Spending Mandates

What is a Spending Mandate?

A spending mandate is a machine-readable payment permission that defines the scoped, time-limited, revocable authority an AI agent has to spend money. Think of it as a power of attorney for payments — but with precise limits, automatic enforcement, and instant revocation.

Unlike giving an agent a credit card (broad access, no controls), a spending mandate defines:

• WHO can spend (agent identity + who authorized it)
• WHAT they can buy (merchant allowlist, blocked merchants, categories)
• HOW MUCH (per-transaction, daily, weekly, monthly, and total limits)
• ON WHICH RAILS (virtual cards, USDC, bank transfer — or all three)
• FOR HOW LONG (activation time, expiration)
• WITH WHAT APPROVAL (auto-approve small amounts, human review for large ones)
• WITH WHAT REVOCATION (instant kill, with reason tracking and audit trail)

Quick Start

from sardis import SardisClient, SpendingMandate

client = SardisClient()

# Create a mandate for an API consumption agent
mandate = SpendingMandate(
    purpose="AI API usage for research",
    amount_per_tx=50,           # Max $50 per API call
    amount_daily=200,           # Max $200/day
    amount_monthly=2000,        # Max $2,000/month
    merchant_scope={
        "allowed": ["openai.com", "anthropic.com", "google.com"]
    },
    approval_threshold=100,     # Human approval above $100
)

# Check if a payment is authorized
result = mandate.check(amount=25, merchant="openai.com")
print(result.approved)          # True
print(result.requires_approval) # False

result = mandate.check(amount=150, merchant="openai.com")
print(result.approved)          # True
print(result.requires_approval) # True (above $100 threshold)

result = mandate.check(amount=25, merchant="stripe.com")
print(result.approved)          # False — not in allowed list

Lifecycle

Every mandate follows a strict lifecycle with audited state transitions:

Cross-Rail Authorization

A single mandate works across all payment rails. The same rules apply whether the agent pays with a virtual card, USDC on Base, or a bank transfer:

mandate = SpendingMandate(
    purpose="Office supplies and cloud infrastructure",
    amount_per_tx=5000,
    allowed_rails=["card", "usdc", "bank"],  # All rails permitted
    merchant_scope={
        "allowed": ["aws.amazon.com", "staples.com"]
    },
    approval_threshold=1000,
)

# Same mandate validates regardless of rail
mandate.check(amount=500, merchant="aws.amazon.com", rail="usdc")  # Approved
mandate.check(amount=500, merchant="aws.amazon.com", rail="card")  # Approved
mandate.check(amount=500, merchant="aws.amazon.com", rail="bank")  # Approved

Approval Workflows

Three approval modes control when human review is required:

• Auto: All payments within limits are auto-approved
• Threshold: Auto-approve below the threshold, require human approval above it
• Always Human: Every payment requires human sign-off

Instant Revocation

A mandate can be revoked instantly at any time. Once revoked, all future payments are blocked immediately — the mandate cannot be reactivated. This is the ultimate safety control.

# Instant revocation
mandate.revoke(reason="Suspicious activity detected")
# All future mandate.check() calls return approved=False

Industry Alignment

The spending mandate model aligns with where the entire payments industry is heading:

• Stripe Shared Payment Tokens — seller-scoped, amount-bounded, expirable
• Visa Trusted Agent Protocol — trusted agent identity and authorization
• Mastercard Agent Pay — tokenized agent transactions with trust framework
• Google AP2 — cross-rail payment protocol for AI agents
• OpenAI Commerce Protocol — delegated payment through compliant PSPs

Sardis implements the full authorization-layer vision that these protocols point toward — but with natural language policies, cross-rail portability, and enterprise-grade controls.