npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mandaitor/sdk

v4.0.1

Published

Mandaitor Delegation Mandate Registry — TypeScript SDK

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

c4rr13p0tt3rc4rr13p0tt3r

Keywords

mandaitordelegationmandateai-governancetrustverificationproof-of-mandatesd-jwtverifiable-credentialssdktypescriptapi-client

Readme

@mandaitor/sdk

The official TypeScript SDK for the Mandaitor Delegation Mandate Registry API. This SDK provides a robust, type-safe interface for managing AI agent delegation mandates, verifying runtime actions, and retrieving cryptographic Proof-of-Mandate artifacts.

Overview

Mandaitor is the runtime trust layer for delegated AI actions. Instead of assuming that an AI agent is allowed to act because it has application access, you verify whether a specific delegator granted a specific delegate the right to perform a specific action on a specific resource, under explicit constraints.

This SDK simplifies the integration of Mandaitor into Node.js, edge, and browser environments. It handles authentication, request retries, error mapping, and provides full TypeScript definitions for all Mandaitor domain objects including mandates, audit events, and Verifiable Credentials.

Installation

Install the package via your preferred package manager. The SDK requires Node.js 18 or later.

npm install @mandaitor/sdk

Initialization

Initialize the MandaitorClient with your API key and tenant identifier. You can obtain these credentials from the Mandaitor dashboard after completing the onboarding process.

import { MandaitorClient } from "@mandaitor/sdk";

const client = new MandaitorClient({
  apiKey: process.env.MANDAITOR_API_KEY,
  tenantId: "tnt_your_tenant_id",
  timeout: 5000,
  retries: 2
});

Core Workflows

Creating a Mandate

Delegation begins by creating a mandate. A mandate explicitly defines the boundaries of authority granted to an AI agent by a human principal. It specifies the allowed actions, target resources, and any constraints such as expiration times or financial limits.

const mandate = await client.createMandate({
  principal: {
    type: "NATURAL_PERSON",
    subject_id: "user:[email protected]",
  },
  delegate: {
    type: "AGENT",
    subject_id: "agent:validation-v3",
  },
  scope: {
    actions: ["construction.validation.approve", "construction.validation.flag"],
    resources: ["project:proj_12345/*"],
    effect: "ALLOW",
  },
  constraints: {
    valid_until: new Date(Date.now() + 86400000).toISOString(),
    require_mfa_for_high_risk: true
  },
});

console.log(`Created mandate: ${mandate.mandate_id}`);

Verifying an Action

Before an agent executes an action, it must verify its authority against the Mandaitor registry. The verification engine evaluates the requested action against all active mandates bound to the agent.

const result = await client.verify({
  delegate_subject_id: "agent:validation-v3",
  action: "construction.validation.approve",
  resource: "project:proj_12345/zone:EG/installation:stk_01",
});

if (result.decision === "ALLOW") {
  // Proceed with the action
  console.log("Action authorized");
} else {
  // Block the action and log the reason
  console.error(`Action denied: ${result.reason}`);
}

Obtaining a Proof-of-Mandate

For high-assurance workflows, you can request a cryptographically signed Proof-of-Mandate (PoM) Verifiable Credential alongside the verification decision. This artifact serves as immutable evidence that the action was authorized at a specific point in time.

const result = await client.verifyWithPoM(
  {
    delegate_subject_id: "agent:validation-v3",
    action: "construction.validation.approve",
    resource: "project:proj_12345/zone:EG",
  },
  { format: "sd-jwt-vc" }
);

console.log(`Proof artifact: ${result.pom_token}`);

API Reference

The MandaitorClient exposes methods covering the entire mandate lifecycle, audit trailing, and configuration management.

| Category | Method | Description | | :--- | :--- | :--- | | Lifecycle | createMandate(req) | Issues a new delegation mandate | | | getMandate(id) | Retrieves a mandate's current state and configuration | | | listMandates(params) | Queries mandates with filtering and pagination | | | revokeMandate(id) | Permanently invalidates a mandate | | | suspendMandate(id) | Temporarily pauses a mandate's authority | | | reactivateMandate(id) | Restores a suspended mandate to active status | | Verification | verify(req) | Evaluates whether an action is currently authorized | | | verifyWithPoM(req, opts) | Evaluates an action and returns a signed Verifiable Credential | | | verifyWithDrift(req) | Evaluates an action and includes semantic drift signals | | Audit | getMandateEvents(id) | Retrieves the immutable audit log for a specific mandate | | | listEvents(params) | Queries the tenant-wide audit log | | | getEvidencePack(id) | Exports a cryptographically verifiable court-ready evidence package | | Identity | initiateEudiSession() | Starts an eIDAS 2.0 wallet authentication session | | | exchangeToken(params) | Exchanges an IdP token for a Mandaitor session token |

Error Handling

The SDK throws typed error classes that map directly to the Mandaitor API error responses. This allows for precise error handling and automated recovery strategies.

| Error Class | HTTP Status | Typical Cause | | :--- | :--- | :--- | | MandaitorAuthError | 401 | The API key is missing, invalid, or expired | | MandaitorForbiddenError | 403 | The API key lacks the required scope for the operation | | MandaitorNotFoundError | 404 | The requested mandate, event, or resource does not exist | | MandaitorConflictError | 409 | Attempting an invalid state transition (e.g., revoking a revoked mandate) | | MandaitorRateLimitError | 429 | The tenant has exceeded its sustained or burst request limits | | MandaitorValidationError | 400 | The request payload violates schema constraints |

Development and Testing

The SDK is built with TypeScript and bundled using tsup. We use Vitest for both unit and integration testing.

# Build the SDK
pnpm build

# Run unit tests
pnpm test:unit

# Run integration tests against the sandbox environment
pnpm test:integration

License

Apache-2.0