SDK for building agents that run within Sage Sanctum infrastructure
Project description
Sage Sanctum Agent SDK
SDK for building agents that run within the Sage Sanctum secure multi-agent execution platform.
Features
- SPIFFE Authentication - Automatic JWT SVID management for agent identity
- Transaction Tokens (TraT) - IETF-standard authorization for scoped transactions
- LLM Gateway Integration - Route LLM calls through authenticated, policy-enforced gateways
- Multi-Provider Support - OpenAI, Anthropic, and Google via unified interface
- SARIF Output - Standard static analysis output format for GitHub Code Scanning
- Testing Utilities - Mock gateway, LLM, and TraT clients for unit testing
Quick Start
from sage_sanctum import AgentContext, AgentRunner, SageSanctumAgent, AgentResult
from sage_sanctum.io.inputs import AgentInput, RepositoryInput
from sage_sanctum.io.outputs import SarifOutput, Finding, Location
from sage_sanctum.llm.model_category import ModelCategory
class MySecurityAgent(SageSanctumAgent):
@property
def name(self) -> str:
return "my-security-agent"
@property
def version(self) -> str:
return "0.1.0"
async def run(self, agent_input: AgentInput) -> AgentResult:
# Get an LLM client for analysis
llm = self.context.create_llm_client(ModelCategory.ANALYSIS)
# Your agent logic here...
response = llm.invoke([...])
return AgentResult(
output=SarifOutput(
tool_name=self.name,
tool_version=self.version,
findings=[...],
),
exit_code=0,
)
# Entry point
if __name__ == "__main__":
import sys
sys.exit(AgentRunner(MySecurityAgent).run())
Installation
pip install sage-sanctum-sdk
Architecture
Agents run in isolated containers with no direct network access. All external communication (LLM calls, MCP tools, packages) flows through authenticated gateways:
Agent Pod (seccomp: no AF_INET)
└── Agent SDK
├── SPIFFE JWT (identity)
├── Transaction Token (authorization)
└── Gateway Client (Unix socket)
└── LLM Gateway → OpenAI / Anthropic / Google
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sage_sanctum_sdk-0.2.4.tar.gz.
File metadata
- Download URL: sage_sanctum_sdk-0.2.4.tar.gz
- Upload date:
- Size: 48.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c02020bd07049e5adf1fd23d2d3153e44d65b66829d52b46681b7d91e6b24f75
|
|
| MD5 |
26935c6fcd9caca409102e14e7f2d65b
|
|
| BLAKE2b-256 |
9a621f16f5a4eb34b56a3fadca8a7009698679b8f9cda97f5967655bb0af0c45
|
File details
Details for the file sage_sanctum_sdk-0.2.4-py3-none-any.whl.
File metadata
- Download URL: sage_sanctum_sdk-0.2.4-py3-none-any.whl
- Upload date:
- Size: 36.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b50aabba8ab37acd45aebebd327bdc927c260edeba2585dcdd0f5d533d659efa
|
|
| MD5 |
af2a4ddf7db13cace9c97861d8de5012
|
|
| BLAKE2b-256 |
d9c3134d6b89f2504f22e2a2fcdbbe3923c3b5778ebed57bc28f4c9b5fc0c5df
|
