Ecosystem

Compatibility

Sanction fits where agents already run: MCP hosts, coding agents, framework runtimes, LLM gateways, and payment-agent pilots. The common contract is simple: authorize before the agent acts.

Sanction-governed MCP

MCP tools ask before risky work

AuthZEN PDP compatible

Standard PEP/PDP evaluation wire

AARP approval loop

Escalation opens an access request

Gateway metered

Model calls are budgeted before/after use

Evidence replay ready

Decision context can reproduce the call

Channel policy packs

Each pack is an installable starting policy. Preview it against the last 30 days before applying it.

MCP tool governance

MCP hosts

Cursor, Claude Desktop, Claude Code, Windsurf, Codex, and custom MCP hosts can add `npx sanction-mcp` as the governance tool server.

mcp-tool-governance

Coding agent seat

Coding agents

Coding and research agents can read freely while writes, shell, deploys, and new capabilities escalate to a human.

coding-agent-seat

Gateway token budget

LLM gateways

Use Sanction as the gateway for the pilot, or keep LiteLLM/Portkey/Helicone and call Sanction as the external policy authority.

gateway-token-budget

Client-safe launch

AI agencies

Hand clients a visible launch policy: budgets, approval for risky actions, Slack/webhook notifications, and replayable evidence.

agency-client-safe-launch

Payment agent mandate

Payment agents

Put policy, consent, and evidence before AP2, x402, checkout, procurement, or any other payment rail.

payment-agent-mandate

No egress

Sanction Local

Air-gapped installs: only on-box tools pass; every cloud call is denied and persisted so the assessor can read the proof.

no-egress

Badge rules

When to claim MCP, AuthZEN, gateway, and replay compatibility.

Adapter recipes

SanctionMiddleware, Python wrappers, and LiteLLM callback patterns.

OpenAPI

Build an adapter against the same endpoints the dashboard and SDK use.