SanctumSanctum
Start
Blog
mcpai-agentstool-usellm-security

MCP server action gate: verify Model Context Protocol tools before execution

MCP connects LLMs to filesystems, APIs, and devices. Gate every tool call with Sanctum — approve, verify, or block before the server executes.

May 21, 20267 min read

Model Context Protocol (MCP) gives LLMs structured access to tools — files, databases, browsers, smart devices. Each tool call is an execution event. Sanctum gates MCP actions before your server runs them.

Why MCP needs a runtime gate

  • Tools can delete files, exfiltrate secrets, or call production APIs
  • Indirect prompt injection arrives through tool output, not user chat
  • Multiple clients may share one MCP server — policies must be per actor and org

Integration pattern

// Before MCP tool executes:
const result = await sanctum.verifyAction({
  actor: 'mcp-host',
  action: 'write_file',
  context: { path: '/etc/hosts', source_trust: 'tool_output' },
})
if (result.decision !== 'APPROVED') return heldOrBlocked

Sanctum ships an MCP marketplace adapter. See docs and the GitHub repo.

Related: source-trust classification, action approval.

More: all posts · runtime trust layer · open Sanctum Console

Build AI humans can trust.

Open the cloud console to manage runtimes and policies, or self-host the open-source runtime from GitHub.

Start with RuntimeEnterprise