How do I install Sanction?

Sanction is a local plugin. Install it using npm package: sanction-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Sanction safe to use?

Yes. Sanction passed MCP Marketplace's automated security scan with a score of 9.9/10 (low risk). Every server on MCP Marketplace is security-scanned before it's listed; see the full security report on this page for the findings and permissions.

What credentials does Sanction need?

Sanction requires the following credentials or environment variables: SANCTION_API_KEY, SANCTION_WALLET_ID, SANCTION_API_URL. You can find setup instructions on the server detail page.

What AI apps work with Sanction?

Sanction uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Sanction MCP Server

by Ericlovold

Developer ToolsLow Risk9.9MCP RegistryLocal

Free

Server data from the Official MCP Registry

Spend authorization, token budgets, and an encrypted credential vault for AI agents.

About

Spend authorization, token budgets, and an encrypted credential vault for AI agents.

Security Report

9.9

Low Risk9.9Low Risk

Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. Trust signals: 3 highly-trusted packages. 1 finding(s) downgraded by scanner intelligence.

6 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Agent API key (pxy_...). Create one at https://onesanction.com or via POST /api/v1/wallets then POST /api/v1/agents.Required

Environment variable: SANCTION_API_KEY

Wallet id, used by the sanction_wallet_status tool.Optional

Environment variable: SANCTION_WALLET_ID

Sanction API base URL.Optional

Environment variable: SANCTION_API_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-ericlovold-sanction": {
      "env": {
        "SANCTION_API_KEY": "your-sanction-api-key-here",
        "SANCTION_API_URL": "your-sanction-api-url-here",
        "SANCTION_WALLET_ID": "your-sanction-wallet-id-here"
      },
      "args": [
        "-y",
        "sanction-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

Sanction

The trust and governance layer for autonomous AI agents.

Sanction gives agents a wallet, a credential vault, and a clearance system — so they can act autonomously without acting without limits.

What It Does

Autonomous agents need permission to spend money, access credentials, and operate in sensitive domains. Sanction is the layer that grants that permission, enforces policy, and logs everything.

Pillar	Capability
Agent Wallet	Spend authorization with configurable policy. Auto-approve under threshold, escalate over it, deny what's blocked. Daily and monthly budgets per agent.
Credential Vault	AES-256-GCM encrypted secrets. Scoped execution JWTs (15-minute TTL) gate every injection. Every access is audit-logged.
Clearance Levels	1–5 clearance system for domain authorization. Agents only access what they're cleared for.

Distribution

Sanction is available through three channels:

MCP Server — drop into any Claude Desktop, AIIA, or MCP-compatible agent host
REST API — direct integration via x-api-key auth
AWS Bedrock Action Group — enterprise agent orchestration (agentId: JXRNIJRMCX, us-east-1)

API

Base URL: https://onesanction.com/api/v1

POST /authorize           — Authorize a spend action before any transaction
POST /tokens              — Log LLM token consumption for budget tracking
POST /exec                — Issue a scoped execution JWT (15-min TTL)
POST /credentials/vault   — Store an encrypted credential
POST /credentials/inject  — Inject a decrypted credential (requires JWT)
POST /agents              — Register an agent against a wallet
POST /wallets             — Create a wallet with spend policy
GET  /wallets/stats       — Dashboard stats (today + MTD)
GET  /api/openapi.json    — OpenAPI 3.0 spec (Bedrock compatible)

Auth

Agent API calls use x-api-key: pxy_... header. Credential injection requires a short-lived Bearer JWT issued by /exec.

MCP Setup

{
  "mcpServers": {
    "sanction": {
      "command": "npx",
      "args": ["sanction-mcp"],
      "env": {
        "SANCTION_API_URL": "https://onesanction.com/api/v1",
        "SANCTION_API_KEY": "pxy_...",
        "SANCTION_WALLET_ID": "wallet_..."
      }
    }
  }
}

Stack

Next.js 16 (App Router) + TypeScript
Neon (serverless Postgres) via Prisma 7
Vercel deployment
jose for JWT signing (HS256)
Node crypto for AES-256-GCM encryption

Pricing

Tier	Price	Agents	Token Budget
Free	$0	1	$10/mo
Pro	$19/mo	5	$100/mo
Team	$49/mo	25	$500/mo
Enterprise	Custom	Unlimited	Custom

License

packages/sanction-mcp (the MCP client) — MIT. Embed it anywhere.
Everything else (server, dashboard, API) — Functional Source License 1.1 (FSL-1.1-MIT). Source-available: use and self-host it for any purpose except offering a competing service. Converts to MIT two years after release.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Sanction MCP Server

About

Security Report

Findings (1)

Permissions Required

What You'll Need

How to Install

Documentation

Sanction

What It Does

Distribution

API

Auth

MCP Setup

Stack

Pricing

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript