Sanna enforces governance rules at execution time, halts forbidden actions before they reach downstream systems, and generates cryptographic receipts proving it happened.
GitHubAn AI agent approves a loan, triages a patient, sends a contract to a counterparty — or books a flight and moves money on your behalf. Two things should have happened before that output left your system: something should have stopped it if it violated policy, and something should have recorded proof that it didn't.
Neither happened. There's no runtime enforcement — your governance rules live in a wiki, not in the execution path. And there's no evidence trail — you have logs and metrics, but nothing a regulator, auditor, or counterparty would accept as proof the agent operated within its authority.
AI governance legislation is accelerating worldwide — laws are already live or taking effect in the US, EU, South Korea, Vietnam, and more are coming. Your compliance team is asking for runtime enforcement and verifiable evidence. Your customers will too. The gap between what your agents are doing and what you can enforce and prove is a liability waiting to surface.
Governance rules in version-controlled YAML. Forbidden actions are halted. Escalation-required actions are held for human approval. Rules that drive agent behavior — not suggestions in a dashboard.
Every decision — allow, halt, escalate — produces an Ed25519-signed receipt. Deterministic fingerprints. Tamper-evident. Verifiable offline with just a public key. The receipt travels with the output.
Wrap the functions you want to govern. Every call is checked against your constitution, and a signed receipt is generated automatically.
from sanna import sanna_observe, SannaHaltError @sanna_observe( constitution_path="constitution.yaml", constitution_public_key_path="~/.sanna/keys/<key-id>.pub", ) def my_agent(query: str, context: str) -> str: return "Based on the data, revenue grew 12% year-over-year." try: result = my_agent(query="What was revenue growth?", context="...") print(result.output) # The original return value print(result.receipt) # Cryptographic governance receipt except SannaHaltError as e: print(f"HALTED: {e}") # Constitution violation detected
// Signed, offline-verifiable proof generated for every governed action { "spec_version": "1.0", "receipt_id": "a7e3b1f0-4c2d-4a8e-9f1b-3d5e7a9c2b4d", "receipt_fingerprint": "30dedec9373c4d9b", "status": "PASS", "checks_passed": 5, "checks_failed": 0, "context_hash": "a43401a2a64954e9...c3797e1231415", "output_hash": "5eebc757bbbe8b82...2f38a69f89", "constitution_ref": { "document_id": "financial-services-v2", "policy_hash": "8f3a9b2c1d4e5f6a", "signature_verified": true }, "enforcement": { "action": "allowed", "reason": "All checks passed", "failed_checks": [], "enforcement_mode": "halt" }, "receipt_signature": { "signature": "ed25519:2f8c4d9e1a7b...", "scheme": "receipt_sig_v1" } }
Write your agent's authority boundaries in a constitution YAML. Sign it with your Ed25519 key. Version-control it alongside your code.
Sanna evaluates every action against the constitution at execution time. Allowed actions proceed. Forbidden actions halt. Uncertain actions escalate.
Every decision generates a signed reasoning receipt — portable, vendor-neutral proof that governance was enforced. Hand it to auditors, regulators, or counterparties.
Add a decorator to the functions you govern. Three lines of code. Receipts generated inline.
Wrap governed functions with sannaObserve(). Same constitution format, same receipt schema. Cross-language verification built in.
A proxy between your AI client and downstream tools. Zero code changes to your agent. Available in both Python and TypeScript.
Governance plugin for OpenClaw agents. 14 invariants, 3 constitution templates. Hooks into before_tool_call for runtime enforcement.
Five independent security review cycles. A published formal specification. Production-grade cryptographic engineering tested across two languages, multiple runtimes, and 48 cross-language interoperability tests.
We ran a live red-team exercise against Sanna-governed agents. Multiple AI models. 20+ adversarial attack vectors including tool-name routing, social engineering, credential reconnaissance, browser-based exfiltration, and sub-agent delegation.
Sanna ships with the governance lifecycle tooling that regulated industries require. All of it is free, open source, and available today.
Self-contained zip archives with receipt, constitution, and public keys. Hand an auditor a single file — they verify the full governance chain offline.
Per-agent, per-check failure-rate trending with linear regression. Project when governance thresholds will breach. Export to CSV or JSON for enterprise tooling.
Ed25519-signed constitution approval chains. Multi-party review before enforcement. Tamper-evident version history with structural diffing between revisions.
SQLite-backed receipt persistence with indexed metadata. Filter by agent, status, time range, or halt events. Query via CLI, Python API, or MCP tools.
Receipts generated in Python verify in TypeScript and vice versa. 48 interoperability tests ensure both SDKs produce and validate identical cryptographic receipts.
Receipt telemetry exportable to Splunk, Datadog, Grafana. Pointer-and-hash architecture — receipts stay on disk, telemetry flows to your dashboards.
Sanna is a multi-language ecosystem built around a single open specification. Every component generates and verifies the same receipt format.
The original SDK. 2,489+ tests, 16 CLI commands, 12 constitution templates. Library mode, gateway mode, and MCP server.
Full TypeScript implementation. 777+ tests, 4 npm packages, 48 cross-language interop tests. Node.js 22+.
Governance plugin for OpenClaw agents. 14 invariants, 3 constitution templates, before_tool_call hook enforcement.
The formal open specification. JSON schemas, golden test fixtures, HTTP header conventions, and implementers guide.
Hosted receipt storage, fleet observability, drift analytics, and managed gateway. Self-hosted today — all core functionality is open source and free forever. Sanna Cloud adds convenience and scale for teams and power users.
We'll notify you when Sanna Cloud opens for early users. No spam.
Running AI assistants that book travel, manage finances, or send messages on your behalf? Sanna gives you boundaries they can't cross and a receipt proving they stayed inside them. Your agents, your rules.
If your agents operate where decisions carry liability — financial services, healthcare, legal, insurance, government — Sanna provides the runtime enforcement and verifiable evidence layer your compliance teams and auditors require.
Receipt format designed for the evidence and audit requirements emerging across AI governance legislation worldwide — and new laws are being enacted every quarter. Portable receipts. Vendor-neutral verification. Constitutions your compliance team — or just you — can actually read.
No configuration. No external dependencies. One command generates keys, creates a constitution, simulates a governed tool call, generates a signed receipt, and verifies it.
Self-contained governance demo. Generates keys, evaluates a tool call, and verifies the receipt — all locally.
Quick-start guides for library mode and gateway mode. Constitution templates, CLI reference, TypeScript SDK docs, and the formal specification.