Skip to main content

Mandate Policies and Policy Enforcement

Module 03 · Authorization architectureLesson 5 of 12

Mandate Policies and Policy Enforcement

Intermediate14–18 min1 prerequisite
Before you start
  • Understand mandates as bounded authority objects and know the basic verification model.
After this lesson you can
  • translate delegated authority into action, resource, constraint, and lifecycle rules
  • understand why policies must be checked at runtime
  • recognize common policy failure modes before production rollout

A mandate policy is the structured boundary that decides what a delegate may do. It turns an informal instruction into something a verifier can evaluate. A useful policy does not merely say “Agent A is allowed.” It describes the action, resource, constraints, time window, obligations, lifecycle status, and expected evidence.

Mandaitor policies should be understandable to humans and precise enough for machines. The best policy is narrow where risk is high, flexible where work genuinely varies, and explicit about what happens when the verifier cannot decide.

The anatomy of a mandate policy

Policy elementPlain-language meaningExample
PrincipalThe authority owner.Organization, user, project owner, account holder.
DelegateThe actor allowed to act.Named agent, workflow, service, or employee role.
ActionWhat may be done.Read, create, approve, submit, pay, notify.
ResourceWhat the action affects.Project, invoice, customer record, file, contract.
ConstraintA condition that must be true.Amount below threshold, before expiry, within jurisdiction.
ObligationA required follow-up or side effect.Notify reviewer, attach evidence, request dual approval.
LifecycleWhether the mandate can currently be used.Active, suspended, expired, revoked, superseded.

Allow, deny, and require approval

Not every decision is a simple allow or deny. Some actions should be allowed automatically, some denied automatically, and some routed to approval. This is especially important for agentic AI because the agent may propose an action that is close to a boundary but requires human judgment.

DecisionMeaningExample response
AllowThe action fits the mandate and constraints.Execute and record proof.
DenyThe action is outside authority or violates a hard rule.Stop and explain reason.
Require approvalThe action may be possible but needs human review.Ask principal or approver.
Require more contextThe verifier cannot evaluate a constraint yet.Provide amount, purpose, resource, or classification.

Constraints make authority safe enough to use

Constraints prevent a mandate from becoming a broad permission token. They reduce risk by narrowing when, where, how, and under which conditions authority can be used. A constraint should be explicit enough that a system can evaluate it or route it to the correct reviewer.

Constraint typeExampleWhat it protects against
TimeValid only until Friday or for one session.Stale authority and forgotten approvals.
AmountPayments below EUR 5,000.Unexpected financial exposure.
ResourceOnly project Alpha or customer account 123.Cross-resource overreach.
PurposeOnly for onboarding or invoice reconciliation.Secondary use outside original intent.
Location or jurisdictionOnly within an approved region.Regulatory or contractual mismatch.
Human approvalRequire review for high-risk actions.Fully automated irreversible harm.
RateMaximum number of actions per period.Abuse, runaway loops, or automation errors.

Policy enforcement pipeline

Mandaitor policy enforcement can be explained as a pipeline. The verifier receives an action request, resolves actor and mandate context, evaluates the policy, checks lifecycle and status, returns a decision, and emits evidence.

Pipeline stepFailure modeGood design response
Resolve actorUnknown or mismatched delegate.Require agent registration and identity binding.
Resolve mandateNo mandate or wrong mandate.Deny with clear reason or request proper delegation.
Evaluate actionAction name too broad or ambiguous.Use action taxonomy and examples.
Evaluate resourceResource identifier missing or too general.Require structured resource context.
Evaluate constraintsMissing amount, expiry, or purpose.Return “needs context” rather than guessing.
Emit evidenceDecision not recorded.Treat evidence requirements as part of policy.

Policy design examples

ScenarioWeak policyStronger mandate policy
Finance agentAgent may manage payments.Agent may create payment drafts below EUR 5,000 for approved vendors until quarter end; submission requires human approval.
Document agentAgent may access files.Agent may read project Alpha documents excluding restricted HR and legal folders for the purpose of validation.
Support agentAgent may update customer records.Agent may update non-sensitive support fields for assigned customers during active tickets.
Procurement agentAgent may buy supplies.Agent may request quotes for approved categories and place orders below a defined threshold after budget validation.

Practice check: write a safer mandate policy

Practice exercise

Policy boundary design

A procurement team wants an AI delegate to negotiate with approved suppliers, create purchase-order drafts, and submit orders below EUR 2,000. Anything above the threshold, anything involving a new supplier, or anything changing payment terms must require human approval.

This exercise should produce a policy sketch, not legal prose. A useful Mandaitor policy is precise enough for software to enforce and plain enough for humans to review.

  1. Separate allowed and escalated actionsWrite the actions that can proceed automatically and the actions that must move to approval.
  2. Define constraintsName the amount, supplier, time, role, and resource constraints that make the mandate testable.
  3. Add evidence requirementsSpecify which proof, reason, and approval fields should be recorded when the verifier returns allow or escalate.
A strong answer should show
Least authority
The policy grants only the authority needed for the procurement workflow.
Machine testability
The constraints can be evaluated at runtime without relying on vague intent.
Reviewer usefulness
The evidence fields explain why a purchase-order draft was allowed or escalated.
Check your understanding

Which policy design is safest for the procurement delegate?

  • Allow all procurement activity because the delegate belongs to the finance workspace.
  • Allow approved-supplier drafts and orders below EUR 2,000, while escalating new suppliers, payment-term changes, and higher amounts.
  • Deny all writes and allow only public reads, regardless of the team's workflow needs.
Reveal answer

The second option best reflects bounded delegation. It allows the useful low-risk workflow while preserving explicit escalation points for higher-risk supplier, amount, and payment-term changes.

Read Agentic AI from First Principles to understand why policies must be checked at runtime. Read Agentic Authorization and Runtime Evidence to see the runtime pipeline in action. Read Compliance Dashboard Explained to understand how policy outcomes appear in review surfaces.

Progress

Save your learning progress

Mark this lesson as complete to update the Academy overview without requiring an account.