Skip to content

kutcode/trustreply

BranchesTags

Repository files navigation

TrustReply

TrustReply is an open-source platform for automating questionnaire responses. It helps teams answer vendor, security, compliance, privacy, due-diligence, and operational questionnaires by reusing approved answers from a knowledge base, matching them semantically, filling supported document formats, and routing missing answers into a human-review workflow.

Why TrustReply

Teams answering questionnaires often repeat the same work across many files and many slightly different document layouts. TrustReply is built to reduce that repetition without pretending every answer should be fully autogenerated.

The product approach is:

  • reuse trusted answers from a curated knowledge base
  • fill documents automatically where confidence is high
  • flag missing or uncertain questions for review
  • learn from resolved questions over time

What It Does

  • Upload .docx, .pdf, and .csv questionnaires
  • Parse tables, row-block layouts, paragraphs, CSV grids, and several document profile variants
  • Match questions against a Q&A knowledge base using sentence-transformer embeddings
  • Optionally run a two-stage AI agent workflow (Research Agent + Fill Agent) for context-aware answers
  • Write answers back into supported documents while preserving formatting where possible
  • Group repeated flagged questions so teams answer them once instead of many times
  • Export unresolved flagged questions as a simple category,question,answer CSV
  • Import completed CSVs back into the knowledge base
  • Sync flagged questions against newly imported knowledge-base answers
  • Run bulk uploads with batch summaries and downloadable batch ZIP outputs
  • Troubleshoot difficult files by comparing parser profiles before retrying
  • Run optional AI troubleshooting analysis with root-cause hints and trace logs

Primary Use Cases

TrustReply is useful anywhere a team repeatedly answers structured questionnaires:

  • Security reviews and SIG-style questionnaires
  • Vendor and third-party risk assessments
  • Privacy and data-handling questionnaires
  • Business continuity and disaster recovery assessments
  • Procurement and due-diligence packets
  • Internal operations and compliance forms

More examples are documented in docs/USE_CASES.md.

Product Workflow

  1. Add approved Q&A pairs to the Knowledge Base.
  2. Upload one file or a batch of questionnaire documents or CSV questionnaires.
  3. TrustReply parses the document and matches questions to known answers.
  4. Optional agent mode can research context, fill unresolved answers, and flag uncertain prompts.
  5. Review auto-filled answers in the inline review queue with confidence scores.
  6. Edit or approve answers, then finalize and download the completed document.
  7. Unresolved questions are grouped in the Flagged Questions queue.
  8. Export missing questions as CSV, fill in answers, and re-import them.
  9. Sync flagged questions with the updated knowledge base.

Key Features

  • Knowledge Base Management: CRUD, categories, search, CSV/JSON import/export, duplicate detection
  • Semantic Matching: embedding-based question matching for paraphrased prompts
  • Confidence Score Visibility: per-answer confidence badges (green/yellow/red) so reviewers focus on low-confidence answers
  • Answer Review Queue: inline review table after processing — approve, edit, or override any answer before downloading
  • Finalize & Download: regenerate the output document with edited answers after review
  • AI Agent Mode: default agent mode with contextual research/fill workflows
  • Provider Model Discovery: Settings can pull model dropdown options directly from OpenAI and Claude APIs
  • Test Connection: verify AI provider credentials from the Settings page
  • Agent Instruction Presets: built-in and custom instruction presets for common answering styles
  • Parser Profiles: multiple layout strategies for document and CSV questionnaire structures
  • Troubleshooting: compare parser profiles plus optional AI diagnostics and trace output
  • Human-in-the-loop Review: grouped flagged questions, resolution flow, and KB sync
  • Batch Processing: upload up to 50 files in one batch, track per-file results, and download ZIP outputs
  • Confirmation Dialogs: styled confirmation modals for destructive actions (delete, bulk dismiss)
  • Review Placeholders: unresolved items are visibly marked in outputs instead of silently left blank

Architecture

Layer Technology
Frontend Next.js / React
Backend FastAPI
Database SQLite + SQLAlchemy
Document Parsing python-docx, pdfplumber
Semantic Matching sentence-transformers (all-MiniLM-L6-v2)
Styling Vanilla CSS

Repository Layout

backend/     FastAPI app, parser/matcher/generator services, tests, scripts
frontend/    Next.js app
test-data/   sample documents and generated stress-test corpora
docs/        product and contributor documentation

Local Development

Backend

cd backend
python -m venv venv
source venv/bin/activate
pip install -r requirements.txt
uvicorn app.main:app --reload --port 8000

Frontend

cd frontend
npm install
npm run dev

Open http://localhost:3000.

Docker

docker compose up --build

This starts:

  • frontend on http://localhost:3000
  • backend on http://localhost:8000

Agent Mode Setup

Agent mode is optional and disabled by default.

Set these backend environment variables to enable it:

QF_AGENT_ENABLED=true
QF_AGENT_PROVIDER=openai
QF_AGENT_API_BASE=https://api.openai.com/v1
QF_AGENT_API_KEY=your_api_key
QF_AGENT_MODEL=gpt-4.1-nano
QF_AGENT_DEFAULT_MODE=agent

Optional tuning:

QF_AGENT_TIMEOUT_SECONDS=45
QF_AGENT_MAX_QUESTIONS_PER_CALL=20
QF_AGENT_MAX_CONTEXT_CHARS=6000

Notes:

  • Supported providers in Settings: OpenAI API and Claude API (Anthropic).
  • Parser profiles are still used to anchor exact question/answer placement in output documents.
  • Configure provider/base URL/model/key in the Settings page (keys are persisted in backend env settings).

Claude API (Anthropic)

TrustReply also supports native Claude API settings:

QF_AGENT_PROVIDER=anthropic
QF_AGENT_API_BASE=https://api.anthropic.com/v1
QF_AGENT_API_KEY=your_anthropic_api_key
QF_AGENT_MODEL=claude-3-5-haiku-latest
QF_AGENT_DEFAULT_MODE=agent

Docker quick-start without saving your key in source:

export OPENAI_API_KEY=your_api_key
export QF_AGENT_ENABLED=true
docker compose up --build

Example Data

The repository includes example content under test-data, including:

  • starter knowledge-base CSVs
  • example questionnaire files
  • generated parser stress-test corpora for DOCX and CSV uploads

Current Limitations

  • PDF handling is more limited than DOCX write-back
  • CSV support is designed for tabular questionnaire layouts rather than arbitrary spreadsheet-style workbooks
  • scanned PDFs still need OCR support for best results
  • parser coverage is good for many common layouts, but not every possible enterprise form
  • the current default database is SQLite, which is ideal for local use and prototypes but not long-term multi-tenant production

Open Source

TrustReply is released under the MIT License. That means other developers can use, modify, and distribute the software under the terms of that license.

Maintainers still control what gets merged into the official upstream project. If you want to contribute improvements back to the main repository, please follow CONTRIBUTING.md.

Contributing

Issues, fixes, parser improvements, UX improvements, and new document-layout support are all welcome.

About

Open-source questionnaire response automation platform for vendor, security, privacy, compliance, and due-diligence workflows.

Topics

nextjs compliance fastapi security-questionnaires vendor-risk questionnaire-automation

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages