MandateOS / runtime guardrails for AI agents

Install approvals, guardrails, and receipts into agent workflows.

MandateOS gives teams using Codex, Cursor, Claude Code, OpenClaw, and MCP-based workflows a concrete operating loop: define a mandate, intercept risky actions, escalate when needed, and keep signed evidence behind what ran.

Export your connection values, run the host installer, and MandateOS writes local host config plus a status path into that workspace. No repo clone required.

Public proof
Open repo and install path3 published npm packages4 hosts available today

Signed receipts, execution grants, and audit-chain verification are inspectable from the first guarded action. See verification details

60-second tour

Watch one approval and receipt happen end to end.

Installer, mandate, runtime decision, signed receipt, and audit verification — without leaving the workspace.

How it works

What gets written, checked, kept, and inspected.

What Gets WrittenLocal MCP + hook config

MandateOS writes host-scoped files such as `.codex/config.toml`, `.codex/hooks.json`, Cursor hooks, and Claude workspace settings.

What Gets CheckedMandate, tool, zone, approval path

Before risky actions continue, the runtime evaluates scope, budget, risk zone, and whether an operator decision is required.

What Operators KeepReceipts, approval events, audit chain

Teams can review signed receipts, execution grants, approval events, and retained audit history after the action completes.

What You Can InspectPublic repo, packages, installers

The trust layer is open source, so teams can inspect the host integration path instead of relying on a black box.

See it running

From mandate to receipt in one operating loop.

Real screenshots from the MandateOS control plane — the workspace overview, mandate composer, signed mandate detail, and audit ledger.

MandateOS workspace overview showing mandate count, receipts, audit events, integrity status, and setup checklist.
Workspace overviewMandates, receipts, audit events, and integrity status on one surface.
MandateOS mandate composer with Basics, Risk, Surface, and Review tabs active on the Review step.
Mandate composerStep through preset, risk, surface, and review before issuing a signed mandate.
Mandate detail page showing the signed Mandate DSL policy block including purpose, spend cap, boundary, tools, and approval rules.
Mandate detailInspect the signed DSL, fingerprint, and policy body for any active mandate.
Workspace evidence view with recent mandates, selected mandate signature, and receipt counts.
Audit and evidenceSelected mandate evidence, receipt counts, and the wider workspace ledger together.

Where it fits

Use one approval and evidence model across the host tools your team already runs.

MandateOS sits between the agent and the actions that matter: shell execution, code changes, approvals, and higher-risk tool use.

Available today: Codex, Cursor, Claude Code, OpenClaw, and managed MCP flowsSame mandate, approval, and receipt model across local hostsPlanned: GitHub-side enforcement

Start with a concrete workflow

Install MandateOS into one repo, then watch the first approval and receipt happen.

The fastest way to evaluate MandateOS is to wire one host into one real repo, define one clear mandate, and inspect the evidence trail yourself.