🚧 SanctumAI is in beta. APIs may change before v1.0.
CLI Referencesanctum policy

sanctum policy

Manage access policies.

Subcommands

add

Create a new access policy.

sanctum policy add <name> \
  --principal "agent:<pattern>" \
  --resources "<glob>,<glob>" \
  --actions <action>[,<action>] \
  --max-ttl <seconds>
sanctum policy add cursor-access \
  --principal "agent:cursor-agent" \
  --resources "openai/*,anthropic/*" \
  --actions retrieve \
  --max-ttl 300
âś… Policy 'cursor-access' created
   Principal: agent:cursor-agent
   Resources: openai/*, anthropic/*
   Actions: retrieve
   Max TTL: 300s

list

List all policies.

sanctum policy list

remove

Delete a policy.

sanctum policy remove <name>

simulate

Test a policy decision without making a real request.

sanctum policy simulate \
  --agent <name> \
  --resource <path> \
  --action <action>
sanctum policy simulate \
  --agent cursor-agent \
  --resource openai/api_key \
  --action retrieve
âś… ALLOWED by policy 'cursor-access'
   Lease TTL: 300s

Policy Fields

FieldDescription
nameUnique policy identifier
principalAgent pattern (glob): agent:cursor-*
resourcesCredential path patterns (glob, comma-separated)
actionsretrieve, list, store, delete
max-ttlMaximum lease duration in seconds
sanctum agentsanctum mcp serve