Story

Hi HN,

I’ve been working on a small MVP called Mandate. The idea is simple:

AI agents can spend money and call tools, but today we mostly control them with prompts and conventions. I wanted something closer to IAM / firewall thinking, but for agents.

Mandate enforces authority at runtime, outside the LLM.

Core concepts: - Agent = stable identity (not a process) - Policy = static, versioned authority template - Rules = select policies based on invocation context (env, user tier, etc.) - Mandate = short-lived authority issued per invocation - Enforcement = deterministic allow/block of tool + LLM calls

This lets you: - cap spend per invocation or over time - restrict tools and MCP servers - kill an agent instantly - audit every decision with reason codes

No prompt tricks, no AI judgment — just mechanical enforcement.

Repo (very early MVP): https://github.com/kashaf12/mandate

I’m not sure yet if this is something teams actually want, or if it’s too early / overkill. I’d really value feedback from people running agents or automation in production: - Have you hit failures where prompts weren’t enough? - Do you already enforce hard limits internally? - What would make this useful vs annoying?

Thanks for reading.