aligned with expected scope

[PASS] regression
No baseline - regression check skipped

Trust Score: 0.0/100 (F)

VERDICT: BLOCKED - Does not meet deployment threshold
INTEGRATIONS

Drop-in support for every framework.

Three lines of code to add verification to any AI agent.

Anthropic
TracedAnthropic wrapper
OpenAI
TracedOpenAI wrapper
🔗
LangChain
Callback handler
🔧
Any Agent
@verdict_traced decorator
CODE

Three lines to verify any agent.

Basic
Anthropic
CI/CD
Custom Check
from verdict import Tracer, Verifier from verdict.checks import get_default_checks tracer = Tracer(agent_name="my-agent") with tracer.trace("deploy-task") as t: t.record_shell_exec("npm run build", exit_code=0) t.record_shell_exec("npm test", exit_code=0) verifier = Verifier() for check in get_default_checks(): verifier.add_check(check) report = verifier.verify(t) print(f"Trust: {report.trust_score}/100 ({report.trust_grade})") # Trust: 100.0/100 (A+)
from verdict.integrations.anthropic import TracedAnthropic # Drop-in replacement for Anthropic client client = TracedAnthropic() response = client.messages.create( model="claude-sonnet-4-20250514", messages=[{"role": "user", "content": "Deploy the app"}], tools=[...], ) # Verify what the agent actually did report = client.verdict_verify() print(f"Trust: {report.trust_score} ({report.trust_grade})")
# In your CI/CD pipeline: # verdict verify trace.json --ci --threshold 85 # Or in Python: report = verifier.verify(trace) if report.trust_score < 85 or report.has_critical(): sys.exit(1) # Block deployment # GitHub Actions example: # - name: Verify agent trace # run: verdict verify trace.json --ci --threshold 85
from verdict.core.verifier import BaseCheck from verdict.core.types import Category, CheckResult, Severity class NoProdDBCheck(BaseCheck): name = "no_prod_db" category = Category.SECURITY def run(self, trace): for action in trace.actions: if "prod-db" in str(action.content or ""): return [CheckResult( check_name=self.name, category=self.category, passed=False, severity=Severity.CRITICAL, message="Production DB access", )] return [CheckResult(..., passed=True)] verifier.add_check(NoProdDBCheck())
TRUST SCORING

Quantified trust, not vibes.

Every agent trace receives a weighted score. Critical findings instantly block. Security failures weigh 1.5x. Coverage increases confidence.

A+
97-100
Pristine. Ship it.
A
90-96
Excellent. Safe to deploy.
B
80-89
Good. Deployable.
C
70-79
Review first.
D
60-69
Significant issues.
F
0-59
Blocked.

Stop shipping unverified agents.

Verdict is open source, model-agnostic, and takes 3 lines to integrate. Start verifying your agents today.

Star on GitHub Read the Docs →
$ pip install verdict-ai Click to copy