Mandates & Charter¶
Declare the outcomes your agents must uphold. Xybern compiles, enforces, and proves them.
Every competitor asks you to write rules: IF an action matches this pattern THEN block it. Rules are the primitive, and primitives are easy to copy. Xybern lets you work one level up. You declare a Mandate, a plain-language outcome ("no personal data may ever leave the organisation", "no payment above 10,000 without a named human approver"), and Xybern compiles it into the right mix of enforcement, backtests it against your real history, and signs it into your Charter.
What a Mandate compiles into¶
An LLM compiles each outcome into the smallest mix of enforcement primitives that upholds it:
| Layer | What it covers |
|---|---|
| Deterministic (action matchers, content patterns) | The enumerable cases. Zero latency, fail closed, the backbone. You never write the regex, the compiler does. |
| Semantic guard | Paraphrase and euphemism the deterministic layer cannot enumerate. One guard per mandate. This is why Xybern holds 100% catch under paraphrase where keyword rules collapse. |
| Verdict conditions | Risk-shaped cases, expressed over the Risk Verdict dimensions (e.g. escalate when blast radius is severe). |
| Sequence detectors | Multi-step patterns (velocity, ordered exfiltration). |
You see exactly what your outcome compiled into before it goes live, as a table of primitives with what each matches, its decision, and why the compiler chose it.
Nothing about enforcement changes¶
The compiled primitives are stored as ordinary enforcement rules underneath. The existing engine evaluates them, the policy set hash that signs every decision already includes them, and the verdict second pass already handles the verdict primitives. Mandates are a management-plane concept on top of the enforcement you already trust. The advanced Policies view still lets power users author raw primitives directly, they are simply the substrate beneath the Charter.
Lifecycle¶
declare outcome → compiled (LLM produces the primitive mix)
review → see the primitives, backtest against real history
save → shadow (log only) or active (enforce)
active/shadow → disabled (compiled rules removed)
recompile (re-run the compiler on the same outcome)
Default to shadow. A mandate in shadow logs what it would have done without affecting traffic. Promote it to active when the backtest and shadow results look right.
Backtest before you deploy¶
Before a mandate ever enforces, replay it against your workspace's real decision history and see exactly what it would have done: how often it would fire, what it would have caught that was previously allowed, and the deterministic vs semantic vs verdict coverage split. Policy authoring becomes engineering, not guesswork.
The Charter¶
The signed, versioned collection of your workspace's mandates. The Charter carries an HMAC signature over the whole collection, the policy set hash proving which compiled rules are in force, and a coverage rollup. Every time a mandate is activated or disabled the Charter is re-signed and the change is sealed to the Provenance Vault, so the evolution of your standing law is itself tamper evident.
Where it sits¶
Mandates are the top layer of a four-layer authorisation stack, each more specific than the one above:
| Layer | Object | Scope |
|---|---|---|
| Charter | Mandates | standing law of the workspace |
| Access Profiles | job boundary | per agent |
| Intent Contracts | approved plan | per mission |
| Risk Verdict | signed decision record | per action |
Standing law, then job, then mission, then action.
API¶
Agent facing (API key auth):
| Method | Path | Notes |
|---|---|---|
| POST | /v1/enforce/mandates |
{outcome_text, agent_id?} compiles and stores a draft mandate |
| GET | /v1/enforce/mandates |
list, filter by status, agent_id |
| GET | /v1/enforce/mandates/{id} |
full detail including the compiled mix and signature |
Dashboard (Charter tab): compile a preview, backtest it, save as shadow or active, activate, disable, recompile, delete, and view the signed Charter.
Webhooks and vault¶
Webhook events: mandate.created, mandate.activated, mandate.disabled. Every lifecycle event and every Charter re-signing is sealed to the Provenance Vault, with the mandate signed by canonical-JSON HMAC over its outcome and compiled mix on activation.