acf.evaluate-agent-mandate
Preliminary audit of an existing agent mandate — eight canonical checks (DDAO appointed, perimeter, forbidden actions, escalation thresholds, kill switch, audit log, doctrine version, sign-off) → verdict approve / approve_with_changes / reject + required additions.
!Warning
This tool produces a preliminary verdict on an existing mandate, not legal advice. Presence of
TBD, “ à compléter” or ??? in the text automatically drops the score by 20 points and classes the mandate as “ not signable” — by design. requires_human_review stays constant.When to use
Use this tool when an agent mandate has already been drafted — by a business team, a law firm, a DDAO — and you need to filter it through ACF® before signature or inspection. The tool applies eight canonical regex checks on the text and computes a weighted 0-100 compliance score, then rules approve / approve_with_changes / reject.
The board-level question the output answers: “Is this mandate signable as-is?” If not, required_additions surfaces the draft text to add, ACF® reference card by card. The automatic penalty on TBD/??? placeholders makes incomplete mandates immediately rejectable.
Input parameters
Four fields, two required. The mandate_text is passed raw to the evaluator — no upstream cleaning by the tool.
mandate_textstring (50-10000)requiredFull text of the mandate to audit. The eight regex checks match against this text; TBD / à compléter / ??? are automatically penalised.
agent_purposestring (10-500)requiredShort agent purpose. Used in the rationale and gaps_to_validate; does not drive the checks (which stay canonical).
deployment_contextstring (≤500)Deployment context (“EU bank, internal treasury”, “public healthcare, patient access”…). Optional but raises the confidence level.
locale"en" | "fr"default: "en"Language of the textual output (rationale, gap descriptions).
Output schema
The output is a structured object containing a verdict, the compliance score, strengths, gaps, additions to integrate, and the signed footer.
verdict"approve" | "approve_with_changes" | "reject"Global verdict. ≥ 80 = approve; 50-79 = approve_with_changes; < 50 = reject. TBD placeholders almost always tip into reject.
rationalestringTextual justification of the verdict, ready to paste into a DDAO review.
strengthsstring[]List of canonical sections actually present in the mandate.
identified_gaps{ area: string, severity: "low" | "medium" | "high" | "critical", description: string }[]Missing or insufficient sections. Severity derives from check weight (15 = high, 10 = medium, 5 = low); TBD placeholders yield severity = critical.
required_additions{ section: string, suggested_text: string, fiche_reference: string }[]Concrete draft text to add to the mandate, ACF® reference card per section.
reference_fichesstring[]ACF® cards systematically mobilised by this evaluation (ACF-03, ACF-07, ACF-09, ACF-12).
acf_compliance_scorenumber (0-100)Weighted score out of 100. Sum of satisfied check weights, minus 20 if TBD placeholders present.
confidence"low" | "medium" | "high"Global confidence level. medium by default, rises with a supplied deployment_context.
assumptionsstring[]Main assumption: V1.0 applies eight canonical checks without sector-specific overrides.
gaps_to_validatestring[]Gaps to validate with the DDAO — actual escalation SLAs, actual execution of the kill-switch drill.
requires_human_reviewtrueConstant. No call returns false — even an approve verdict requires a human signature.
Example call
A treasury settlement agent mandate, complete, awaiting sign-off:
evaluate-mandate.tstypescript
import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
const transport = new StdioClientTransport({
command: "npx",
args: ["-y", "acf-mcp"],
});
const client = new Client({ name: "demo", version: "1.0" }, {});
await client.connect(transport);
const mandateText = `
Agent: Treasury Settlement Agent
DDAO: Marie Dupont, Head of Treasury Ops
ACF® doctrine version: v1.0
Decision perimeter (allowed): reconcile intra-day settlement breaks under 10k EUR, post matching entries to the GL.
Forbidden actions: any FX trade, any payment instruction outside the pre-approved counterparty list, any change to the ledger structure.
Escalation thresholds: any break > 10k EUR, any pattern of 3+ breaks from the same counterparty within 24h.
Kill switch: Ops can suspend the agent within 2 minutes via the ACF-07 panel. Drilled quarterly.
Audit log: every action logged with input, decision, signature; 6-month retention in the ACF-08 register.
