# Mandate > Developer documentation for Mandate: non-custodial agent wallet policy layer that enforces spend limits, allowlists, and approval workflows for AI agent transactions. ## Docs - [Check address risk](https://docs.mandate.md/api-reference/agent-api/check-address-risk.md): Run a risk assessment against a target address using the Aegis security scanner. Returns a risk level and warnings. - [Set wallet address](https://docs.mandate.md/api-reference/agent-api/set-wallet-address.md): Sets the EVM wallet address for the agent. Call once after registration if the address was not provided at registration time, or to update it. - [Validate a raw EVM transaction (deprecated)](https://docs.mandate.md/api-reference/agent-api/validate-a-raw-evm-transaction-deprecated.md): Legacy raw EVM validation endpoint. Requires full transaction parameters and an intentHash. Use `/api/validate` for all new integrations. - [Validate a transaction (action-based)](https://docs.mandate.md/api-reference/agent-api/validate-a-transaction-action-based.md): Primary validation endpoint. Checks circuit breaker, schedule, allowlist, blocked actions, spend limits, daily/monthly quotas, address risk, reason scanner, and approval gates. Works with any wallet type (custodial or self-custodial). No intentHash, nonce, or gas params needed. - [Approve or reject a pending approval](https://docs.mandate.md/api-reference/approvals/approve-or-reject-a-pending-approval.md): Makes a decision on a pending approval request. Transitions the associated intent to `approved` or `rejected`. - [List pending approvals](https://docs.mandate.md/api-reference/approvals/list-pending-approvals.md): Returns paginated list of pending approval requests for all agents owned by the authenticated user. Only non-expired pending approvals are returned. - [Claim an agent](https://docs.mandate.md/api-reference/dashboard/claim-an-agent.md): Links an unclaimed agent to the authenticated user's dashboard account using the claim code from the agent's `claimUrl`. - [Create an agent from dashboard](https://docs.mandate.md/api-reference/dashboard/create-an-agent-from-dashboard.md): Creates a new agent directly from the dashboard. The agent is automatically claimed by the authenticated user. Returns a runtime key. - [Delete an agent](https://docs.mandate.md/api-reference/dashboard/delete-an-agent.md): Permanently deletes the agent and all associated data. - [Regenerate runtime key](https://docs.mandate.md/api-reference/dashboard/regenerate-runtime-key.md): Revokes all existing runtime keys for the agent and generates a new one. The old key stops working immediately. - [Toggle circuit breaker](https://docs.mandate.md/api-reference/dashboard/toggle-circuit-breaker.md): Toggles the circuit breaker for the agent. When active, all transactions are blocked with `circuit_breaker_active`. - [Update agent name](https://docs.mandate.md/api-reference/dashboard/update-agent-name.md): Updates the agent's display name. - [Get intent status](https://docs.mandate.md/api-reference/intent-lifecycle/get-intent-status.md): Poll the current status of an intent. Use this to wait for approval decisions or on-chain confirmation. - [Post transaction hash after broadcast](https://docs.mandate.md/api-reference/intent-lifecycle/post-transaction-hash-after-broadcast.md): After broadcasting a signed transaction on-chain, post the txHash back to Mandate. This transitions the intent to `broadcasted` and triggers asynchronous envelope verification (for raw-validated intents). - [API Reference Overview](https://docs.mandate.md/api-reference/overview.md): Base URL, authentication, error format, and endpoint summary for the Mandate REST API. - [Create a new policy](https://docs.mandate.md/api-reference/policies/create-a-new-policy.md): Creates a new active policy for the agent. The previous active policy is automatically deactivated. Fields not provided are carried forward from the previous policy. - [List agent policies](https://docs.mandate.md/api-reference/policies/list-agent-policies.md): Returns all policies for the agent, ordered by creation date (newest first). The active policy has `is_active: true`. - [Register a new agent](https://docs.mandate.md/api-reference/registration/register-a-new-agent.md): Creates a new agent identity with a runtime key and claim URL. No authentication required. The agent receives a `runtimeKey` for API calls and a `claimUrl` the human owner visits to link the agent to their dashboard. - [Changelog](https://docs.mandate.md/changelog.md): Version history and release notes for Mandate API and SDK. - [mandate activate](https://docs.mandate.md/cli/activate.md): Set the EVM wallet address for a registered agent. Required before validating transactions. - [Approve](https://docs.mandate.md/cli/approve.md): Wait for a wallet owner to approve or reject a pending Mandate intent from the command line. - [Event](https://docs.mandate.md/cli/event.md): Post