Verifying the integrity of multi-component cyber and cyber-physical systems remains a crucial and necessary precondition for trust. The edge components of such systems, those that interact directly with the user or physical world, are typically resource-constrained - with minimal CPU, memory, and power - and do not support traditional mechanisms for trustworthy integrity verification. Yet the integrity of all components of a system, including resource-constrained edge devices, is essential to guard against compromise and to ensure user confidence. In this paper we present IoTA, an extensible, open source, agent-based framework for trustworthy runtime integrity verification on resource-constrained platforms. We define IoTA's system architecture, compare it with existing integrity measurement frameworks, and discuss the necessary trade-offs to achieve trust within these constraints. Further, we present a prototype implementation of IoTA to explore both the feasibility and impact of agent-based measurement.