What is a runtime trust layer for AI agents?
Why execution-time verification beats chat guardrails for agents, robots, and workflows — and how Sanctum gates actions before they run.
Autonomous systems — LLM agents, workflow bots, MCP servers, humanoids, smart home hubs — all share one dangerous moment: when a planned action becomes a real side effect. A runtime trust layer exists for that moment alone.
Execution is the attack surface
Prompt guardrails filter toxic text. Schema validators check JSON shape. Neither answers: should this email send, this door unlock, this payment execute — right now, from this actor?
Sanctum Runtime sits between reasoning and execution. Every action passes through policy and risk scoring. The runtime returns APPROVE, REQUIRE_VERIFICATION, or BLOCKED— then logs evidence for operators and compliance.
What a runtime trust layer includes
- Interception — one API: verify before execute
- Policy engine — per-action approve / verify / block
- Human-in-the-loop — mobile PWA or console for approvals
- Audit trail — correlation IDs, replay, webhooks
- Local-first risk — Ollama or heuristics when cloud is down
One runtime, twelve categories
The same gate works for agents, ROS2 fleets, smart locks, industrial lines, and healthcare robotics — you define action names; Sanctum enforces policy. See glossary and documentation for integration patterns.
Start building
npm install @sanctum-runtime/sdk
const result = await sanctum.verifyAction({
actor: 'billing-agent',
action: 'transfer_funds',
context: { amount: 4500, currency: 'USD' },
})Open the console for fleet policy and verification queues, or read Sanctum vs guardrails.
More: all posts · runtime trust layer · open Sanctum Console