Choose one action to protect
Start with the tool call your team cannot afford to let run unchecked: email, money movement, production writes, secrets, or physical access.
Sanctum is the runtime trust boundary for OpenAI, Claude, Gemini, MCP, LangChain, robots, and workflow agents: verify tool calls, pause for human approval, issue signed action tokens, and keep evidence when something changes the world.
The problem
Robots that can't think without a server can't be trusted in the field.
Open APIs and unverified prompts give attackers a direct line to motors.
Models hallucinate. In a physical world, hallucinations break things — or people.
A single poisoned input can override safety constraints across an entire fleet.
Sensors stream private data to third-party clouds with no enforced boundary.
The solution
Every high-stakes action is intercepted, evaluated against policy, and approved, verified, or blocked — before execution.
Run inference and policy locally with Ollama, llama.cpp, or your own models. Sovereign by default. Cloud-optional.
Detect anomalous prompt chains, escalation attempts, and suspicious remote inputs in real time across your fleet.
Start in 5 minutes
Pilot path
Pick a high-impact tool call, run it through Sanctum, and show the exact moment the system verifies, holds, blocks, or approves execution. It is the fastest way to move from “we have guardrails” to enforceable runtime control.
Start with the tool call your team cannot afford to let run unchecked: email, money movement, production writes, secrets, or physical access.
Use Connect Agent for the fastest proxy path, or the SDK/adapters when you want deeper control inside your runtime.
Sanctum records the decision, shows the approval context, and can issue a signed action token before the executor runs.
Choose your path
Launch with visible action controls before customers trust your agent with data, money, or production.
Use Connect Agent for no-SDK proxy gating, or keep the SDK and adapters for deeper runtime ownership.
Turn agent activity into approval evidence, source-trust history, policy replay, and incident response.
Architecture
Operator
Human intent
AI Model
Local or cloud LLM
Sanctum Runtime
Verify · Authorize · Audit
Execution
APIs · Devices · Physical world
Developer SDK
Sanctum sits between your agent and execution — verify, govern, and audit every action without rewriting your stack.
npm install @sanctum-runtime/sdk @sanctum-runtime/adapter-agent-runtime
import { SanctumRuntime } from "@sanctum-runtime/sdk";
import { protectAgent, AgentActions } from "@sanctum-runtime/adapter-agent-runtime";
const sanctum = new SanctumRuntime({
baseUrl: process.env.SANCTUM_API_URL,
});
await protectAgent(sanctum, {
action: AgentActions.SEND_EMAIL,
context: { to: "user@example.com" },
offlineMode: true,
execute: async () => sendEmail(),
});Use cases
Teams shipping agents that can write, buy, deploy, message, move, unlock, or touch customer data need runtime control now — not after an incident.
Verify emails, files, APIs, and workflows before they execute.
Authorize physical actions — unlock, grasp, navigate — against signed policy.
Grasp, release, and motion commands with zone and proximity context.
Locks, alarms, and automations with local intent verification.
Gate install, delete, and privileged process actions.
ROS2, warehouse AMR, dock, and calibrate with fleet policy.
n8n, CrewAI, CRM updates — governance for AI workflows.
Gates, perimeter, and camera streams at the edge.
Dispense, bed motion, and record access with role policy.
Route changes, mode engage, and door control with geofencing.
Messages, memory, and orders with consent-aware policy.
Emergency stop, line start, and setpoint adjustments.
Trust architecture
FAQ
Start with Connect Agent, keep the SDK path for deeper fleets, and prove exactly what was approved, blocked, or contained.