Skip to main content

MandaitorClient

@mandaitor/sdk


@mandaitor/sdk / MandaitorClient

Class: MandaitorClient

Defined in: @mandaitor/sdk/dist/client.d.ts:14

Constructors

Constructor

new MandaitorClient(config): MandaitorClient

Defined in: @mandaitor/sdk/dist/client.d.ts:16

Parameters

config

MandaitorClientConfig

Returns

MandaitorClient

Methods

approveMandate()

approveMandate(mandateId, reason?): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:28

Parameters

mandateId

string

reason?

string

Returns

Promise<Mandate>


createMandate()

createMandate(req): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:18

Parameters

req

CreateMandateRequest

Returns

Promise<Mandate>


exchangeToken()

exchangeToken(params): Promise<TokenExchangeResponse>

Defined in: @mandaitor/sdk/dist/client.d.ts:133

Exchange a user's access token for a delegation token via OAuth 2.0 Token Exchange. Used for On-Behalf-Of flows where an AI agent acts on behalf of a user.

Parameters

params

TokenExchangeRequest

Returns

Promise<TokenExchangeResponse>


getAuditEvents()

getAuditEvents(mandateId, options?): Promise<PaginatedResponse<AuditEvent>>

Defined in: @mandaitor/sdk/dist/client.d.ts:69

Parameters

mandateId

string

options?
cursor?

string

limit?

number

Returns

Promise<PaginatedResponse<AuditEvent>>

Deprecated

Use getMandateEvents instead.


getEudiSessionStatus()

getEudiSessionStatus(sessionId): Promise<EudiSessionStatus>

Defined in: @mandaitor/sdk/dist/client.d.ts:120

Poll the status of an EUDI Wallet verification session. Returns the resolved identity when the session is completed.

Parameters

sessionId

string

Returns

Promise<EudiSessionStatus>


getEvent()

getEvent(eventId, mandateId): Promise<AuditEvent>

Defined in: @mandaitor/sdk/dist/client.d.ts:79

Parameters

eventId

string

mandateId

string

Returns

Promise<AuditEvent>


getEvidencePack()

getEvidencePack(mandateId, eventId?): Promise<EvidencePack>

Defined in: @mandaitor/sdk/dist/client.d.ts:107

Export a court-ready evidence pack for a mandate. Contains the mandate snapshot, hash-chained event log, proof tokens, case_log_hash, and issuer DID reference for independent verification.

Parameters

mandateId

string

The mandate to export evidence for

eventId?

string

Optional: scope the pack to a specific verification event

Returns

Promise<EvidencePack>


getIdpConfig()

getIdpConfig(): Promise<TenantIdpConfig>

Defined in: @mandaitor/sdk/dist/client.d.ts:124

Get the identity provider configuration for this tenant.

Returns

Promise<TenantIdpConfig>


getMandate()

getMandate(mandateId): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:19

Parameters

mandateId

string

Returns

Promise<Mandate>


getMandateEvents()

getMandateEvents(mandateId, params?): Promise<PaginatedResponse<AuditEvent>>

Defined in: @mandaitor/sdk/dist/client.d.ts:64

Parameters

mandateId

string

params?
cursor?

string

limit?

number

Returns

Promise<PaginatedResponse<AuditEvent>>


getMandateInstruction()

getMandateInstruction(mandateId): Promise<InstructionResponse>

Defined in: @mandaitor/sdk/dist/client.d.ts:98

Retrieve the decrypted instruction for a mandate.

Security note: Calling this endpoint creates an INSTRUCTION_REVEALED audit event. The instruction text is encrypted at rest and only decrypted on demand. Use sparingly — every call is logged.

Parameters

mandateId

string

The mandate whose instruction to reveal

Returns

Promise<InstructionResponse>

The decrypted instruction with metadata

Throws

If the mandate has no VUI or does not exist

Example

const instruction = await client.getMandateInstruction("mnd_abc123");
console.log(instruction.instruction_text); // "Bestelle Büromaterial bis 500€"
console.log(instruction.instruction_channel); // "chat"

initiateEudiSession()

initiateEudiSession(presentationDefinitionId?): Promise<EudiSessionResponse>

Defined in: @mandaitor/sdk/dist/client.d.ts:115

Initiate an EUDI Wallet verification session. Returns a session with QR code and deep link URIs for the wallet flow.

Parameters

presentationDefinitionId?

string

Optional: which PID attributes to request (defaults to "mandaitor-pid-standard")

Returns

Promise<EudiSessionResponse>


listEvents()

listEvents(params?): Promise<PaginatedResponse<AuditEvent>>

Defined in: @mandaitor/sdk/dist/client.d.ts:73

Parameters

params?
cursor?

string

event_type?

string

limit?

number

mandate_id?

string

Returns

Promise<PaginatedResponse<AuditEvent>>


listMandates()

listMandates(params?): Promise<PaginatedResponse<Mandate>>

Defined in: @mandaitor/sdk/dist/client.d.ts:20

Parameters

params?
cursor?

string

limit?

number

status?

string

Returns

Promise<PaginatedResponse<Mandate>>


reactivateMandate()

reactivateMandate(mandateId): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:27

Parameters

mandateId

string

Returns

Promise<Mandate>


rejectMandate()

rejectMandate(mandateId, reason?): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:29

Parameters

mandateId

string

reason?

string

Returns

Promise<Mandate>


revokeMandate()

revokeMandate(mandateId, reason?): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:25

Parameters

mandateId

string

reason?

string

Returns

Promise<Mandate>


suspendMandate()

suspendMandate(mandateId, reason?): Promise<Mandate>

Defined in: @mandaitor/sdk/dist/client.d.ts:26

Parameters

mandateId

string

reason?

string

Returns

Promise<Mandate>


updateIdpConfig()

updateIdpConfig(config): Promise<TenantIdpConfig>

Defined in: @mandaitor/sdk/dist/client.d.ts:128

Update the identity provider configuration.

Parameters

config

TenantIdpConfigUpdate

Returns

Promise<TenantIdpConfig>


verify()

verify(req): Promise<VerifyResponse>

Defined in: @mandaitor/sdk/dist/client.d.ts:30

Parameters

req

VerifyRequest

Returns

Promise<VerifyResponse>


verifyWithDrift()

verifyWithDrift(req, options): Promise<VerifyResponseWithSemantics>

Defined in: @mandaitor/sdk/dist/client.d.ts:63

Experimental

Verify an action with drift detection signals.

Returns advisory semantic signals alongside the verification decision. Drift signals NEVER affect the ALLOW/DENY decision.

Parameters

req

VerifyRequest

options

VerifyOptions

Returns

Promise<VerifyResponseWithSemantics>

Example

const result = await client.verifyWithDrift(
{ delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
{ drift: true },
);
if (result.semantic_signals?.drift_score?.drift_detected) {
console.warn("Drift detected!", result.semantic_signals.drift_score);
}

verifyWithPoM()

verifyWithPoM(req, options): Promise<VerifyResponseWithPoM>

Defined in: @mandaitor/sdk/dist/client.d.ts:45

Verify an action and optionally request a Proof-of-Mandate VC.

Parameters

req

VerifyRequest

options

VerifyOptions

Returns

Promise<VerifyResponseWithPoM>

Example

const result = await client.verifyWithPoM(
{ delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
{ pom: "sd-jwt-vc" },
);
if (result.proof_of_mandate) {
console.log(result.proof_of_mandate.compact); // SD-JWT string
}