SanctumSanctum
Start
Home

Architecture

Sanctum Runtime Architecture

Machine-readable overview of how Sanctum connects agents, operators, and physical systems.

Architecture

Between reasoning and execution

Operator

Human intent

AI Model

Local or cloud LLM

Sanctum Runtime

Verify · Authorize · Audit

Execution

APIs · Devices · Physical world

Components

Client SDK (`@sanctum-runtime/sdk`)

TypeScript and Python clients call POST /v1/actions/verify, manage policies, and stream events. The agent-runtime adapter wraps LangChain-style tools with protectAgent().

Runtime API (Fastify)

Verification, audit, API keys, fleet map, marketplace installs, billing, GDPR export, and SSO configuration. Deployed at api.sanctumruntime.com.

Control plane (Supabase + dashboard)

Operators authenticate via Supabase JWT. Policies persist per org; verifications appear in the review queue; webhooks notify Slack, email, or custom endpoints.

Event pipeline

SSE /v1/events/stream and WebSocket /v1/runtimes/ws feed live runtime status. Audit records support human resolve with correlation IDs.

Deep dive in docs · architecture.md (AI-friendly)

Full reference: documentation · llms.txt · architecture.md

Build AI humans can trust.

Open the cloud console to manage runtimes and policies, or self-host the open-source runtime from GitHub.

Start with RuntimeEnterprise