Blog

MCP security

mcpai-agentstool-usellm-security

MCP Server Action Gate: Verify Tools Before Execution

Gate every MCP tool call — approve, verify, or block before the server executes filesystem, API, and device side effects.

May 21, 20267 min read

Model Context Protocol (MCP) gives LLMs structured access to tools — files, databases, browsers, smart devices. Each tool call is an execution event. Sanctum gates MCP actions before your server runs them.

Why MCP needs a runtime gate

  • Tools can delete files, exfiltrate secrets, or call production APIs
  • Indirect prompt injection arrives through tool output, not user chat
  • Multiple clients may share one MCP server — policies must be per actor and org

Integration pattern

// Before MCP tool executes:
const result = await sanctum.verifyAction({
  actor: 'mcp-host',
  action: 'write_file',
  context: { path: '/etc/hosts', source_trust: 'tool_output' },
})
if (result.decision !== 'APPROVED') return heldOrBlocked

Sanctum ships an MCP marketplace adapter. See docs and the GitHub repo.

Related: source-trust classification, action approval.

Guides: agentic AI risk · MCP security · runtime authorization · HITL approvals · coding agents · get startedMore: all posts · AI trust layer · open Sanctum Console

Give every agent action a trust boundary.

Start with Connect Agent, keep the SDK path for deeper fleets, and prove exactly what was approved, blocked, or contained.