Open-source AI Agent Trust Registry
hvtracker.net ranks open-source AI agents by evidence-weighted trust signals, not GitHub hype.
HVTracker tracks 172 active agents across 14 categories and publishes public, machine-readable trust data for each project: activity, adoption, transparency, supply-chain safety, identity, provenance, evidence grade, and rank movement.
The core question is simple:
Which open-source AI agent projects look active, adopted, transparent, and verifiable right now?
HVTracker v2 ships the refreshed public site, premium agent profile analysis UI, corrected HVTrust v3.1 weighting, normalized license detection for cached repositories, and updated social link preview card.
- Browse the live trust registry: hvtracker.net
- Compare agents side by side: hvtracker.net/compare
- Read category comparison guides: hvtracker.net/blog
- Use the public API: hvtracker.net/data/latest.json
- Embed live trust badges in project READMEs
- docs/README.md - repo docs index
- docs/open-core.md - public/private product boundary
- docs/AI_HANDOVER.md - implementation handover for coding agents
- docs/launch-v1.md - launch and distribution notes
- 172 active open-source AI agent projects
- 14 curated categories
- 12 staggered refresh batches per day
- 12h full refresh cycle
- 90-day per-agent history where available
- 184 JSON feed items across agents and comparison guides
- Railway-hosted site with a small FastAPI edge and generated public pages/data
Newly submitted agents are listed quickly using a pending-only refresh path, then normal cron jobs keep signals fresh.
Most AI agent directories are either manual lists or popularity rankings. Stars can tell you what is visible. They do not tell you whether a project has maintainers, a license, package provenance, signed commits, OSSF Scorecard data, or recent activity.
HVTracker combines curation with independently checkable public evidence. The default rank is HVTrust, a 0-100 score designed to reward verifiable trust signals and penalize thin evidence.
HVTrust = gate(
confidence x [ Safety(25) + Identity(18) + Transparency(17)
+ Maintenance(20) + Adoption(20) ]
- penalties
)
| Dimension | Max | What it measures |
|---|---|---|
| Safety / Integrity | 25 | OSSF Scorecard, package provenance, signed commits |
| Identity / Provenance | 18 | Verified listing status and build provenance |
| Transparency | 17 | License and OSSF transparency checks |
| Maintenance | 20 | Freshness and recent commit activity |
| Adoption | 20 | Log-scaled, capped stars and package downloads |
Confidence is based on present vs applicable signal types. Thin evidence limits how high an agent can rank, even if it is popular.
Read the full methodology: hvtracker.net/methodology
Each agent also receives an evidence grade so readers can separate score from evidence depth.
| Grade | Meaning |
|---|---|
| A | Broad independent signal coverage |
| B | Strong public evidence with some gaps |
| C | Basic public evidence |
| D | Mostly GitHub-only or thin evidence |
HVTracker is not a security certification. Missing provenance, Scorecard, or signature data can mean a signal is unavailable, not that a project is unsafe.
| Category | Count |
|---|---|
| Agent Frameworks | 58 |
| Coding Agents | 26 |
| Memory & Knowledge | 20 |
| Browser & Computer Use | 15 |
| Workflow Platforms | 13 |
| Observability & Evaluation | 12 |
| Research & Data | 8 |
| Security & Guardrails | 6 |
| LLM Gateways & Infra | 4 |
| Protocols & Tool Integration | 4 |
| Multi-Agent Systems | 3 |
| Robotics & Embodied | 1 |
| Voice & Conversational | 1 |
| Sandboxes & Runtimes | 1 |
The public dataset is licensed under CC BY 4.0. CORS is open for public endpoints.
| Endpoint | Description |
|---|---|
/data/latest.json |
Current public trust registry snapshot |
/data/agents/{slug}.json |
Per-agent record with history, events, and trust credential |
/data/build_report.json |
Build integrity report |
/data/signals/scorecard.json |
OSSF Scorecard signal cache |
/data/signals/provenance.json |
Package provenance signal cache |
/feed.json |
JSON Feed with agents and comparison guides |
/llms.txt |
LLM-readable project summary and key links |
Listed projects can embed live HVTrust and evidence-grade badges.
