--- title: TrustStack Console emoji: 🌍 colorFrom: yellow colorTo: purple sdk: gradio sdk_version: 6.2.0 app_file: app.py pinned: false license: other short_description: infrastructure, not a toy. thumbnail: >- https://cdn-uploads.huggingface.co/production/uploads/685edcb04796127b024b4805/05XC45vRZzru1-cBEWeVN.png --- # RFTSystems — TrustStack Console I don’t do “trust me”. I do receipts. **TrustStack Console** is a single, clean demo of what “agent infrastructure” should look like when you care about auditability, integrity, and cost control. It combines durable local memory, fast retrieval, tamper-evident logging, per-turn receipts, verification, guardrails, trace artifacts, and one-click audit exports. Space: https://huggingface.co/spaces/RFTSystems/TrustStack_Console --- ## What this is Most agent stacks can store chat logs. That is not the problem. The problem is **provable influence**: - What memory did the agent actually retrieve? - What evidence influenced the output? - Can you prove the record wasn’t edited after the fact? - Can you export a defensible audit bundle? TrustStack answers those questions with: - **Append-only ledger** (events stored as JSONL) - **Hash chain integrity** (tamper-evident session history) - **SQLite FTS retrieval** (fast lexical recall, no embeddings required) - **Per-turn Memory Receipts** (downloadable proof of retrieval + hashes) - **Receipt verification** (pass/fail) - **Receipt-gated tool execution** (guardrails) - **Trace export** (OTel-style trace artifact JSON) - **Audit pack export** (ZIP bundle of ledger + receipts + integrity summary) - **Token budget calculator** (why fixed retrieval beats replaying history) --- ## How it works (in plain terms) 1. Every message becomes an **event** appended to the session ledger. 2. Each event is hashed (`digest`) and chained to the previous event (`chain_hash`). 3. Retrieval uses **SQLite FTS5** over stored text. 4. Every assistant turn produces a **receipt** containing: - the query - the retrieved event slices - each slice’s digest + chain hash - prompt hash + response hash 5. Receipt verification checks that all referenced events exist and that hashes match the stored ledger. If someone edits history, the chain breaks. Verification fails. Loudly. --- ## Tabs ### Investor Demo One click, full story: store → retrieve → override → generate receipt → verify → export trace → export audit pack. ### Chat Live interaction. Stores every turn, retrieves relevant memory slices, generates receipts. ### Verify Receipt Upload a receipt JSON and get a pass/fail integrity check. ### Guardrails A tool call is blocked unless a supplied receipt verifies. This demonstrates “execution only when evidence checks out”. ### Trace Export Each turn produces an OTel-style trace JSON artifact showing what was retrieved and what hashes were produced. ### Audit Pack One-click ZIP export: ledger + receipts + integrity summary. ### API Playground JSON-in / JSON-out “tool style” calls (write, search, verify, export) for developers. ### Token Budget Shows why fixed retrieval budgets scale better than replaying full history. --- ## Quick demo prompts (copy/paste) 1) Store facts: - `Store these exactly: Dog=Nova, City=Manchester, Drink=Pepsi Max.` 2) Recall: - `What is my dog's name?` - `What city did I say?` 3) Override: - `My drink is Coke Zero now. This overrides earlier.` - `What is my favourite drink?` 4) Search: - `Search for: Nova` - `Search for: Manchester` Then: - Download the receipt JSON - Upload it into **Verify Receipt** - Edit one character inside the receipt and verify again (it should fail) That pass/fail behaviour is the point. --- ## API Playground examples ### memory.write ```json { "role": "user", "text": "Store this: Dog=Nova, City=Manchester." } memory.search json Copy code { "query": "Nova", "k": 8 } receipt.verify Paste the full receipt JSON under: json Copy code { "receipt": { ... } } audit.export json Copy code {} Persistence By default the store uses: var/rftmem (relative path) You can set a base directory with: RFT_MEM_BASE=/your/persistent/path On hosted environments, persistent storage is what turns this into genuine “restart continuity”. Run locally bash Copy code pip install -U gradio python app.py Then open the printed local URL. Why this matters If you’re building agents for real users, you need more than “it usually works”: Debuggability: show exactly what influenced a decision. Safety: block actions unless evidence verifies. Compliance readiness: export a bundle you can actually defend. Cost control: retrieve a fixed budget instead of replaying history forever. TrustStack is a working demo of that philosophy: memory you can audit, not memory you’re told to believe. Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference