MandateOS writes host-scoped files such as `.codex/config.toml`, `.codex/hooks.json`, Cursor hooks, and Claude workspace settings.
MandateOS / runtime guardrails for AI agents
Install approvals, guardrails, and receipts into agent workflows.
MandateOS gives teams using Codex, Cursor, Claude Code, OpenClaw, and MCP-based workflows a concrete operating loop: define a mandate, intercept risky actions, escalate when needed, and keep signed evidence behind what ran.
Export your connection values, run the host installer, and MandateOS writes local host config plus a status path into that workspace. No repo clone required.
Signed receipts, execution grants, and audit-chain verification are inspectable from the first guarded action. See verification details
60-second tour
Watch one approval and receipt happen end to end.
Installer, mandate, runtime decision, signed receipt, and audit verification — without leaving the workspace.
How it works
What gets written, checked, kept, and inspected.
Before risky actions continue, the runtime evaluates scope, budget, risk zone, and whether an operator decision is required.
Teams can review signed receipts, execution grants, approval events, and retained audit history after the action completes.
The trust layer is open source, so teams can inspect the host integration path instead of relying on a black box.
See it running
From mandate to receipt in one operating loop.
Real screenshots from the MandateOS control plane — the workspace overview, mandate composer, signed mandate detail, and audit ledger.




Where it fits
Use one approval and evidence model across the host tools your team already runs.
MandateOS sits between the agent and the actions that matter: shell execution, code changes, approvals, and higher-risk tool use.
Codex
Available TodayUse project-scoped Codex MCP and hook config to bring Bash-side actions under the same approval and receipt model.
Cursor
Available TodayBring Cursor sessions under the same approval, tool-scope, and receipt model as the rest of your agent operations.
Claude Code
Available TodayUse the same operating model in Claude Code so teams do not have to reinvent policy for each shell.
OpenClaw
Available TodayDesigned for OpenClaw’s flexible host surface so teams can keep explicit tool boundaries, approvals, and receipts around local agent power.
GitHub Enforcement
PlannedRepository-side actions are a natural next extension of the same policy and approval model.
Start with a concrete workflow
Install MandateOS into one repo, then watch the first approval and receipt happen.
The fastest way to evaluate MandateOS is to wire one host into one real repo, define one clear mandate, and inspect the evidence trail yourself.