Blog

Runtime authorization

securitytokensruntime-trustsdk

Signed Action Tokens: HMAC Proof Before Side Effects Run

Approval in console is not enough. Executors verify short-lived HMAC tokens scoped to actor, action, and audit ID before any real-world effect.

May 10, 20267 min read

Approval in a dashboard is not proof an executor saw it. Signed action tokens are short-lived HMAC-SHA256 credentials binding actor, action, org, and audit ID — executors must verify before running side effects.

Why tokens matter

  • Prevents “replay” of stale approvals
  • Stops bypass paths that skip the runtime
  • Gives microservices a cryptographic check, not honor system

Flow

  1. Agent calls verifyAction → APPROVED
  2. Runtime returns action_token (5 min TTL)
  3. Executor verifies token → executes → reports result

Runtime trust layer · SDK

Guides: agentic AI risk · MCP security · runtime authorization · HITL approvals · coding agents · get startedMore: all posts · AI trust layer · open Sanctum Console

Give every agent action a trust boundary.

Start with Connect Agent, keep the SDK path for deeper fleets, and prove exactly what was approved, blocked, or contained.