Skip to content

Mandate Object

An AUMP mandate binds a principal to an agent under a specific purpose and set of authority, preference, negotiation, disclosure, escalation, and evidence rules.

Required Top-Level Fields

Field Purpose
aump Protocol metadata envelope.
aump.version Protocol version.
id Stable mandate identifier.
status Lifecycle state.
issued_at Issuance timestamp.
expires_at Expiration timestamp.
principal Represented party.
agent Agent or runtime bound to the mandate.
purpose Task and domain boundary.
authority Autonomy, permissions, prohibitions, and objective bounds.
preferences Soft and hard user preferences.
negotiation Bargaining policy and protected negotiation fields.
disclosure What mandate-derived data may be revealed.
escalation Conditions requiring trusted review.
evidence Event recording and retention expectations.
compliance Optional regulatory, enterprise, or safety profile obligations.

Authority Example

{
  "authority": {
    "mode": "delegated",
    "permissions": ["make_offer", "accept_deal", "send_message"],
    "prohibited_actions": ["share_payment_credentials"],
    "budget": {
      "currency": "USD",
      "max_total_minor": 500
    },
    "requires_trusted_ui_for_commitment": false
  }
}

Disclosure Example

{
  "disclosure": {
    "default": "deny",
    "public_summary": "Buyer is looking for low-cost creative supplies.",
    "allowed": [
      {
        "field": "purpose.summary",
        "to": "counterparty"
      }
    ],
    "prohibited": [
      {
        "field": "negotiation.reservation_price"
      },
      {
        "field": "preferences.private_notes"
      }
    ]
  }
}

Validation Requirements

Before autonomous action, implementations must:

  • validate the mandate schema;
  • reject non-active states;
  • reject expired mandates;
  • verify delegated authority has objective bounds;
  • enforce prohibited actions;
  • enforce budget and currency limits;
  • enforce machine-readable hard constraints;
  • evaluate disclosure before outbound content;
  • deny prohibited compliance decision factors;
  • require trusted review for compliance-gated action types;
  • evaluate escalation before commitments.

Machine-Readable Constraints

Hard constraints can include field, operator, and one of value, min, max, or values. The field is a dotted path on the proposed action, such as attributes.square_footage or terms.inspection_contingency.

{
  "id": "minimum_square_footage",
  "description": "Home must be at least 1800 square feet.",
  "field": "attributes.square_footage",
  "operator": "gte",
  "value": 1800
}

If the proposed action omits a field needed to evaluate a machine-readable hard constraint, the action is denied.

Compliance Profile

Compliance profiles keep the protocol agnostic while allowing regulated or enterprise deployments to bind actions to specific obligations.

{
  "compliance": {
    "profiles": [
      {
        "id": "us.fair_housing",
        "name": "U.S. Fair Housing protected-class guardrail"
      }
    ],
    "prohibited_decision_factors": [
      {
        "field": "principal.familial_status",
        "reason": "Fair housing protected class",
        "profile_id": "us.fair_housing"
      }
    ],
    "review_required_actions": ["submit_offer"]
  }
}