MandateOSGuardrails, approvals, and receipts for agent actionInstall without cloning
MandateOS is already packaged for Codex, Cursor, Claude Code, and OpenClaw. You do not need to clone this repository to try it.
You only need the basics that connect the local host to the runtime and a repo path where you want the guardrails installed.
Choose one host, export the base URL and agent token, run the matching `npx` installer, then run the host status command before doing sensitive work.
MandateOS becomes concrete immediately because the host now has local config, a status command, and a runtime path for risky actions.
The packages and installers are open source. Teams usually connect them to the managed control plane when they want shared approvals, workspace administration, and retained audit history.
Set your base URL and agent token in the shell where you plan to run an installer. Add a default mandate id only when you want one project mandate preselected.
Use the package entrypoint or download the shell script for Codex, Cursor, Claude Code, or OpenClaw. Each installer writes the local files that host needs.
Start the guarded workspace, approve the MandateOS MCP if the host asks, and confirm the status command before you move into sensitive work.
Copy the runtime URL and agent token from your MandateOS control plane. `MANDATE_OS_MCP_DEFAULT_MANDATE_ID` is optional and only needed when you want the host to start with a project mandate already selected.
# Replace with the runtime URL and agent token from your MandateOS control plane.
export MANDATE_OS_BASE_URL="https://your-mandateos-runtime-url"
export MANDATE_OS_AGENT_TOKEN="key_id.secret"
# Optional: preselect one mandate for this repo.
export MANDATE_OS_MCP_DEFAULT_MANDATE_ID="mdt_123"These open-source packages are the install and trust layer. Teams pair them with the managed control plane when they want hosted approvals and operator workflows.
@mandate-os/sdkUse the SDK when you want to call MandateOS from your own services, hooks, or custom host integrations.
npm install @mandate-os/sdk@latest@mandate-os/mcpRegisters the MandateOS MCP server and ships the installer CLIs for Codex, Cursor, and Claude Code.
npm install @mandate-os/mcp@latest@mandate-os/openclawInstalls the OpenClaw bridge, bundle, and guarded agent setup without copying repo files by hand.
npm install @mandate-os/openclaw@latestRun the package CLI directly with `npx`, or download the matching shell script and pass your workspace path as the first argument.
@mandate-os/mcpWrites project-scoped `.codex/config.toml` and `.codex/hooks.json` so Codex loads the MandateOS MCP server and Bash guardrails inside that repository.
Open Installer Detailsnpx --yes --package @mandate-os/mcp@latest mandate-os-codex-install install \
--workspace "/absolute/path/to/your/repo"@mandate-os/mcpConfigures Cursor user and workspace MCP entries, then writes `beforeShellExecution` and `beforeMCPExecution` hooks for the target repository.
Open Installer Detailsnpx --yes --package @mandate-os/mcp@latest mandate-os-cursor-install install \
--workspace "/absolute/path/to/your/repo"@mandate-os/mcpWrites the local-scoped `mandateos` MCP entry into `~/.claude.json` and creates workspace hooks in `.claude/settings.local.json`.
Open Installer Detailsnpx --yes --package @mandate-os/mcp@latest mandate-os-claude-install install \
--workspace "/absolute/path/to/your/repo"@mandate-os/openclawInstalls the OpenClaw extension bundle, configures the local MCP server, and creates a guarded agent profile for the selected workspace.
Open Installer DetailsMANDATE_OS_OPENCLAW_WORKSPACE_PATH="/absolute/path/to/your/repo" \
npx --yes --package @mandate-os/openclaw@latest mandate-os-openclaw-install install