Skip to main content

Proof-of-Mandate (PoM)

A Proof-of-Mandate (PoM) is a cryptographically secured, verifiable artifact that proves a specific action performed by an AI agent was authorized by a valid mandate at a specific point in time. It is the core evidence object in Mandaitor and serves as an immutable record for audits, dispute resolution, and downstream trust workflows.

Technology: SD-JWT VC

Mandaitor implements PoMs as W3C Verifiable Credentials (VCs) encoded in the Selective Disclosure JWT (SD-JWT) format. This choice provides two important advantages.

  1. Standards alignment: Verifiable Credentials are an open standard for digital proof artifacts and support interoperability across systems and trust frameworks.
  2. Selective disclosure: Not every field in a PoM needs to be visible to every recipient. SD-JWTs allow the holder of the PoM, typically the AI agent or the relying application, to disclose only selected claims while keeping the remaining claims hidden without invalidating the cryptographic proof.

Example use case

Imagine a construction validation agent approving a plan change. The agent calls Mandaitor's /verify endpoint and receives the response decision: ALLOW.

The agent can additionally request a PoM. Mandaitor then generates an SD-JWT VC certifying the following facts.

  • Who: The agent monco:agent:validate-agent-v2
  • What: Performed the action construction.validation.approve
  • On what: Against the resource monco:project:proj_123/zone:EG
  • When: At 2026-03-11T10:00:00Z
  • Why: Because mandate mdt_abc123 allowed it

That PoM can be stored alongside the business result of the action. If a dispute or review occurs later, the PoM can be presented as definitive evidence that the action was authorized at runtime.

Selective disclosure in practice

A PoM may contain sensitive fields such as an internal mandate identifier or tenant identifier. When sharing the PoM with third parties, those fields can be cryptographically hidden while the essential facts, such as the action, resource, decision, and issuance context, remain visible. This preserves privacy without sacrificing verifiability.