What is the Fabric Trust Index?
The Fabric Trust Index is a free, public directory of trust scores for AI tools, models, MCP servers, and API services. Every service gets a composite score from 0.00 to 5.00 computed across six independently weighted signals: Vulnerability & Safety, Operational Health, Maintenance Activity, Adoption, Transparency, and Publisher Trust. Scores are auto-generated from public data sources—no provider registration required.
How are trust scores calculated?
Each service is evaluated across 23 sub-signals grouped into six dimensions. Sub-signals are collected from public sources like GitHub, npm, NVD, and uptime monitors. Each sub-signal is scored 0–5, weighted within its dimension, and the six dimension scores are combined as a weighted mean (Vulnerability 25%, Operational 15%, Maintenance 15%, Adoption 15%, Transparency 15%, Publisher Trust 15%), renormalized over evaluated signals only. Coverage gates determine the label: below 0.40 coverage means unverified, 0.40–0.60 triggers a low coverage caution label, and 0.60 or above with a score of 3.00 or higher earns a trusted label.
What do the status labels mean?
Services with coverage of 0.60 or above and a score of 3.00 or higher are labeled Trusted (low risk detected). Services with coverage between 0.40 and 0.60 are labeled Caution, low coverage (human review recommended). Services with coverage below 0.40 are labeled Unverified, meaning not enough data exists to produce a reliable score. These labels help AI agents and developers make quick decisions, but we recommend reviewing the full signal breakdown for context.
Is the Trust Index free?
Yes. The Trust Index website is completely free to browse and search. No account is required. We also plan to offer a free tier of the Trust API for programmatic access to scores. The Trust Index is the public-facing layer of Fabric’s broader infrastructure for AI agent trust and payments.
How often are scores updated?
Scores are recalculated daily. Critical signals like CVE advisories and uptime checks are monitored more frequently—CVEs every 5 minutes, health checks every 15 minutes. New services are discovered and scored automatically as they appear in public registries.
Can I claim or dispute a score?
Yes. Every service detail page has a “Report Issue” button. Publishers can also claim their service profile to unlock deeper evaluation and real-time monitoring. Trust scores are informational and auto-generated—they are not endorsements or guarantees. We welcome feedback to improve accuracy.
How does the API work?
The Fabric Trust API lets you look up trust scores programmatically. Send a GET request to https://api.fabriclayer.ai/lookup?slug=openai with your API key in the Authorization header. The response includes the composite score, status label, coverage ratio, and all six signal scores. Free tier allows 1,000 requests per month with no key required. Pro and Enterprise tiers unlock batch lookups, alerts, and higher rate limits.
What is the MCP server?
The Fabric MCP server lets AI assistants like Claude Desktop query trust scores directly during a conversation. When an agent considers using an external tool or service, it can call the MCP server to check the trust score before proceeding. Configure it in your Claude Desktop settings by pointing to the @anthropic/fabric-trust-mcp package. The server exposes a lookup tool that returns the same data as the REST API.
How does the GitHub Action work?
The Fabric Trust GitHub Action runs trust checks inside your CI/CD pipeline. Add it to any workflow to scan your dependencies or a list of services against the Trust Index on every push or pull request. If any dependency falls below your configured score threshold, the check fails and blocks the merge. This gives teams an automated gate that catches risky dependencies before they reach production.