Agents & mandates

An agent authenticates with its own key and acts only inside a mandate — its scope of authority.

Mandate fields

FieldMeaning
Allowed actionsAction-type patterns the agent may attempt, e.g. payment.send, payment.*, llm.complete
Allowed resourcesResource patterns it may target, e.g. vendor:*, invoice:*, https://api.openai.com/*
Denied resourcesPatterns always blocked (deny-list beats allow-list), e.g. vendor:sanctioned-*
Max per-action valueHard ceiling; above it the action is denied
Require approval overValue above which the action is held for a human
Rate limit / minuteMax authorize calls per rolling 60s
Permitted hours (UTC)Optional window; outside it actions are held for approval

Version history & rollback

Editing a mandate changes the authority of every agent attached to it, so every edit is versioned: open a mandate to see its history and roll back to a prior revision (which itself creates a new version, keeping the trail complete).

The agent registry

Each agent has a per-agent API key (shown once at registration; rotatable), an owner, an environment, tags, a behavioral risk profile, and a lineage if it was spawned by another agent. From an agent's page you can run the what-if simulator, review its risk factors, suspend / re-activate it, rotate its key, and page through its recent actions. Suspending or archiving an agent cascade-revokes its delegated subtree.

An agent can do nothing until it has a mandate. Start there.