a broadcast transaction hash to Mandate for envelope verification after signing and broadcasting a raw-validated transaction. - [Agent Discovery (--llms)](https://docs.mandate.md/cli/llms-flag.md): Use the --llms and --llms-full flags to let AI agents discover Mandate CLI commands, schemas, and capabilities programmatically. - [mandate login](https://docs.mandate.md/cli/login.md): Register a new agent with the Mandate API and store credentials locally for subsequent commands. - [MCP Server Mode (--mcp)](https://docs.mandate.md/cli/mcp-flag.md): Start the Mandate CLI as an MCP stdio server so AI assistants like Claude Desktop and Codex CLI can validate transactions through tool calls. - [CLI Overview](https://docs.mandate.md/cli/overview.md): Install and use the Mandate CLI to register agents, validate transactions, and scan codebases for unprotected wallet calls. - [Scan](https://docs.mandate.md/cli/scan.md): Scan your codebase for unprotected wallet and financial calls that bypass Mandate validation. Zero config, zero auth, CI-friendly. - [Status](https://docs.mandate.md/cli/status.md): Check the current state of a Mandate intent, including transaction hash, block number, and USD amount. - [mandate transfer](https://docs.mandate.md/cli/transfer.md): Validate an ERC20 transfer against your agent's policy. Preflight mode by default, raw mode for legacy self-custodial flows. - [mandate validate](https://docs.mandate.md/cli/validate.md): Validate a transaction against your agent's policy. Supports preflight (action-based) and raw EVM modes. - [mandate whoami](https://docs.mandate.md/cli/whoami.md): Display the current agent's identity, wallet address, chain ID, and credential status. - [System Architecture](https://docs.mandate.md/concepts/architecture.md): How Mandate's policy enforcement layer sits between AI agents and blockchain networks to validate every transaction before signing. - [Glossary](https://docs.mandate.md/concepts/glossary.md): Definitions of key Mandate terms: policies, intents, validation flows, SDK classes, and security mechanisms. - [Intent Hash](https://docs.mandate.md/concepts/intent-hash.md): How the keccak256 intent hash binds validated transaction parameters to execution, preventing envelope swap attacks in raw validation flows. - [Intent Lifecycle](https://docs.mandate.md/concepts/intent-lifecycle.md): How Mandate intents move through states from validation to on-chain confirmation, including TTLs, transitions, and terminal states. - [Non-Custodial Model](https://docs.mandate.md/concepts/non-custodial.md): How Mandate enforces transaction policies without ever holding, accessing, or storing agent private keys. - [Policy Engine](https://docs.mandate.md/concepts/policy-engine.md): The 14-check validation pipeline that evaluates every agent transaction against configured policy rules, spend limits, and approval triggers. - [The Reason Field](https://docs.mandate.md/concepts/reason-field.md): Why every Mandate validation requires a reason string, how it detects prompt injection, and why session keys cannot replicate this protection. - [Agents Management](https://docs.mandate.md/dashboard/agents.md): Create, claim, edit, and delete agents from the Mandate dashboard. Manage runtime keys and wallet addresses. - [Approvals](https://docs.mandate.md/dashboard/approvals.md): Review, approve, or reject pending agent transactions from the Mandate dashboard approval queue. - [Audit Log](https://docs.mandate.md/dashboard/audit-log.md): Browse the immutable transaction history for all agents with filters, status colors, and explorer links in the Mandate dashboard. - [Circuit Breaker](https://docs.mandate.md/dashboard/circuit-breaker.md): Toggle the circuit breaker to instantly block or resume all transactions for an agent in the Mandate dashboard. - [Insights](https://docs.mandate.md/dashboard/insights.md): Review AI-generated policy recommendations based on transaction pattern analysis in the Mandate dashboard. - [MANDATE.md Editor](https://docs.mandate.md/dashboard/mandate-md-editor.md): Write natural-language guard rules in the dashboard MANDATE.md editor to configure agent policies with a live preview. - [Notifications](https://docs.mandate.md/dashboard/notifications.md): Configure Telegram, Slack, Discord, and webhook notifications for agent events in the Mandate dashboard. - [Dashboard Overview](https://docs.mandate.md/dashboard/overview.md): Navigate the Mandate dashboard to manage agents, configure policies, and monitor transactions at app.mandate.md. - [Policy Builder](https://docs.mandate.md/dashboard/policy-builder.md): Configure per-agent policies with spend limits, allowlists, blocked actions, approval thresholds, schedules, and guard rules in the Mandate dashboard. - [Webhooks](https://docs.mandate.md/dashboard/webhooks.md): Configure webhook endpoints with HMAC-SHA256 verification, retry