[](https://hvtracker.net/agents/<slug>/)
[](https://hvtracker.net/agents/<slug>/)Example:
[](https://hvtracker.net/agents/dify/)
[](https://hvtracker.net/agents/dify/)The exact snippet is shown on every agent profile page.
HVTracker uses an open-core model.
- Public: methodology, specs, curated registry entries, current trust scores, public profiles, correction flow, and the public data API.
- Private later: hosted alerts, watchlists, extended history, team workflows, and higher-volume API access.
The code in this repository remains under the repo's existing MIT license. Public registry data remains licensed under CC BY 4.0. The brand, hosted service, private enrichment, and future enterprise workflows are not implicitly included in that public-data license.
Read docs/open-core.md before widening the public API or changing what gets stored internally.
HVTracker publishes crawlable, data-backed comparison pages:
- Category pages:
/categories/<category>/ - Agent comparison pages:
/compare/<agent-a>-vs-<agent-b>/ - Blog comparison guides:
/blog/<category>-top-agents/
These pages are generated from the current registry data, included in sitemap.xml, and linked from feed.json and llms.txt.
agents.json ──┐
├──> fetch_and_build.py ──> index.html
history/ ───┤ agents/<slug>/index.html
scorecard- ───┘ data/latest.json
cache.json data/agents/<slug>.json
fetch_and_build.pyreads curated agents fromagents.json.- Public APIs are fetched in parallel where safe and serially where rate limits require it.
- HVTrust scores, evidence grades, rank deltas, trust breakdowns, and events are computed.
- Static pages, JSON endpoints, badges, specs, feed files, sitemap, and build reports are generated.
- Railway serves the generated site from a persistent volume and refreshes it on a 2-hour cadence.
python fetch_and_build.py # full refresh
python fetch_and_build.py --batch 1/6 # one staggered batch
python fetch_and_build.py --pending-only
python fetch_and_build.py --render-only--pending-onlyrefreshes newly listed agents without running a full batch.--render-onlyrebuilds pages from cached render state without API calls.
git clone https://github.com/YugantM/hvtracker.git
cd hvtracker
pip install -r requirements.txt
export GITHUB_TOKEN=$(gh auth token) # or a personal access token
python fetch_and_build.py --render-only
python3 -m http.server 4173Open http://127.0.0.1:4173.
Production runs on Railway with:
- FastAPI for health, API, forms, and dynamic badge routes
- Generated site output stored on a persistent volume
- A 2-hour scheduler that refreshes one leaderboard batch per run
Use the agent listing issue template.
A listed project should be:
- A public, non-archived GitHub repository
- Related to AI agents or agent infrastructure
- Active within the last 12 months
- Not already listed
Include the canonical repository, preferred display name, category suggestion, package names, and any correction details.
- Trust Credential v0.1
- Methodology v2.0
- Eligibility v1.0
- Listing v0.1
- Data Schema v0.1
- Provenance v0.1
- Build Report v0.1
hvtracker/
├── fetch_and_build.py # Core build, scoring, and rendering
├── template.html # Main registry template
├── templates/ # Agent, category, blog, compare, and spec templates
├── agents.json # Curated agent registry
├── specs.py # Specification content
├── scan_scorecards.py # Weekly OSSF Scorecard scan
├── discover_agents.py # Weekly discovery scan
├── docs/ # Launch, research, and operating docs
├── data/ # Generated public data endpoints
├── agents/ # Generated per-agent pages
├── badge/ # Generated SVG badges
└── blog/ # Generated and static articles
The public data is licensed under CC BY 4.0. Review docs/open-core.md before changing the public/private data boundary for a future company-backed edition.