Sill

AGENT GOVERNANCE INFRASTRUCTURE

DOCUMENT ID
FB-20260514-PM_8A3F9C12

ISSUED
5/14/2026, 11:28:45 AM

MANDATE AUDIT BUNDLE

An evidentiary record of one agentic transaction.

This document captures the cryptographic identity, policy decisions, and on-chain anchor for mandate pm_8a3f9c12. It is intended for use by internal compliance teams, external auditors, payment acquirers, and regulators who require traceability of agent-initiated actions.

✓

Mandate verified and anchored.

All policy checks passed. Cryptographic anchor recorded on-chain. No further action required.

01Mandate parties

The agent, user, and merchant identities involved, and the cryptographic envelope.

Mandate ID	pm_8a3f9c12
Mandate kind	PaymentMandate
Issuing agent	ChatGPT
End user	eunice@gmail.com
User intent (scope)	Buy 2× Espresso Roast under $50
Amount cap	$47.20 USD
Signature algorithm	ECDSA-P256
Signature preview	0xb9ae6a4666a85ffd…4ba7299a
Issued at (UTC)	2026-05-14T15:28:45.958Z

02Auditor attestation

Statement of authenticity

Sill attests that the decision trace recorded in §3 of this document was produced by the Sill policy engine at the time the mandate was evaluated, and has not been modified since. The trace reflects the rules that were enabled in the merchant's policy configuration at the moment of evaluation.

The cryptographic anchor in §5 references an immutable on-chain record. Anyone with access to the indicated chain may independently verify the anchor's existence and contents.

Sill does not attest to the lawfulness of the underlying transaction, the fitness of the merchant's policy, or compliance with any specific regulation. Those determinations require additional review beyond this document.

Sill Compliance Engine v0.4.0 2026-05-14T15:28:45.958Z

03Decision trace

Every input, governance check, and output produced when the mandate was evaluated. Each row cites the specific Sill rule (e.g. r01) that fired or was satisfied.

PHASE	RULE	DETAIL	TIMESTAMP	VERDICT
INPUT	—	Agent request received ChatGPT → POST /agent/intent { "scope": "Buy 2× Espresso Roast under $50", "user_id": "eunice@gmail.com", "amount_cap_usd": 47.2 }	00:32:14.000	RECEIVED
CHECK	r01	Agent identity verification ECDSA-P256 signature valid · agent on AP2 verified registry signature.alg = ECDSA-P256 signature.kid = chatgpt_key_2026 registry.match = true registry.source = ap2-verified-registry-mainnet	00:32:14.018	PASS
CHECK	r10	Scope authorization Requested action falls within agent's published capabilities requested_skill = "checkout" allowed_skills = ["browse","quote","checkout","refund_request"] user_intent_match = true verdict = pass	00:32:14.024	PASS
CHECK	r07	Spend cap enforcement $47.20 evaluated against policy thresholds request.amount = 47.2 policy.cap_per_tx = 100 policy.cap_daily = 200 user.daily_spend = 18.88 verdict = pass	00:32:14.031	PASS
CHECK	r11	Adversarial input scan Tokens scanned for prompt injection · unicode tag smuggling · instruction override tokens_scanned = 124 unicode_tag_chars = 0 role_override_attempt = false verdict = pass	00:32:14.042	PASS
OUTPUT	—	Mandate issued and signed PaymentMandate produced, jointly signed, anchored on-chain mandate.id = "pm_8a3f9c12" mandate.kind = "PaymentMandate" signature = "0xb9ae6a4666a85ffd…4ba7299a" anchor.chain = solana-mainnet anchor.tx = cnft_4f2a8e1d anchor.block = 287402198 http_status = 200	00:32:14.058	PASS

04Control framework mappings

Each Sill rule maps to one or more public-domain controls. Mappings reflect Sill's reading of the applicable framework; certification under any framework requires conformity assessment by the relevant accredited body.

RULE	AP2 v1	NIST AI RMF 1.0	ISO/IEC 42001:2023	OWASP
r01	§4.2 Agent identity	GOVERN-1.1, MEASURE-2.7	A.6.2.4	API2:2023
r07	§5.2 Spend constraint	MANAGE-2.2	A.7.4.1	—
r10	§5.3 Scope auth	MANAGE-2.3	A.7.3.2	LLM08:2025
r11	§6.4 Input integrity	MEASURE-2.6	A.7.4.3	LLM01:2025

Scope of this document. This bundle is evidence of a single mandate evaluation. It is not a certification of compliance with the EU AI Act, GDPR, PCI-DSS, or any other regulatory regime. Whether this document satisfies a specific regulatory or audit requirement depends on the jurisdiction, the merchant's broader compliance posture, and the requesting party's standards. Consult qualified counsel for regulatory determinations.

05Cryptographic anchor

On-chain reference for the mandate signature. Independently verifiable on the indicated chain.

CRYPTOGRAPHIC ANCHOR

chain = solana-mainnet
tx = cnft_4f2a8e1d7c39028e1d4f2a8e1d7c390
block = 287_402_198
slot = 287_402_198
timestamp = 2026-05-14T15:28:45.958Z
signature = 0xb9ae6a4666a85ffd…4ba7299a
algorithm = ECDSA-P256 over SHA-256
immutable = true

Verification: query the Solana RPC for transaction cnft_4f2a8e1d and confirm the embedded mandate hash matches §3 of this document.

06Document integrity

A SHA-256 of the bundle contents. Any modification will alter this hash.

sha256: b9ae6a4666a85ffd49ad5f1a418ae6555e65d46083ffb21033995def4ba7299a

To verify, recompute SHA-256 over the canonical JSON form of this bundle (available via the JSON export in the same panel). The hash above must match.

07Limitations and disclaimers

Sill is a governance and evidence layer. The merchant remains responsible for the lawfulness of underlying transactions and for compliance with applicable regulation.
Framework mappings in §4 reflect Sill's reading of public control descriptions. They are not certifications. Conformity assessment under any standard requires an accredited audit.
The cryptographic anchor provides tamper-evidence, not non-repudiation in any specific legal jurisdiction. Legal weight of cryptographic signatures varies by country.
This document is generated client-side from data in the merchant's Sill instance. A server-signed version is available via the Sill API for cases where third-party verifiability is required.
If this document is presented in a formal proceeding, the original record in the merchant's Sill instance and the on-chain anchor remain the authoritative sources.