policies, and structured JSON payloads for Mandate agent events. - [Choosing an Integration](https://docs.mandate.md/guides/choosing-integration.md): Pick the right Mandate integration for your agent framework, language, and architecture. Decision tree and comparison table for all 11 integration methods. - [CI/CD Integration](https://docs.mandate.md/guides/ci-cd.md): Add the Mandate codebase scanner to your CI/CD pipeline. Catch unprotected wallet calls before they reach production with GitHub Actions, GitLab CI, or pre-commit hooks. - [Codebase Scanner](https://docs.mandate.md/guides/codebase-scanner.md): Detect unprotected wallet and transaction calls in your codebase. Run the scanner via CLI, integrate into CI, or let plugins scan automatically on startup. - [Fail-Safe Rules](https://docs.mandate.md/guides/fail-safe.md): The five non-negotiable fail-safe rules every Mandate integration must follow. Fail-closed by design: if the API is unreachable, the transaction does not execute. - [Handle Approval Workflows](https://docs.mandate.md/guides/handle-approvals.md): Catch ApprovalRequiredError, poll for human decisions, and use MandateWallet shortcuts to handle the full approval flow in your agent code. - [Handle Errors](https://docs.mandate.md/guides/handle-errors.md): Catch and recover from all 5 Mandate error types: PolicyBlockedError, CircuitBreakerError, ApprovalRequiredError, RiskBlockedError, and MandateError. - [Register an Agent](https://docs.mandate.md/guides/register-agent.md): Create an agent identity with Mandate, get a runtime key for API authentication, and link the agent to a wallet owner's dashboard. - [Validate Transactions](https://docs.mandate.md/guides/validate-transactions.md): Validate every agent transaction against Mandate's policy engine before signing. Learn the validate() call, handle all three outcomes, and follow best practices for production agents. - [Writing MANDATE.md Policy Files](https://docs.mandate.md/guides/write-mandate-md.md): Define agent behavior constraints in plain language with MANDATE.md. Learn the syntax, structure, and how each section maps to policy engine fields. - [x402 Payment Protocol](https://docs.mandate.md/guides/x402-payments.md): Integrate HTTP 402 payments into your agent with Mandate policy enforcement. One-line x402Pay or manual flow with full validation. - [How Mandate Works](https://docs.mandate.md/how-it-works.md): Learn how Mandate validates agent transactions through 14 policy checks, non-custodial signing, and human approval workflows. Covers the core flow, comparison to session keys, and the three validation outcomes. - [ACP (Agent Commerce Protocol)](https://docs.mandate.md/integrations/acp-virtuals.md): Enforce Mandate spending policies on ACP inter-agent payments with the @mandate.md/acp-plugin. - [Coinbase AgentKit Provider](https://docs.mandate.md/integrations/agentkit.md): Integrate Mandate policy enforcement into Coinbase AgentKit with a WalletProvider and ActionProvider. - [Claude Code Plugin](https://docs.mandate.md/integrations/claude-code.md): Install the Mandate Claude Code plugin for two-phase transaction enforcement: automatic blocking of unvalidated wallet calls with zero code changes. - [ElizaOS Plugin](https://docs.mandate.md/integrations/elizaos.md): Add Mandate policy-enforced token transfers and payments to your ElizaOS agent with the @mandate.md/eliza-plugin. - [GAME SDK (Virtuals Protocol)](https://docs.mandate.md/integrations/game-virtuals.md): Integrate Mandate policy enforcement into GAME SDK agents by Virtuals Protocol, with TypeScript and Python examples. - [GOAT SDK Plugin](https://docs.mandate.md/integrations/goat-sdk.md): Add Mandate policy enforcement to your GOAT SDK agent with the @mandate.md/goat-plugin package. - [MCP Server](https://docs.mandate.md/integrations/mcp-server.md): Deploy a Mandate MCP server on Cloudflare Workers to give any MCP-compatible AI client access to Mandate validation tools. - [OpenClaw Plugin](https://docs.mandate.md/integrations/openclaw.md): Install the Mandate OpenClaw plugin to give your agent three policy tools and a safety-net hook that blocks unvalidated transactions automatically. - [Integrations Overview](https://docs.mandate.md/integrations/overview.md): Choose the right Mandate integration for your agent: hook-based plugins, framework SDKs, CLI, or direct REST API calls. - [Vercel AI SDK](https://docs.mandate.md/integrations/vercel-ai.md): Use Mandate with the Vercel AI SDK to enforce spending policies on AI-generated transactions. - [Mandate: Agent Wallet Policy Layer](https://docs.mandate.md/introduction.md): Mandate is a non-custodial policy layer that enforces spend limits, allowlists, and approval workflows on AI agent transactions. Private keys never leave your machine. - [Mandate SKILL Reference](https://docs.mandate.md/llms-skill.md): Machine-readable API reference for AI agents integrating with Mandate. Covers