Ecosystem
Compatibility
Sanction fits where agents already run: MCP hosts, coding agents, framework runtimes, LLM gateways, and payment-agent pilots. The common contract is simple: authorize before the agent acts.
Sanction-governed MCP
MCP tools ask before risky work
AuthZEN PDP compatible
Standard PEP/PDP evaluation wire
AARP approval loop
Escalation opens an access request
Gateway metered
Model calls are budgeted before/after use
Evidence replay ready
Decision context can reproduce the call
Channel policy packs
Each pack is an installable starting policy. Preview it against the last 30 days before applying it.
MCP tool governance
MCP hosts
Cursor, Claude Desktop, Claude Code, Windsurf, Codex, and custom MCP hosts can add `npx sanction-mcp` as the governance tool server.
mcp-tool-governanceCoding agent seat
Coding agents
Coding and research agents can read freely while writes, shell, deploys, and new capabilities escalate to a human.
coding-agent-seatGateway token budget
LLM gateways
Use Sanction as the gateway for the pilot, or keep LiteLLM/Portkey/Helicone and call Sanction as the external policy authority.
gateway-token-budgetClient-safe launch
AI agencies
Hand clients a visible launch policy: budgets, approval for risky actions, Slack/webhook notifications, and replayable evidence.
agency-client-safe-launchPayment agent mandate
Payment agents
Put policy, consent, and evidence before AP2, x402, checkout, procurement, or any other payment rail.
payment-agent-mandateNo egress
Sanction Local
Air-gapped installs: only on-box tools pass; every cloud call is denied and persisted so the assessor can read the proof.
no-egressBadge rules
When to claim MCP, AuthZEN, gateway, and replay compatibility.
Adapter recipes
SanctionMiddleware, Python wrappers, and LiteLLM callback patterns.
OpenAPI
Build an adapter against the same endpoints the dashboard and SDK use.