When your agent acts, Sanna enforces the rules and generates cryptographic proof it happened. Forbidden actions are halted before they reach downstream systems.
Get Started GitHubAn AI agent approves a loan, triages a patient, sends a contract, moves money on your behalf. The White House AI framework shifted downstream liability to the deployer. That's you. Not the model provider. Not the developer who built the agent.
Two things should happen before every agent output leaves your system: something should stop it if it violates policy, and something should record proof that it didn't. Right now, neither is happening. Your governance rules live in a wiki. Your evidence trail is a log file no regulator would accept. That gap is a liability waiting to surface.
Governance rules in version-controlled YAML. Forbidden actions are halted. Escalation-required actions are held for human approval. Rules that drive agent behavior — not suggestions in a dashboard.
Every decision — allow, halt, escalate — produces an Ed25519-signed receipt. Deterministic fingerprints. Tamper-evident. Verifiable offline with just a public key. The receipt travels with the output.
The entity generating the output cannot credibly certify its own compliance. You need an independent layer that evaluates and signs, not the same system that produced the answer.
Dashboards and logs tell you what happened after the fact. Sanna stops what shouldn't happen before it reaches downstream systems. Enforcement without proof is incomplete. Proof without enforcement is theatre.
A SOC 2 badge certifies a point in time. Sanna generates per-action cryptographic evidence, the same way SSL produces per-connection proof. Portable, offline-verifiable, and bound to the specific constitution that was enforced.
Wrap the functions you want to govern. Every call is checked against your constitution, and a signed receipt is generated automatically.
from sanna import sanna_observe, SannaHaltError @sanna_observe( constitution_path="constitution.yaml", constitution_public_key_path="~/.sanna/keys/<key-id>.pub", ) def my_agent(query: str, context: str) -> str: return "Based on the data, revenue grew 12% year-over-year." try: result = my_agent(query="What was revenue growth?", context="...") print(result.output) # The original return value print(result.receipt) # Cryptographic governance receipt except SannaHaltError as e: print(f"HALTED: {e}") # Constitution violation detected
// Signed, offline-verifiable proof generated for every governed action { "spec_version": "1.0", "receipt_id": "a7e3b1f0-4c2d-4a8e-9f1b-3d5e7a9c2b4d", "receipt_fingerprint": "30dedec9373c4d9b", "status": "PASS", "checks_passed": 5, "checks_failed": 0, "context_hash": "a43401a2a64954e9...c3797e1231415", "output_hash": "5eebc757bbbe8b82...2f38a69f89", "constitution_ref": { "document_id": "financial-services-v2", "policy_hash": "8f3a9b2c1d4e5f6a", "signature_verified": true }, "enforcement": { "action": "allowed", "reason": "All checks passed", "failed_checks": [], "enforcement_mode": "halt" }, "receipt_signature": { "signature": "ed25519:2f8c4d9e1a7b...", "scheme": "receipt_sig_v1" } }
Write your agent's authority boundaries in a constitution YAML. Sign it with your Ed25519 key. Version-control it alongside your code.
Sanna evaluates every action against the constitution at execution time. Allowed actions proceed. Forbidden actions halt. Uncertain actions escalate.
Every decision generates a signed governance receipt — portable, vendor-neutral proof that governance was enforced. Hand it to auditors, regulators, or counterparties.
Add a decorator to the functions you govern. Three lines of code. Receipts generated inline.
Wrap governed functions with sannaObserve(). Same constitution format, same receipt schema. Cross-language verification built in.
A proxy between your AI client and downstream tools. Zero code changes to your agent. Available in both Python and TypeScript.
Governance plugin for OpenClaw agents. 14 invariants, 3 constitution templates. Hooks into before_tool_call for runtime enforcement.
Five independent security review cycles. A published formal specification. Production-grade cryptographic engineering tested across two languages, multiple runtimes, and 48 cross-language interoperability tests.
We ran a live red-team exercise against Sanna-governed agents. Multiple AI models. 20+ adversarial attack vectors including tool-name routing, social engineering, credential reconnaissance, browser-based exfiltration, and sub-agent delegation.
Agents approving loans, generating reports, moving money, scoring risk. Governance receipts map directly to SOC 2 evidence requirements and emerging AI audit frameworks.
Clinical decision support, triage, prior authorization. Receipts satisfy the evidence trail requirements emerging under FDA guidance for AI/ML-based software as a medical device.
Any organization deploying agents where downstream liability applies. Your compliance team needs runtime enforcement and verifiable evidence that governance was applied at the moment of action.
Receipt format designed for the evidence and audit requirements emerging across AI governance legislation worldwide. Portable receipts. Vendor-neutral verification. Constitutions your compliance team can actually read.
Sanna ships with the governance lifecycle tooling that regulated industries require. All of it is free, open source, and available today.
Self-contained zip archives with receipt, constitution, and public keys. Hand an auditor a single file — they verify the full governance chain offline.
Per-agent, per-check failure-rate trending with linear regression. Project when governance thresholds will breach. Export to CSV or JSON for enterprise tooling.
Ed25519-signed constitution approval chains. Multi-party review before enforcement. Tamper-evident version history with structural diffing between revisions.
SQLite-backed receipt persistence with indexed metadata. Filter by agent, status, time range, or halt events. Query via CLI, Python API, or MCP tools.
Receipts generated in Python verify in TypeScript and vice versa. 48 interoperability tests ensure both SDKs produce and validate identical cryptographic receipts.
Receipt telemetry exportable to Splunk, Datadog, Grafana. Pointer-and-hash architecture — receipts stay on disk, telemetry flows to your dashboards.
Sanna is a multi-language ecosystem built around a single open specification. Every component generates and verifies the same receipt format.
The original SDK. 2,489+ tests, 16 CLI commands, 12 constitution templates. Library mode, gateway mode, and MCP server.
Full TypeScript implementation. 777+ tests, 4 npm packages, 48 cross-language interop tests. Node.js 22+.
Governance plugin for OpenClaw agents. 14 invariants, 3 constitution templates, before_tool_call hook enforcement.
The formal open specification. JSON schemas, golden test fixtures, HTTP header conventions, and implementers guide.
15 years building enforcement and trust systems across regulated pharma (GxP/FDA), Google Cloud, and cybersecurity.
Hosted receipt storage, fleet observability, drift analytics, and managed gateways. The open source SDKs stay free forever. Cloud adds the convenience and scale layer for teams.
We'll notify you when Sanna Cloud opens for early users. No spam.
No configuration. No external dependencies. One command generates keys, creates a constitution, simulates a governed tool call, generates a signed receipt, and verifies it.
Self-contained governance demo. Generates keys, evaluates a tool call, and verifies the receipt — all locally.
Quick-start guides for library mode and gateway mode. Constitution templates, CLI reference, TypeScript SDK docs, and the formal specification.