validation, registration, error handling, and chain reference. - [Quickstart](https://docs.mandate.md/quickstart.md): Get Mandate running in under 5 minutes. Choose your path: Claude Code plugin, OpenClaw, TypeScript SDK, or CLI. - [Approval Triggers](https://docs.mandate.md/reference/approval-triggers.md): Reference for all 7 conditions that pause an agent transaction and route it to the owner for human approval. - [Block Reasons](https://docs.mandate.md/reference/block-reasons.md): Complete reference for all blockReason values returned by the Mandate policy engine, with HTTP status codes, causes, and resolution steps. - [Chain Reference](https://docs.mandate.md/reference/chain-reference.md): Supported chains, chain IDs, USDC contract addresses, and runtime key prefixes for Mandate. - [Error Codes](https://docs.mandate.md/reference/error-codes.md): HTTP status codes, error response format, and SDK error class mapping for the Mandate API. - [Intent States](https://docs.mandate.md/reference/intent-states.md): Complete state machine reference for Mandate intents, with all 9 states, TTLs, transitions, and terminal state behavior. - [Policy Fields](https://docs.mandate.md/reference/policy-fields.md): Complete schema reference for every configurable field in a Mandate agent policy, with types, defaults, and descriptions. - [Rate Limits](https://docs.mandate.md/reference/rate-limits.md): Rate limiting behavior, response headers, and retry strategies for the Mandate API. - [Constants Reference](https://docs.mandate.md/sdk/constants.md): USDC contract addresses and chain ID constants exported by the Mandate SDK for mainnet and testnet networks. - [Error Classes](https://docs.mandate.md/sdk/errors.md): Reference for all error classes thrown by the Mandate SDK, with recovery patterns and code examples. - [Intent Hash](https://docs.mandate.md/sdk/intent-hash.md): How the Mandate intent hash is computed, the canonical string format, and common mismatch causes. - [MandateClient](https://docs.mandate.md/sdk/mandate-client.md): Complete reference for MandateClient, the low-level SDK class for validating transactions, polling intent status, and managing approval workflows. - [MandateWallet](https://docs.mandate.md/sdk/mandate-wallet.md): High-level policy-enforced wallet that validates, signs, broadcasts, and confirms transactions in one call using viem. - [SDK Overview](https://docs.mandate.md/sdk/overview.md): Install the Mandate TypeScript SDK and start validating agent transactions with MandateClient and MandateWallet. - [TypeScript Types](https://docs.mandate.md/sdk/types.md): All exported TypeScript interfaces from the Mandate SDK, with field descriptions and usage notes. - [Circuit Breaker](https://docs.mandate.md/security/circuit-breaker.md): Emergency stop mechanism that blocks all transactions for a compromised or malfunctioning agent. - [Credential Management](https://docs.mandate.md/security/credential-management.md): Best practices for storing, rotating, and revoking Mandate runtime keys. - [Envelope Verification](https://docs.mandate.md/security/envelope-verification.md): How Mandate verifies that on-chain transactions match validated parameters to prevent tx swapping. - [Prompt Injection Detection](https://docs.mandate.md/security/prompt-injection.md): How Mandate's reason scanner detects and blocks prompt injection attacks in agent transactions. - [Agent Reputation (ERC-8004)](https://docs.mandate.md/security/reputation.md): On-chain agent reputation scoring via ERC-8004 and how it affects transaction approval. - [Address Risk Scanning](https://docs.mandate.md/security/risk-scanning.md): How Mandate screens destination addresses against known-malicious databases using the Aegis service. - [Threat Model](https://docs.mandate.md/security/threat-model.md): The threats Mandate protects against and the defense layers that stop them. - [Approval Timeout](https://docs.mandate.md/troubleshooting/approval-timeout.md): Diagnosing and recovering from expired approvals, with TTL reference and notification setup. - [Circuit Breaker Tripped](https://docs.mandate.md/troubleshooting/circuit-breaker-tripped.md): How to diagnose why a circuit breaker tripped, investigate the root cause, and reset it safely. - [Common Errors](https://docs.mandate.md/troubleshooting/common-errors.md): Solutions for the most frequent Mandate API errors, with code examples for detection and recovery. - [Frequently Asked Questions](https://docs.mandate.md/troubleshooting/faq.md): Answers to the 20 most common questions about Mandate: chain support, testing, key management, approvals, and integration patterns. - [Intent Hash Mismatch](https://docs.mandate.md/troubleshooting/intent-hash-mismatch.md): Debugging guide for intent_hash_mismatch errors in Mandate raw validation, with a 7-point checklist and common fixes. ## OpenAPI Specs - [openapi](https://docs.mandate.md/openapi.json)