Skip to main content

How to integrate Mandate

Mandate supports three integration patterns. Each one enforces the same policy checks (spend limits, allowlists, approval workflows, reason scanning) but differs in how your agent connects.

Hook-based (zero code changes)

Hooks intercept financial tool calls automatically. Your agent does not need to call validate() explicitly. The plugin watches for transaction-related commands and blocks them until Mandate approves. Two plugins use this pattern:
  • Claude Code Plugin: Installs as a Claude Code plugin. PreToolUse hook blocks Bash commands and MCP tools that contain wallet keywords. PostToolUse hook records validation tokens. Two-phase, fail-closed, no network calls in the gate.
  • OpenClaw Plugin: Installs via openclaw plugin install. Registers a message:preprocessed hook that intercepts financial tool calls (Locus, Bankr, Sponge, any swap/transfer/send) even if the agent skips mandate_validate.
Hook-based integrations are the strongest enforcement model. The agent cannot bypass the policy layer because the platform itself gates execution.

SDK-based (explicit calls)

Your agent calls validate() before every transaction. You add the Mandate SDK or a framework-specific plugin to your code and invoke it at the right moment. This works with any wallet. Available SDK integrations:
  • TypeScript SDK: MandateClient for validation, MandateWallet for the full validate-sign-broadcast flow.
  • GOAT Plugin: @Tool() decorator pattern. Transfer and x402 payment actions with built-in validation.
  • AgentKit Provider: Coinbase AgentKit WalletProvider and ActionProvider that wrap Mandate validation.
  • ElizaOS Plugin: Three actions (register, validate, transfer) plus a wallet provider for the ElizaOS runtime.
  • GAME Plugin: Worker functions for the Virtuals Protocol GAME SDK. Available in TypeScript and Python.
  • ACP Plugin: Job payment client for the Agent Commerce Protocol by Virtuals.
SDK-based integrations give you full control over when and how validation happens. The trade-off: your code must call validate before every transaction. If you forget, no safety net exists unless you also use a hook.

API-direct (any language)

Call the Mandate REST API from any programming language. No SDK required. Send HTTP requests to https://app.mandate.md/api/validate with your runtime key and transaction details.
  • REST API: Direct HTTP calls. Works with Python, Go, Rust, Java, or anything that speaks HTTP.
  • CLI: npx @mandate.md/cli for shell scripts and automation. Also supports MCP server mode for tool-based platforms.
  • MCP Server: Cloudflare Workers deployment that exposes search and execute tools over the MCP protocol.
API-direct is the most flexible option. You handle authentication, error handling, and retry logic yourself.

Comparison matrix

IntegrationTypeSetupLanguagesKey features
Claude Code PluginHookclaude plugin installAny (via Claude)Auto-intercept, two-phase gate, session scan
OpenClaw PluginHookopenclaw plugin installAny (via OpenClaw)3 tools, safety-net hook, auto-key storage
TypeScript SDKSDKnpm install @mandate.md/sdkTypeScript/JSMandateClient + MandateWallet, full control
CLICLInpx @mandate.md/cliAny (shell)All operations, MCP server mode
GOAT PluginSDKnpm installTypeScript@Tool() pattern, transfer + x402
AgentKit ProviderSDKnpm installTypeScriptWalletProvider + ActionProvider
ElizaOS PluginSDKnpm installTypeScript3 actions + wallet provider
GAME PluginSDKnpm install / pip installTS + PythonWorker functions
ACP PluginSDKnpm installTypeScriptJob payment client
MCP ServerAPIwrangler deployAny (MCP)search + execute tools
REST APIAPINoneAnyDirect HTTP calls

Which integration should you use?

Start here and follow the path that matches your setup:
  1. Using Claude Code? Install the Claude Code Plugin. Zero code changes, automatic enforcement.
  2. Using OpenClaw? Install the OpenClaw Plugin. Three tools register automatically, safety-net hook included.
  3. Using a supported framework? Pick the matching plugin: GOAT, AgentKit, ElizaOS, GAME, or ACP.
  4. Building a custom TypeScript agent? Use the TypeScript SDK. MandateClient for validation only, MandateWallet for the full flow.
  5. Need shell automation? Use the CLI. Works in scripts, CI/CD pipelines, and as an MCP server.
  6. Using another language (Python, Go, Rust)? Call the REST API directly. No SDK needed.
When possible, combine a hook-based plugin with an SDK integration. The hook acts as a safety net: even if your code misses a validate call, the hook catches it. This is the strongest enforcement model available.

Next Steps

Claude Code Plugin

Two-phase enforcement for Claude Code agents. Zero code changes.

OpenClaw Plugin

Three Mandate tools plus a safety-net hook for OpenClaw agents.

TypeScript SDK

MandateClient and MandateWallet for full programmatic control.

REST API

Direct HTTP calls from any language. No SDK required.