---

name: sap-enforcer description: Enforce SAFE Authorization Protocol (SAP) before executing MCP tool calls. Requires openclaw-sap-gate installed. version: 1.0.0 author: Sean Campbell

SAP Enforcer

Enforce SAP/1.0 authorization on every MCP tool call. No SAFE manifest = no execution.

How It Works

Before dispatching any MCP tool call, run:

sap-gate verify <app_id>

Where app_id is the identifier of the calling application. If this returns non-zero, deny the tool call.

On Authorization Pass

Proceed with the tool call normally. The grant is logged automatically to ~/.sap/log/grants.jsonl.

On Authorization Denial

1. Do NOT execute the tool call
2. Surface the failure to the user:

   "Tool call denied: <app_id> is not authorized. Check that its SAFE folder exists and manifest is signed."

3. The denial is logged automatically to ~/.sap/log/gaps.jsonl
4. Do not retry without explicit user instruction

Registering a New Application

To authorize a new app_id:

# 1. Create the SAFE folder and manifest template
sap-gate init <app_id>

# 2. Edit the manifest at ~/.sap/Applications/<app_id>/safe-app-manifest.json

# 3. Sign it with your GPG key
gpg --detach-sign --armor ~/.sap/Applications/<app_id>/safe-app-manifest.json
mv ~/.sap/Applications/<app_id>/safe-app-manifest.json.asc \
   ~/.sap/Applications/<app_id>/safe-app-manifest.json.sig

# 4. Verify
sap-gate verify <app_id>

Revoking Authorization

Delete the SAFE folder or the .sig file:

# Revoke by removing signature (preserves manifest for re-authorization)
rm ~/.sap/Applications/<app_id>/safe-app-manifest.json.sig

# Revoke completely
rm -rf ~/.sap/Applications/<app_id>/

Prerequisites

• openclaw-sap-gate installed: pip install openclaw-sap-gate
• GPG key configured: gpg --list-keys
• SAP_SAFE_ROOT env var set (default: ~/.sap/Applications)

Protocol Reference

SAP/1.0 RFC: https://github.com/rudi193-cmd/sap-rfc