Agents & mandates
An agent authenticates with its own key and acts only inside a mandate — its scope of authority.
Mandate fields
| Field | Meaning |
|---|---|
| Allowed actions | Action-type patterns the agent may attempt, e.g. payment.send, payment.*, llm.complete |
| Allowed resources | Resource patterns it may target, e.g. vendor:*, invoice:*, https://api.openai.com/* |
| Denied resources | Patterns always blocked (deny-list beats allow-list), e.g. vendor:sanctioned-* |
| Max per-action value | Hard ceiling; above it the action is denied |
| Require approval over | Value above which the action is held for a human |
| Rate limit / minute | Max authorize calls per rolling 60s |
| Permitted hours (UTC) | Optional window; outside it actions are held for approval |
Version history & rollback
Editing a mandate changes the authority of every agent attached to it, so every edit is versioned: open a mandate to see its history and roll back to a prior revision (which itself creates a new version, keeping the trail complete).
The agent registry
Each agent has a per-agent API key (shown once at registration; rotatable), an owner, an environment, tags, a behavioral risk profile, and a lineage if it was spawned by another agent. From an agent's page you can run the what-if simulator, review its risk factors, suspend / re-activate it, rotate its key, and page through its recent actions. Suspending or archiving an agent cascade-revokes its delegated subtree.
An agent can do nothing until it has a mandate. Start there.