Skip to content

Trust3 IQ Installation Guide

Trust3 IQ is a universal context engine that unifies enterprise knowledge — semantics, metrics, relationships, metadata, and governance rules — into a continuously updated model of business context, which when added to AI Agents makes them more accurate and reliable.

Note: Please ensure that you have received the docker-compose.yml from the Trust3 team and also have the credentials to connect to the Trust3 docker repository.

This getting started guide walks you through the

  • Installation steps for Trust3-IQ using Docker Compose.
  • Creation of an IQ Space from Snowflake data sources to build the enterprise context
  • Using the IQ Space via the Trust IQ’ MCP server in any AI Agent framework of your choice.

Before you begin

Ensure that you have access to Snowflake data warehouse and the database with the dataset.

Verify that Cortex is set up and configured to utilize its semantic layer for this data. Follow these instructions to create a semantic model (.yml) for your chosen database schemas.

Installation

Prerequisites

  • Docker and Docker Compose installed
  • API keys for OpenAI and Anthropic

Setup Environment

  1. Create a new directory for Trust3 IQ:

    Bash
    1
2
    mkdir trust3-iq
cd trust3-iq

  2. Download and Copy the docker-compose file:

    Bash
    1
    cp /path/to/docker-compose.yml .

  3. Create a new .env file with required API keys

    Bash
    1
2
    ANTHROPIC_API_KEY=<your-anthropic-key>
OPENAI_API_KEY=<your-openai-key>

  4. Login to docker hub

    Bash
    1
    docker login hub2.privacera.com -u <username> -p "<password>"

Start Trust3 IQ

Bash
1
docker-compose up -d

Verify Trust3 IQ is up and running

Bash
1
docker-compose ps

Access Trust3 IQ Portal

Once the service is running:

  1. Open your browser and navigate to: http://localhost:9000

  2. Login using the default credentials:

    • Username: admin
    • Password: welcome1

Create an IQ Space

IQ Spaces represent your governed enterprise context that unify data, business semantics, metrics and technical metadata into a single, AI-ready business context.

To create a new IQ Space

  1. Navigate to IQ Spaces from the portal
  2. Give a name and description for the IQ Space
  3. Choose a data source or create a new one (see section on how to below)

  4. Choose database and schema(s) datasource_schema.png

  5. Add the cortex semantic model that you may have generated in the beginning. If you do not see a semantic.yml file, please make sure that you have created it under the chosen schema. cortex_semantic_model.png

  6. Verify and Finish to create a new IQ Space finish_create_space.png

Depending on the data set, it will take a few minutes to build the IQ Space with all the relevant business and technical context. Once it is successfully created, it will be ready to ask questions and/or integrate into your AI Agents.

Adding Datasources

Add a connection to Snowflake by providing the following information:

  1. Connection Name: Give a name for the connection
  2. Account Identifier: The preferred account identifier consists of the name of the account prefixed by its organization (e.g. myorg-account123). You can also use the Snowflake-assigned locator as the account identifier.
    • For example - MYACCOUNT in this screenshotaccount_identifier.png

  3. Authentication Method: There are 2 types of authentication supported

    1. Username / password

      • Username: The Snowflake username used to log in
      • Password: The password associated with the specified username

    2. Certificate (Key-Pair Authentication): Snowflake key-pair authentication requires a private and public key pair, which can be generated using openssl. After generating the keys, you must grant the necessary permissions to the user and set the RSA_PUBLIC_KEY for that user in Snowflake. Here is documentation link Snowflake Key-pair authentication and key-pair rotation

      • Private key: The RSA private key used for key-pair authentication. This key should correspond to the public key configured in Snowflake (RSA_PUBLIC_KEY). It must be kept secure and never shared publicly.
      • Private key passphrase (optional): The passphrase used to decrypt the private key, if it was encrypted during key generation. Leave this field empty if your private key is not encrypted.

  4. Role: The role to use for the connection. It should have READ permissions to be able to read the various databases and schemas in your data warehouse and run queries.

  5. Warehouse: Name of the Snowflake warehouse

Test your IQSpace with AskIQ

Once you have created your IQSpace, head over to AskIQ to ask questions about your data.

  1. Describe the current IQ space: This will simply describe your IQ space with the type of data and the business context that is in the space. You can use this to ask questions related to that space. For example, here it is a sales domain describe_iq_space.png

  2. With IQ, you can ask a variety of deep questions related to the domain. For example in the Sales Space, I can ask deeper questions about the customer orders, revenue and even draw insights about their purchase behaviours and profitability analysis.

Q1: Which customers have consistently increased their purchase volume YoY?

Insights

insights_question_with_iq.png

SQL Query

sql_query_from_iq.png

Results

results_from_iq.png

Logs and Monitoring

After starting Trust3 IQ, a logs directory is automatically created in your Trust3 IQ installation folder with the following structure:

Text Only
1
2
3
4
trust3-iq/
├── logs/
    ├── iq-agent/   # IQ Agent service logs
    └── iq-portal/  # Web portal logs

Note: These log files are valuable for monitoring and troubleshooting. Each component writes its logs to its respective directory, making it easy to debug specific parts of the system.

You can monitor logs in real-time using:

Bash
1
2
3
4
5
# For iq-portal logs, 
tail -f logs/iq-portal/app.log

# For iq-agent logs,
tail -f logs/iq-agent/app.log

Stop Trust3 IQ

Bash
1
docker-compose down