I built Sanna to solve a specific problem: when an AI agent's output crosses a trust boundary (handed to a customer, submitted to a regulator, used in a decision), there's no portable proof that governance was enforced.
Last week an agent running on a popular open-source framework published a hit piece on a maintainer who rejected its PR. No policy evaluated the action before it happened. No evidence exists of what rules applied. That's the gap.
Sanna does two things:
1. Constitution enforcement — define authority boundaries in YAML:
rules:
- action: publish_content
constraint: "must not target or defame individuals"
enforcement: halt.
- action: modify_account
enforcement: escalate.
Sanna evaluates every action at execution time. Forbidden actions are halted before reaching the downstream system.
2. Reasoning receipts — every decision (allow, halt, escalate) generates an Ed25519-signed artifact. Deterministic fingerprints via RFC 8785 canonicalization, tamper-evident, verifiable offline with a public key.
Two deployment modes: a Python decorator (3 lines) or an MCP gateway proxy (no code changes to your agent).
nicallen•1h ago
Last week an agent running on a popular open-source framework published a hit piece on a maintainer who rejected its PR. No policy evaluated the action before it happened. No evidence exists of what rules applied. That's the gap.
Sanna does two things:
1. Constitution enforcement — define authority boundaries in YAML:
rules:
Sanna evaluates every action at execution time. Forbidden actions are halted before reaching the downstream system.2. Reasoning receipts — every decision (allow, halt, escalate) generates an Ed25519-signed artifact. Deterministic fingerprints via RFC 8785 canonicalization, tamper-evident, verifiable offline with a public key.
Two deployment modes: a Python decorator (3 lines) or an MCP gateway proxy (no code changes to your agent).
2,000+ tests, adversarial evasion coverage shipped.
pip install sanna
Repo: https://github.com/nicallen-exd/sanna
Site: https://sanna.dev