LIVE · Robinhood Chain TestnetCHAIN ID · 46630SESSION-KEY ACTION BLOCKED ONCHAINMAX EXPOSURE POLICY · 35%

Mandate

Safe Automation for Tokenized Assets

Mandate lets users and session keys manage tokenized asset portfolios only within user-defined risk limits — with every decision enforced and logged onchain.

Current TSLA exposure34.97%
Max allowed exposure35.00%
Dangerous proposal500 USDGTSLA
Post exposure would be68.73%
Launch DemoSee Onchain Evidence

02 · Problem

Programmable assets need programmable safety.

  • AI agents and automation can propose unsafe actions.
  • UI limits are not an execution boundary.
  • Offchain policies can be ignored or misreported.
  • Users need hard constraints before funds move.
  • Failures and denials need an auditable trail.

03 · Flow

How Mandate works

Session keys can propose actions. The owner keeps authority. Policy is checked before funds move. Dangerous actions can be recorded as blocked without execution, and balances remain unchanged after blocked actions.

  1. 01USER MANDATEMandateAccount.sol
  2. 02SESSION KEY PROPOSALsubmitAction()
  3. 03PRICE ATTESTATIONSignedDemoPriceFeed
  4. 04POLICY VALIDATIONexecuteAction · 10 conditions
  5. 05SAFE EXEC | BLOCKED DECISIONActionExecuted | ActionBlocked
  6. 06ONCHAIN AUDIT EVENTevents as audit root

04 · Demo paths

Two proposals. One policy boundary.

OK / EXECUTED

48 USDGTSLA

within 35% exposure limit

34.97% post exposure

BLOCKED

500 USDGTSLA

SINGLE_ASSET_EXPOSURE_EXCEEDED

68.73% would-be exposure · balances unchanged

SESSION-KEY BOUNDARY

0x3836…3B22

role SESSION

ActionSubmitted · ActionBlocked · reason 3

05 · Live testnet proof

Verified deployment wall.

Network · Robinhood Chain Testnet · chainId 46630
MandateAccount0x29E166…8DaB8averifiedUSDG MockERC200x2FF2BF…4289DdverifiedTSLA MockERC200xfFE0Bd…404d00verifiedAMD MockERC200x954b04…bd92f1verifiedMockAMM0xb7505D…FE7Bb4verifiedApprovedSwapAdapter0x702C8f…8dB772verifiedSignedDemoPriceFeed0x33fC31…48d659verified

06 · Onchain blocked action

A dangerous action was blocked before execution.

This was not a UI warning. The session key submitted the action, Mandate classified it as BLOCKED onchain, emitted ActionBlocked, and the portfolio balances stayed unchanged.

Action
500 USDGTSLA
Pre-exposure
34.97%
Would-be exposure
68.73%
Actor
0x3836…3B22
Role
SESSION
Tx
0x54b56e…eaabb3c5

07 · Policy boundary

The policy is explicit before execution.

MAX_SINGLE_ASSET_EXPOSURE35.00%
MAX_TRADE_SIZE_USDG200
MAX_TURNOVER20%
COOLDOWN_SEC0
ALLOWED_ASSETSUSDG, TSLA, AMD
ADAPTER_ALLOWEDtrue
PRICE_ORACLE_REGISTEREDtrue
SESSION_KEY_ENABLEDtrue

08 · Security boundary

Precise claims. No hype surface.

ENFORCED BY MANDATE

  • session key cannot bypass policy
  • unsafe action is blocked before execution
  • adapter must be explicitly allowed
  • assets must be explicitly allowed
  • exposure limit is checked onchain
  • blocked action keeps balances unchanged
  • audit events are emitted onchain

NOT CLAIMED

  • not real stock trading
  • not investment advice
  • not legal compliance software
  • not full ERC-4337
  • not production custody
  • not protection against owner-key compromise
  • frontend is not a security boundary

09 · Architecture

Architecture preview

Session KeysubmitActionMandateAccountpolicy validationApprovedSwapAdapterexecuteActionMockAMMswapExactInSignedDemoPriceFeedpriceDataMockERC20 assets · USDG · TSLA · AMD

Session key proposes.

Mandate validates.

Adapter executes only approved actions.

Blocked actions emit events and do not move funds.

Events are the audit root.

10 · Close

AI agents can propose. Policy decides. Events prove.

Launch DemoView Contracts