Sign-off: DDAO + CISO + Head of Compliance.
`;
const result = await client.callTool({
name: "acf.evaluate-agent-mandate",
arguments: {
mandate_text: mandateText,
agent_purpose:
"Reconcile intra-day settlement breaks and post matching journal entries up to 10k EUR.",
deployment_context: "EU bank, internal treasury, 24/7 ops.",
locale: "en",
},
});
console.log(JSON.stringify(result.content, null, 2));Response
response.jsonjson
{
"verdict": "approve",
"rationale": "All canonical mandate sections are present; no critical placeholders detected.",
"strengths": [
"Identification du DDAO: present.",
"Périmètre de décision: present.",
"Actions interdites: present.",
"Seuils d'escalade: present.",
"Kill switch: present.",
"Audit log / decision register: present.",
"Doctrine version: present.",
"Sign-off: present."
],
"identified_gaps": [],
"required_additions": [],
"reference_fiches": ["ACF-03", "ACF-07", "ACF-09", "ACF-12"],
"acf_compliance_score": 100,
"confidence": "high",
"assumptions": [
"Mandate evaluation uses an 8-check canonical baseline — sector-specific extras not yet implemented."
],
"gaps_to_validate": [
"Confirm with the DDAO that the named escalation thresholds reflect real organisational SLAs.",
"Confirm that the kill switch drill has been run in the last quarter."
],
"requires_human_review": true,
"rationale_per_rule": [
{
"rule_id": "evaluate-mandate.ddao_appointed",
"rule_version": "2026-06",
"fired": true,
"evidence": "Identification du DDAO check"
},
{
"rule_id": "evaluate-mandate.decision_perimeter",
"rule_version": "2026-06",
"fired": true,
"evidence": "Périmètre de décision check"
},
{
"rule_id": "evaluate-mandate.forbidden_actions",
"rule_version": "2026-06",
"fired": true,
"evidence": "Actions interdites check"
},
{
"rule_id": "evaluate-mandate.escalation_thresholds",
"rule_version": "2026-06",
"fired": true,
"evidence": "Seuils d'escalade check"
},
{
"rule_id": "evaluate-mandate.kill_switch",
"rule_version": "2026-06",
"fired": true,
"evidence": "Kill switch check"
},
{
"rule_id": "evaluate-mandate.audit_log",
"rule_version": "2026-06",
"fired": true,
"evidence": "Audit log / decision register check"
},
{
"rule_id": "evaluate-mandate.doctrine_version",
"rule_version": "2026-06",
"fired": true,
"evidence": "Doctrine version check"
},
{
"rule_id": "evaluate-mandate.sign_off",
"rule_version": "2026-06",
"fired": true,
"evidence": "Sign-off check"
}
],
"doctrine_version": "ACF framework v1.0 / rules 2026-06",
"doctrine_hash": "sha256:bf0b6d8e4731ebdc58f6d6338702c5b74af47874cf0ad3dc958cde5c5b30b9dc",
"doctrine_signature": "ed25519:…",
"doctrine_archive_url": "https://acfstandard.io/doctrine/v1.0/archive.json",
"regulatory_snapshot": "EU AI Act 2024/1689 · GDPR 2016/679 · ISO 42001:2023 · NIST AI RMF 1.0 · COBIT 2019 — frozen 2026-06",
"generated_at": "2026-06-14T12:14:52.778Z",
"disclaimer": "Preliminary qualification only — not legal advice. Human review required."
}Common errors
InputTooShort— mandate_text < 50 chars or agent_purpose < 10 chars. A mandate that short cannot contain the eight canonical sections — draft or reject.InputTooLong— mandate_text > 10000 chars. Split the mandate into separately evaluated sections, or strip non-auditable appendices (e.g. internal policies cited by reference).DoctrineSnapshotMismatch— the check engine does not match the requested doctrine_hash. Update acf-mcp or point at the archived version.
Related tools
acf.assign-ddao-controls— obtain the control set to paste into the mandate before the audit.acf.classify-agent— qualify the agent upstream if the mandate does not yet specify its autonomy level or regulatory role.acf.fiche.lookup— fetch the detail of referenced cards (ACF-03, ACF-07, ACF-09, ACF-12) when drafting required_additions.