Connect Agent · SDK · MCP · Runtime Shield

Block risky AI agent actions before they execute

Sanctum is the runtime trust boundary for OpenAI, Claude, Gemini, MCP, LangChain, robots, and workflow agents: verify tool calls, pause for human approval, issue signed action tokens, and keep evidence when something changes the world.

OpenAI · Claude · Gemini · DeepSeek · QwenMCP · SDK · proxy gatingMobile approvals · audit evidence

The problem

AI can think. But can you trust it?

Cloud dependence

Robots that can't think without a server can't be trusted in the field.

Remote hijacking

Open APIs and unverified prompts give attackers a direct line to motors.

Unsafe actions

Models hallucinate. In a physical world, hallucinations break things — or people.

Prompt injection

A single poisoned input can override safety constraints across an entire fleet.

Privacy exposure

Sensors stream private data to third-party clouds with no enforced boundary.

The solution

The runtime layer for trusted autonomy

Action Firewall

Every high-stakes action is intercepted, evaluated against policy, and approved, verified, or blocked — before execution.

Local Cognition

Run inference and policy locally with Ollama, llama.cpp, or your own models. Sovereign by default. Cloud-optional.

Behavioral Monitoring

Detect anomalous prompt chains, escalation attempts, and suspicious remote inputs in real time across your fleet.

Start in 5 minutes

Go live with one protected AI action today

  1. Register an agent or choose Connect Agent proxy
  2. Save one provider key or install the SDK
  3. Mark a high-risk tool as Verify or Block
  4. Approve, deny, or audit the first real action

Open console · Read quickstart docs

Pilot path

Prove agent safety with one real action

Pick a high-impact tool call, run it through Sanctum, and show the exact moment the system verifies, holds, blocks, or approves execution. It is the fastest way to move from “we have guardrails” to enforceable runtime control.

Choose one action to protect

Start with the tool call your team cannot afford to let run unchecked: email, money movement, production writes, secrets, or physical access.

Route it through Sanctum

Use Connect Agent for the fastest proxy path, or the SDK/adapters when you want deeper control inside your runtime.

Execute only with proof

Sanctum records the decision, shows the approval context, and can issue a signed action token before the executor runs.

Choose your path

Start where your team is today

Agent Startup

Launch with visible action controls before customers trust your agent with data, money, or production.

Run the safety pilot

Platform / AI Engineer

Use Connect Agent for no-SDK proxy gating, or keep the SDK and adapters for deeper runtime ownership.

Open quickstart docs

Security / Compliance

Turn agent activity into approval evidence, source-trust history, policy replay, and incident response.

Review plans

Architecture

Between reasoning and execution

Operator

Human intent

AI Model

Local or cloud LLM

Sanctum Runtime

Verify · Authorize · Audit

Execution

APIs · Devices · Physical world

Developer SDK

Four lines between your model and the real world.

Sanctum sits between your agent and execution — verify, govern, and audit every action without rewriting your stack.

  • Verify before execute — middleware or protectAgent()
  • Policies: approve, verify, or block per action
  • Local Ollama risk + offline heuristics (OSS)
  • Audit log + community dashboard
runtime.ts
npm install @sanctum-runtime/sdk @sanctum-runtime/adapter-agent-runtime

import { SanctumRuntime } from "@sanctum-runtime/sdk";
import { protectAgent, AgentActions } from "@sanctum-runtime/adapter-agent-runtime";

const sanctum = new SanctumRuntime({
  baseUrl: process.env.SANCTUM_API_URL,
});

await protectAgent(sanctum, {
  action: AgentActions.SEND_EMAIL,
  context: { to: "user@example.com" },
  offlineMode: true,
  execute: async () => sendEmail(),
});

Use cases

High-risk teams that need runtime control now

Teams shipping agents that can write, buy, deploy, message, move, unlock, or touch customer data need runtime control now — not after an incident.

AI Agents

Verify emails, files, APIs, and workflows before they execute.

Humanoids

Authorize physical actions — unlock, grasp, navigate — against signed policy.

Embodied AI

Grasp, release, and motion commands with zone and proximity context.

Smart Home

Locks, alarms, and automations with local intent verification.

AI Operating Systems

Gate install, delete, and privileged process actions.

Robotics Integrators

ROS2, warehouse AMR, dock, and calibrate with fleet policy.

Workflow Automation

n8n, CrewAI, CRM updates — governance for AI workflows.

Physical Security / Edge

Gates, perimeter, and camera streams at the edge.

Healthcare Robotics

Dispense, bed motion, and record access with role policy.

Autonomous Mobility

Route changes, mode engage, and door control with geofencing.

AI Companions

Messages, memory, and orders with consent-aware policy.

Industrial Automation

Emergency stop, line start, and setpoint adjustments.

Glossary · Embodied AI guide · Full category matrix

Trust architecture

Infrastructure-grade accountability

Deterministic action outcomes
Approve, verify, or block before side effects execute.
Replayable policy history
Versioned rules and decision trails for incident review.
Human verification workflow
Queue, approve, deny, and escalate with mobile and web review.
Offline-capable control
Policy checks can run locally for edge and sovereign deployments.

FAQ

Common questions

What is Sanctum Runtime?
A trusted execution layer between AI reasoning and real-world actions. It approves, holds for human verification, or blocks every high-stakes action — with policies and audit.
How is this different from guardrails?
Guardrails protect chat. Sanctum protects execution — emails, APIs, files, doors, and robot commands before they run.
What can I gate with Sanctum?
Any action your system can name: agent tools, ROS2 commands, smart home devices, industrial PLCs, workflow steps, and more.
Does it work offline?
Yes. Open-core runtime supports offline heuristics and local Ollama risk scoring for edge and sovereign deploys.

Read the blog · Full documentation

Give every agent action a trust boundary.

Start with Connect Agent, keep the SDK path for deeper fleets, and prove exactly what was approved, blocked, or contained.