@mandatez/sdk and available in the dashboard at Templates.
Usage
How rules are evaluated
Rules are evaluated in order — first match wins. Each template ends with a catch-all block rule, so any action not explicitly allowed or flagged by an earlier rule is denied. This is a safe default: the agent can only do what the template says it can do. Effects:allow— action proceeds, logged asallowedflag— action proceeds but is logged asflagged; if you pair it with an oversight gate, it requires human approvalblock— action is prevented, logged asblocked
The 6 Templates
HIPAA Healthcare Agent — hipaa_healthcare / tpl_hipaa
For agents handling Protected Health Information. Blocks export and delete outright, flags all writes to PHI for review, and only explicitly allows reads against PHI resources.
Use for: clinical decision support, patient chart summarizers, claims agents.
Fintech Payments Agent — fintech_payments / tpl_fintech
For agents that touch money. Every payment action is flagged for human approval, deletes are blocked, customer data exports are flagged, customer reads are allowed.
Use for: invoice processors, reimbursement bots, any agent wired to Stripe / ACH / card rails.
Customer Support Agent — customer_support / tpl_support
For agents that respond to tickets. Read-only on customer data, write access scoped to tickets, everything else blocked.
Use for: Zendesk/Intercom/Front automation, internal help-desk agents.
Code Assistant Agent — code_assistant / tpl_code
For agents that review or generate code. Read repositories, open pull requests, hit GitHub APIs — but deploys need approval and deletes are blocked.
Use for: PR reviewers, code generation agents, linters and refactor bots.
Data Analyst Agent — data_analyst / tpl_analyst
For agents running queries on data warehouses. Read and query freely, but exports require approval and writes/deletes are blocked.
Use for: Snowflake/BigQuery/Redshift analysts, dashboard data generators.
Sales Outbound Agent — sales_outbound / tpl_sales
For agents running cold outreach. Write contacts freely, send emails with approval, no exports, no deletes.
Use for: cold-email agents, CRM enrichers, outbound SDR bots.
Choosing a template
If none fit exactly, pick the closest match and edit its rules after applying. You can always fall back to writing policy rules from scratch — templates are convenience, not a constraint.MandateZClient.track().