Skip to content
delta mandate delta mandate delta mandate

delta mandate

Cryptographic proof that your AI agents acted on what users actually asked for.

Closed Alpha Project is currently under closed alpha. Contact myles@delta.network for access.

delta mandate is a cryptographic verification system for actions that AI agents take on behalf of users. It is built for an operator — a platform that runs agents for its users — to ensure each proposed action respects the user’s intent. Typical operators include agentic-commerce platforms and neo-banks.

The user sets an intent. An agent proposes a candidate solution. delta mandate extracts evidence from the proposal, evaluates it against the intent, and produces a cryptographic proof of the evaluation result that anyone can independently verify.

How it works

Section titled “How it works”
  1. Author a policy — an agent drafts a policy (the guardrail) via the MCP.
  2. Set the intent — the user’s intent (the policy + any values they need to specify) is submitted to the orchestrator.
  3. Propose — the agent submits a proposal (e.g. a specific product variant).
  4. Extract evidence — the orchestrator extracts the relevant facts (the evidence) from the proposal.
  5. Verify & prove — it evaluates the evidence against the intent and generates a ZK proof.
  6. Outcome — a success / failure verdict (with evidence and any failed constraints) is streamed back.

The managed model

Section titled “The managed model”

Delta runs the servers. You don’t deploy or operate the orchestrator, the prover, or the internal services. You integrate against exactly two surfaces:

  • the Orchestrator API (HTTP / OpenAPI), and
  • the policy-generation MCP (for agents).

The two surfaces

Section titled “The two surfaces”

Orchestrator API

The HTTP API your backend uses to run the lifecycle: register policies, submit intents, submit proposals, and subscribe to outcome events.

Read the Orchestrator API →

MCP (policy generation)

The agent-facing surface for authoring the policy a user’s intent is built on: a language guide, taxonomy search, and policy validation.

Read the MCP page →

Evidence extraction

Section titled “Evidence extraction”

Extracting evidence is what turns a proposal into the facts the orchestrator checks. The verification — and the proof it produces — is equally rigorous in every case; what changes is how hard the extraction is, depending on where the data lives and how well-structured it is.

  • Available today Sources on UCP — a standard for exposing structured product data. We run a production-ready extraction engine for these.
  • Built with you Your own systems — when the facts live in your systems, we build the extraction integration together. Get in touch.
  • On the roadmap Unstructured web content — free-form data anywhere on the open internet.

Example application

Section titled “Example application”

Son of Anton is a live demo of this architecture: an AI shopping agent buys on a user’s behalf under a guardrail, and delta mandate verifies each proposed product against it — including catching a deliberately “rogue” agent.

It runs against the real Shopify catalog over Shopify’s UCP infrastructure. The agent’s proposal points to a product by its unique UCP-defined identifier rather than by self-reported attributes — so delta mandate extracts the evidence straight from that exact product variant.

Son of Anton