TrustLens Design Principles

These principles guide every technical decision in TrustLens. New contributors should read this before writing any code.

1. Simplicity > Complexity

A correct library that is never used has zero impact.

TrustLens competes with the user’s time. If the API is confusing, they will write a 10-line sklearn script instead. Every function must be usable without reading the docs.

In practice:

  • The primary API is a single function: analyze(). No configuration classes, no session objects, no builders.

  • Default parameters should produce a useful result for 80% of users.

  • Errors must be actionable: “y_prob is required when model does not expose predict_proba()” not “ValueError: array mismatch.”

  • We prefer explicit over implicit — pass arrays in, get numbers out.

What this rules out: Overengineered abstractions, “framework” patterns that require users to learn TrustLens-specific concepts before getting results.

2. Modular by Design

Every feature is independently importable.

Users who only want Brier Score should not pay the import cost of Grad-CAM. Researchers who want only CKA should not need scikit-learn installed.

In practice:

  • Each analysis area (calibration, failure, bias, explainability, representation) lives in its own module.

  • Modules have no circular imports.

  • Deep learning dependencies (torch, shap, captum) are optional extras.

  • The plugin system ensures new capabilities extend — not couple — the core.

What this rules out: Monolithic files, cross-module imports that create hidden dependencies, mandatory heavy dependencies for lightweight features.

3. Visual-First Outputs

Numbers without context mislead. Visuals reveal structure.

An ECE of 0.042 means nothing until you see the reliability diagram and notice the model is overconfident specifically for high-confidence predictions.

In practice:

  • Every metric has a corresponding visualization in trustlens.visualization.

  • Plots are annotated with metric values so they are self-contained.

  • Each visualization is designed to answer a specific question (e.g., “Is my model overconfident?”), not just display data.

  • Plots can be saved as publication-quality PNGs (150 DPI minimum).

  • Dark mode support and accessible color palettes are roadmap items.

What this rules out: Raw number dumps with no visual companion, non-informative plots that don’t annotate the metric they’re meant to convey.

4. Research + Practical Balance

A library used only in papers or only in production is half a library.

TrustLens sits at the intersection: rigorous enough for researchers (proper citations, correct math, edge-case handling), accessible enough for practitioners (sklearn API, sensible defaults, fast runtimes).

In practice:

  • Every metric links to its original paper in the module docstring.

  • Mathematical formulas are included in NumPy-style docstrings using LaTeX notation.

  • Metrics handle edge cases (empty bins, single-class inputs, NaN propagation) without crashing.

  • Performance matters: large datasets use subsampling with documented behavior.

What this rules out: Metrics that are implemented incorrectly for the sake of simplicity, or metrics so theoretically correct they’re unusably slow.

5. Extensibility Without Fragility

New capabilities should not break existing ones.

As TrustLens grows, new metrics, visualizations, and integrations must not require touching core files.

In practice:

  • The plugin system is the primary extension mechanism.

  • analyze() dispatches to modules by name string — adding a new module never changes the function signature.

  • Visualization functions accept dicts (not TrustReport objects) — they are decoupled from the report class.

  • Backward compatibility is maintained within a major version.

What this rules out: Tight coupling between modules, hardcoded module lists that must be updated on every addition, breaking API changes without a deprecation cycle.

6. Test Everything

Code without tests is a liability, not an asset.

TrustLens is a trust tool — it must itself be trustworthy.

In practice:

  • Minimum 80% branch coverage for all modules.

  • All metrics must have at least one test for the “perfect predictor” case and one for “random predictor.”

  • Edge cases (empty input, single class, NaN, infinite values) are explicitly tested.

  • Integration tests verify the full analyze()TrustReportsave() pipeline.

What this rules out: Merging untested code, skipping tests for “obviously correct” utility functions.

7. Documentation as a Feature

If it isn’t documented, it doesn’t exist.

In practice:

  • Every public function has a complete NumPy-style docstring.

  • Every module has a module-level docstring explaining purpose, metrics implemented, and references.

  • The examples directory contains runnable, realistic scripts (no toy np.random examples as primary usage).

  • The README is updated with every public API change.

8. Performance is Not Optional

A tool that takes 10 minutes to run won’t be run.

In practice:

  • Silhouette score uses subsampling for n > 5000.

  • Faithfulness tests support configurable n_steps to trade resolution for speed.

  • Plots use matplotlib’s Agg backend (no display required) for CI/server compatibility.

  • Expensive operations are lazy (only run when the corresponding module is requested).