3
3 Comments

Built a compliance layer for AI agents — logs every tool call, masks PII, holds risky actions for approval

Most teams deploying AI agents focus on what the agent can do.
Few think about what happens when it does something it shouldn't.

Built Trustloop, it sits between your agents and the actions they take.
Before any tool call executes, it gets logged, checked against your
rules, and either cleared or held for a human to review.

What it does:

  • Full audit trail of every agent action, anchored to blockchain
  • Automatic PII masking before data leaves the agent
  • Plain-English governance rules (block file deletions,
    flag transfers over £1,000)
  • Drop in proxy for OpenAI, Anthropic, Gemini, no code changes needed
  • Works with LangChain, CrewAI, n8n out of the box
  • Browser extension for shadow AI, logs what employees type into
    ChatGPT, Claude.ai, Gemini (Mozilla, Chrome)

Built this because the gap between 'we use AI agents' and 'we can
audit what our agents did' is where most compliance teams are sitting
right now.

Still early, if you are running agents in production and thinking about
governance, I would genuinely like to hear what your biggest concern is. Also happy to give free access to anyone who wants to try it and share
feedback. Drop a comment or reach out at [email protected]

www.trustloop.live

on July 2, 2026
  1. 1

    you asked for the biggest concern — the shadow-AI browser extension is it. the moment you log everything employees type into ChatGPT/Claude, that store becomes a bigger PII honeypot (and in the EU a works-council + GDPR problem) than the agents you're governing. it needs the strictest retention and access controls of anything in the system. also, gently: "anchored to blockchain" reads as marketing — a hash-chained append-only log, where each entry signs the previous hash, gives you the same tamper-evidence without the dependency. what does the chain buy you that a signed hash chain doesn't? solid space though, this is becoming table stakes fast.

  2. 1

    AI governance is the right category, but early users usually won’t adopt a control layer just because the category is important.They usually care when one specific risk is already blocking deployment, procurement, customer security review, or internal approval.So the sharper question may be:What risk would make you uncomfortable putting an agent into production?The signal I’d look for is not whether people say PII masking, audit logs, approvals, or kill switches sound useful.
    It’s whether a team can point to a real workflow where:

    • an agent is already making tool calls in production or an internal workflow
    • deployment was paused because of compliance, security, customer review, or governance concerns
    • there was a recent action that felt too risky to let the agent run automatically
    • they would be willing to connect one concrete agent workflow to TrustLoop as a test

    That would probably tell you which governance feature matters first.Without that, “AI governance” may be correct but still too broad. The first wedge is likely the specific risk that stops a real team from shipping agents safely.

  3. 1

    What stood out to me is that you're not treating compliance as logging after the fact—you’re treating it as a control layer before execution. That shift matters. Most “AI governance” tools are forensic. This is closer to runtime decision gating. The real test will be how often teams actually allow humans to intervene vs defaulting back to automation when things get noisy.

Trending on Indie Hackers
I sold $6,773 in 2 weeks, with almost no existing community. User Avatar 56 comments The hardest part isn't building anymore User Avatar 45 comments Ferguson is LIVE on ProductHunt today... so I audited their homepage first! User Avatar 37 comments Why Remote Teams Stop Talking (And Don't Even Notice It) User Avatar 33 comments Built a local-first Amazon profit-by-SKU + QuickBooks/Xero journal tool. Looking for founding users. User Avatar 29 comments Before you build another feature, use this workflow User Avatar 26 comments