Agent Mandate
An agent mandate is an explicit, machine-readable definition of the authority a principal delegates to an AI agent.
Définition
An agent mandate is the explicit, machine-readable definition of the authority a principal delegates to an AI agent: what the agent may do, within what limits, under what conditions. The MAS SAFR (Safeguards for Agentic Finance at Runtime) white paper calls the mandate "the mechanism through which a user defines the bounds of the authority delegated to an agent."
The concept draws on capability-based security, formalized by Dennis and Van Horn in 1966 and underlying OAuth 2.0: authority travels as an explicit grant that can be inspected, scoped, and revoked. Applied to agents, the controlling rule comes directly from the paper: "An agent cannot extend the scope of a mandate through its own reasoning or inference. Authority is explicit, structured, and defined by the mandate, not inferred by the agent." In SAFR's Controls Repository, a control built on a mandate encodes five parameters: the permitted action types, the decision logic, the escalation conditions, the validity period, and the principal authority behind the delegation.
The mandate exists because agents adapt mid-run. Between the proposal an agent makes at step one and the action it proposes at step five, conditions change and the agent's reasoning changes with them. A mandate holds the delegated authority fixed while the plan moves, and it gives reviewers and auditors a stable object to check any action against: the action falls within the mandate or it does not. SAFR reinforces this per action in multi-step workflows, since prior authorization carries no authority forward into the next step. The paper cites the Agent Payments Protocol (AP2), with its cryptographically signed mandates, as a prominent industry example.
In practice, mandates become policy bindings: versioned, machine-readable policies encode each agent's permitted tools and action types, and the runtime verifies it holds the published policy version before evaluating. The mandate travels with each action inside the governance envelope's context metadata, and enforcement happens through policy-bound execution. In KLA's SAFR implementation, policy bindings through the Tool Catalog fill this role.
