← MCP TrustOps
SearchSprawl RadarTrustOpsGatewayLedgerMandatesHostingDocs CompilerDemoPlansShortlistsRankingsCompareChatGPT compatibleClaude compatibleHealthcareDigestsRSSRSS XMLBackfillMCP API
VERIFY MANDATES

Signed delegated authority for agent actions

Verify Mandates store the authorization evidence that Gateway needs before an agent acts: user, agent, server scope, budget, validity window, human-approval requirement, signature, and tool constraints.

Create
/v1/mandates
Create scoped consent records for delegated agent work.
Enforce
mandate_id
Attach a mandate to /v1/decide or decide_agent_call.
MCP tool
create_mandate
Create delegated authority records through the MCP surface when your control plane supports it.

Mandate example

{
  "user_id": "user_456",
  "agent_id": "agent_123",
  "server_id": "io.sentinelsignal/scoring",
  "scope": "score claims without submitting feedback",
  "budget_limit": 25.0,
  "valid_until": "2026-06-15T00:00:00Z",
  "constraints": {
    "allowed_tools": [
      "score_workflow"
    ],
    "blocked_tools": [
      "submit_feedback"
    ],
    "min_score": 75
  }
}

Checks enforced by Gateway

Identity
Agent, user, and optional server must match the mandate.
Authority
Scope, valid_from, valid_until, budget, allowed tools, blocked tools, and minimum score are evaluated at decision time.
Evidence
The mandate snapshot is stored with every related Ledger invocation.