Run Mandate day to day.

Where admins live once traffic is flowing: a live dashboard, a queryable audit trail with cryptographic proof, usage figures, and signed delivery into your SIEM.

See what's happening, at a glance.

The first screen after sign-in: request volume, decision mix, recent blocks and redactions, team activity. Built for the question “is anything weird going on?”

The dashboard an admin lands on for Northwood Health Group. A header strip shows the plan, residency (Canada), and gateway-key, provider-key, user, and policy counts. A KPI row below covers requests and the decision mix (allow / warn / block / redact), total tokens, and median latency for the last 24 hours. A request-volume area chart sits beside a decision-mix-over-time bar chart. A 'Top policies' card ranks policies by traffic; a 'Team activity' card lists recent admin actions and sign-ins; and 'Recent blocks' and 'Recent activity' lists show the latest decisions with timestamp, decision, provider, and model.
The dashboard an admin lands on after signing in.

Every decision, queryable, replayable.

Filter the full log by date, decision, provider, model, or correlation id. Where your tenant retains request bodies, an inspector shows them with secrets masked. Every event opens a proof drawer.

The audit trail for Northwood Health Group. A strip of decision tiles (allow, warn, redact, block) with trend sparklines tops the page. A filter bar offers From and To datetime inputs, a decision checkbox group (allow, warn, redact, block), and Correlation ID, Provider, and Model fields. The results table below, newest first, has columns Occurred, Decision, Provider, Model, Correlation ID, Connector, Retention, Proof, and Trace, with a 'View proof' link on every row.
Filtering the audit log down to a single correlation id.

Verify any record in your browser, with no Mandate tooling.

Click “View proof” on any event and the drawer verifies the checkpoint’s Ed25519 signature locally in your browser. Green means untampered. The signing-key fingerprint is shown so your auditor can pin it.

The chain-proof drawer slid in from the right over the audit trail. A green 'Verified' chip sits at the top. Below it a definition list shows the Checkpoint id, the Window (start to end timestamps), the number of Events in window, and the signing public-key fingerprint your auditor can pin. The Merkle root and the signature are shown as copy-fields for re-verification.
Verifying a record's signature in the browser.
  • No round-trip to Mandate to verify

    The bundle carries the public key alongside the signature. An auditor can re-run the verification with any Ed25519 library, without us.

  • Tamper-evident by design

    Per-row hash chain. Periodic signed checkpoints. Any altered row breaks the chain at that point, and any altered checkpoint fails the signature check. An auditor can verify the chain without taking our word for anything.

  • Pinnable public-key fingerprint

    The signing public-key fingerprint is published alongside every proof. Your auditor pins it. If the fingerprint ever changes, your team is the first to know.

Watch your agents the way you watch your people.

Every registered agent has its own page: the tool calls it made, the decision on each, the policy that fired, in the same audit trail as your people. Revoke an agent and its next request is refused.

Signals on the program itself.

Mandate watches its own configuration: policies drifting from catalog defaults, rules falling behind newly added detectors, and traffic concentrating on a single provider or model.

The decision register and the evidence pack.

Two views built for the moment someone asks you to prove what happened.

  • Decision register

    Every policy decision and configuration change in one view, each row naming the actor who caused it, admin or agent. No “system” black box. Filter it, or export structured JSON.

  • Evidence pack

    A signed bundle for a date range: policy history, register, audit chain, checkpoints. One Ed25519 signature over the manifest; your auditor re-verifies it offline. Try it on a sample pack.

Tokens, requests, latency.

Requests, tokens, and p50 / p95 / p99 latency over a window you pick, with a filterable table beneath. No dollar amounts: provider costs stay on your provider’s bill.

The usage page for Northwood Health Group. A strip of tiles at the top shows total requests, p50 / p95 latency, and the top model for the selected window. Tokens, requests, and latency only, with no dollar amounts. Below the tiles, a filter row covers From, To, Correlation ID, Provider, and Model. A paginated data table lists usage events, newest first, with columns for Occurred, Correlation ID, provider, model, decision, connector, request bytes, response bytes, prompt tokens, completion tokens, and duration.
Usage tracking: tokens, latency percentiles, no dollar axis.

Push every event to your SIEM.

Signed JSON webhooks to Microsoft Sentinel, Splunk, or any endpoint that accepts one. You set the endpoint, key identifier, retries, and timeout; a Test button proves the integration before traffic flows.

Want to see this against your traffic?
30-day pilot, written criteria.

A pilot puts a populated dashboard and a real audit trail in front of your team for a month, with the criteria for a "yes" or "no" agreed in writing before day one.

contact@mandateco.ca  ·  1-905-630-1908