How Mandate works.
Mandate sits on top of your existing stack. It gates every order against your committed mandate, signs the decision, and turns a period of trading into one proof an allocator verifies offline, without ever seeing the book. Here is what that means, and what it asks you to trust.
What holds it up.
Orders are evaluated by the genuine Cedar engine, the open-source policy language AWS built for Verified Permissions. Any uncertainty blocks the trade, never the reverse.
Each decision is signed and re-runnable, so an auditor confirms it by re-running the policy. They trust the math and the code, not your runtime and not us.
Internally you see everything. Externally you prove adherence while revealing nothing about the book. The proof pack verifies offline.
Hand anyone an offline proof. Reveal nothing.
A governed day becomes a signed proof pack. An allocator, auditor, or regulator checks the signature in their own browser, against the key inside the pack. No contact with you, no account, no positions disclosed.
Whose word are you taking? Nobody's.
A proof is only as good as what it asks you to trust. A Mandate pack asks for math and a short list of keys, not the fund, not us, not a PDF.