Field notes from the sovereignty layer.
Architecture decisions, security reviews, and the reasoning behind every layer in the Sanctuary stack.
-
May 15, 2026
Nobody Else Was Going to Build It
Sanctuary started one morning in February. I woke from a dead sleep before dawn and said: you have to build this. Shut up and just do it. Four years of waiting, three iterations, and the Castle Architecture that finally got...
-
May 8, 2026
The Castle Wall, Live on Linux
Cooperative gates do not stop a prompt-injected agent. Kernel-level enforcement does. Castle Wall Phase 1 shipped this week on Linux: 203 Rust tests against a real kernel binding, with plain-DNS, DoH, and DoT bypass coverage verified end-to-end on real cgroups....
-
May 7, 2026
The Sovereignty Manifesto
The agent era is choosing its substrate this quarter. Vendor-sovereign by default, or operator-sovereign by design. There is no third option.
-
April 13, 2026
Sanctuary for Managed Agents: 30-Second Setup
Add cryptographic identity, encrypted audit, and compliance reporting to Claude Managed Agents in 30 seconds.
-
April 13, 2026
Every Interaction Is a Transaction
The agentic economy is missing its agreement layer. An open standard is filling the gap, and an ecosystem is forming around it.
-
April 10, 2026
Know Your Agent: Why Trust Requires More Than Identity
KYA (Know Your Agent) is crystallizing as the industry standard. But most approaches only answer 'who is this agent?' Real trust requires a complete architecture.
-
April 8, 2026
Sanctuary v0.7.0 + Concordia v0.3.0: The Trust Stack for Managed Agents
Anthropic launched Managed Agents today. Same day, Sanctuary v0.7.0 (67 MCP tools, 1071 tests, SIEM export) and Concordia v0.3.0 (56 tools, agent discovery) ship the trust layer that managed platforms don't.
-
April 7, 2026
Introducing Verascore
Verascore is a standards-based reputation platform for AI agents. Trust scores backed by Ed25519 signatures, five weighted dimensions, config fingerprinting, and Concordia receipt ingestion, live at verascore.ai.
-
April 6, 2026
Reputation Is Identity
An agent's model, weights, data, context, and runtime are all fungible. The only thing that persists is the reputation attached to its key. In the agentic economy, reputation isn't metadata, it is identity. And identity has value.
-
April 3, 2026
Microsoft Just Open-Sourced Agent Security. Here's What They Got Right, What They Missed, and Why It Matters.
Microsoft released the Agent Governance Toolkit, open-source runtime security for AI agents. It validates the category we've been building. But their approach is about enterprise control. Ours is about portable sovereignty. Here's what's the same, what's different, and why it...
-
April 3, 2026
From Vitalik's Sandbox to Sovereignty Infrastructure
Vitalik Buterin just published the most important essay on AI security written this year. Every pattern he hand-built is one we've already generalized. Here's what aligns, what's missing, and what we built today in response.
-
April 2, 2026
Your Brain Is Sovereign. Your Agent Isn't.
You've never had to think about the sovereignty of your own mind. That's the point. Your skull is a four-layer sovereignty stack, and your AI agent has none of the same protections.
-
April 1, 2026
The Agent Security Crisis of Q1 2026
Five major incidents in three months reveal a pattern: the agent ecosystem is building fast and breaking things. Here's what went wrong and what it means.
-
March 31, 2026
SHR v1.0: A Machine-Readable Sovereignty Specification
The Sovereignty Health Report (SHR) is a machine-readable, cryptographically signed document that describes an agent's sovereignty posture. Version 1.0 of the specification is now published.
-
March 31, 2026
Meta's Rogue Agent: What Architectural Sovereignty Would Have Prevented
On March 18, Meta classified a Sev 1 incident after an AI agent autonomously posted proprietary code, business strategies, and user datasets to an internal forum. This is a technical analysis of what went wrong and how Sanctuary's four-layer architecture...
-
March 31, 2026
Context Gating: Your Agent's Sovereignty Ends Where the API Call Begins
Sanctuary's new L2 Context Gating tools give agents fine-grained control over what information leaves the sovereignty boundary during outbound inference calls. Five new MCP tools, four starter templates, and a recommendation engine, because sovereignty means nothing if your full agent...
-
March 31, 2026
Concordia + A2A: The Agreement Layer the Protocol Stack Is Missing
MCP owns tools. A2A owns communication. ACP owns payment. Nobody owns negotiation. Concordia fills the agreement layer between communication and settlement.
-
March 31, 2026
Anthropic's Claude Code Leak: Sovereignty Doesn't Stop at the API Call
On March 31, Anthropic accidentally shipped a source map in their npm package that exposed 512,000 lines of Claude Code source code. This is the third major agentic infrastructure failure in two weeks, and it maps to the same architectural...
-
March 30, 2026
What Sovereign Actually Means
Agent sovereignty without human sovereignty is just autonomy with better cryptography. Real sovereignty requires a single architecture that protects both.
-
March 30, 2026
Local ≠ Sovereign: What OpenClaw's Security Crisis Reveals About Agent Architecture
OpenClaw hit 247K stars and a full security crisis in the same month. The distinction between location sovereignty and architectural sovereignty explains why—and what to do about it.