Platform

xMandate Control Plane

Centralize execution policy, issue portable receipts, and verify outcomes across agents, protocols, and enterprise workflows.

Talk to xMandateView the SAR SDK
xMandate Control Plane
Policy
Attestation
Verification
Trust Surfaces
Guard
APIs
Runtimes
CI/CD
Outputs
Receipts
Audit
Verification
Trust signals

Architecture

How the control plane governs execution.

Trust surfaces submit execution requests. The control plane enforces policy, signs receipts, and enables independent verification.

Trust Surfaces
xMandate Guard
API Gateways
Agent Runtimes
CI/CD Hooks
MCP / A2A Adapters
Control Plane
xMandate Control Plane
Policy Engine
Evaluate permissions before execution
Attestation Service
Sign receipts after execution
Verification Service
Validate receipts independently
Outputs
Execution Receipts
Audit Trail
Verification Decisions
Trust Signals

System Layers

Three layers of governed execution.

Policy constrains. Attestation proves. Verification trusts.

Layer 1

Policy

What gets defined before execution. Every agent action must pass through a policy gate — specifying who can act, what they can do, and under what constraints.

Policy
scopeagent:billing-service
actoragent-0x7f3a
actionstripe.charge
toolpayments-api
max$10,000
requirereceipt, verification
Layer 2

Attestation

What gets recorded after execution. The control plane signs a cryptographic receipt documenting the action, the policy it was governed by, and the compliance verdict.

Attestation
actionstripe.charge
policybilling.transfer.max
verdictCOMPLIANT
receiptsar:xm:9d2e...4a7b
sigEd25519:8f3a...c9d1
timestamp2026-03-14T10:32:00Z
Layer 3

Verification

How downstream systems consume proof. Any party can independently verify a receipt — offline, without calling back to the issuing service, and without trusting the executing agent.

Verification
policyCOMPLIANT
signatureVALID
timestampVERIFIED
outcomeINDEPENDENTLY VERIFIED

Trust Surfaces

Enforce anywhere execution happens.

Any place where execution needs policy and proof can become a trust surface. The control plane is protocol-agnostic and runtime-independent.

xMandate Control Plane

xMandate Guard

Browser-level policy enforcement and attestation for AI-assisted code workflows.

API Gateways

Policy enforcement at the API boundary — gate agent actions before they reach downstream services.

Agent Runtimes

Embed attestation directly within agent execution environments for inline receipt issuance.

CI/CD Pipelines

Attach execution receipts to build and deployment flows for auditability and release gating.

MCP Adapters

Policy and proof for tool-using agents operating through the Machine-to-Agent Protocol.

A2A Bridges

Verification and trust propagation for delegated actions across multi-agent systems.

Receipt & Verification

Portable, cryptographic execution receipts.

SAR is the receipt primitive. sar-sdk is the public OSS implementation. The control plane operationalizes policy, issuance, and verification above it.

How SAR fits in

Settlement Attestation Receipts are the cryptographic primitive for auditable agent execution. Each receipt captures identity, context, compliance verdict, and a cryptographic signature — tamper-proof and independently verifiable.

sar-sdk provides the open-source foundation: sign, verify, and integrate receipts in any TypeScript environment.

The control plane builds above this primitive — centralizing policy, automating issuance across trust surfaces, and providing persistent verification.

Receipt Anatomy
Identity
idsar:xm:9d2e…4a7b
version1.0.0
Context
actoragent-0x7f3a
actionstripe.charge
toolpayments-api
policybilling.transfer.max
Attestation
verdictCOMPLIANT
verifierxm:verifier:prod-01
timestamp2026-03-14T10:32:00Z
Cryptography
algorithmEd25519
signature8f3a…c9d1
hashsha256:a4b9…e2f1
Verification Flow
Receipt In
Verify
Result Out

Operating Model

Structured for centralized governance.

The operating model separates the control plane from trust surfaces — centralized policy and verification, distributed enforcement.

Hosted Control Plane

Centralized policy evaluation and verification, structured to run as a managed service.

Distributed Trust Surfaces

Enforcement at any boundary — browser, API, runtime, or pipeline. Trust surfaces connect to the control plane and enforce locally.

Centralized Policy Management

Define policies once, enforce everywhere. Updates propagate to all connected trust surfaces without redeployment.

Receipt Storage & Retrieval

Persistent, queryable audit trail for all attested actions. Supports compliance workflows, historical analysis, and dispute resolution.

Verification Services

Independent verification for any party. Validate receipts without trusting the executing agent or calling back to the issuer.

Product Hierarchy

How the pieces fit together.

Each layer builds on the one below — from open-source receipt primitives to the hosted control plane.

Platform Extensions
Registries · Routing · CI/API/MCP Integrations
Hosted Control Plane
xMandate Control Plane
Policy · Attestation · Verification
Proof Surfaces
Guard · API Gateways · Runtime Hooks
OSS Foundation
sar-sdk

Put policy, receipts, and verification at the center of execution.

xMandate Control Plane governs agent actions, issues portable proof, and supports independent verification across trust surfaces.

Talk to xMandateExplore the SAR SDK