SettleMint
AI assistants

AI assistants for operators

Understand how AI assistants use the DALP CLI, MCP tools, and generated skills while staying inside the operator account, organisation, role, and approval boundaries.

AI assistants run inside the DALP CLI session you give them. The assistant can inspect platform state, prepare CLI commands, and summarise structured output. It does not get a separate authority model. Every command it runs uses your authenticated account, active organisation, assigned roles, and DALP validation.

What the assistant can control

The assistant is not a separate DALP role. It uses the CLI session you give it, so the same permission checks, organisation scope, and API validation apply.

Work areaTypical assistant taskControl that still applies
Token operationsList assets, inspect supply, prepare mint or pause commands, and explain current token state.The account must have the token permissions required by the underlying operation.
Identity and KYCFind users without verified identity, inspect KYC status, and help prepare follow-up work.KYC rules, identity rules, and trusted-issuer configuration remain platform controls.
Compliance configurationCompare token compliance modules and prepare configuration commands.Compliance changes require the same roles and approvals as manual CLI or Console work.
ReportingSummarise token and holder data from structured CLI output, along with operational metrics.The assistant only sees data exposed to the authenticated user.
TroubleshootingCheck authentication, organisation context, command output, and platform errors.The assistant cannot bypass missing roles, expired sessions, or API validation errors.
Rendering diagram...

The operator chooses the session and approves privileged operations. The assistant can prepare work through shell commands, MCP tools, or generated CLI skills, but those paths all converge on the same DALP CLI session. DALP records, transaction data, and API responses remain the evidence source after the run.

Choose the right integration mode

ModeUse it whenSetup pathReview boundary
CLI shell commandsThe assistant can run terminal commands and parse JSON output.Install the CLI, authenticate, then set JSON as the output format.Review the exact shell command before mutation.
MCP toolsThe assistant supports MCP and should call typed DALP tools instead of shell commands.Register the DALP CLI as an MCP server with dalp mcp add.Review the tool name, its inputs, and the target record before approving.
CLI skillsThe assistant discovers Markdown skill files and uses them as command guidance.Install generated skills with dalp skills add.Treat skills as guidance, not authorisation.

The CLI exposes the same operational surface in each mode. MCP avoids shell parsing by presenting commands as typed tools. Skills give agents command-specific instructions and examples.

Before you start

Give the assistant the narrowest CLI session that can do the job. The assistant inherits the authenticated account, active organisation, visible data, and platform roles. If those credentials allow minting, pausing, inviting users, or changing compliance settings, the assistant can prepare the same operations. Keep the final approval step with a human for any operation that changes token state, identity records, compliance configuration, or platform access.

Use a separate account for agent-assisted work when your operating model requires tighter supervision. That account should carry only the roles needed for the task, and you should switch to the target organisation before the assistant starts.

Set up an operator workstation

1. Install and authenticate the CLI

npm install -g @settlemint/dalp-cli
dalp login --url https://your-platform.example.com

Confirm the session before giving the assistant access. This also verifies the account and organisation are set correctly:

dalp whoami --format json

2. Pin the organisation context

All operations run in the active organisation scope. When the workstation has access to more than one organisation, switch to the target organisation before starting an assistant session.

dalp auth org-list --format json
dalp auth org-switch <organizationId> --format json

3. Use JSON output for shell-based agents

Set JSON as the default format so the assistant reads stable fields rather than terminal tables:

dalp config set format json

4. Register MCP and skills when your assistant supports them

dalp mcp add
dalp skills add
dalp skills list

dalp mcp add registers the CLI as an MCP server for supported local agents. dalp skills add installs command guidance that agents can discover before they run DALP commands.

Control privileged operations

Use AI assistants for preparation and inspection. Keep repeatable command execution under operator review, with the operator accountable for each run.

An assistant must not run commands that change regulated asset state or platform access without prior approval from a human operator.

Asset and access operations require sign-off.

  • creating, pausing, unpausing, minting, burning, or transferring assets
  • changing token permissions or platform access roles
  • approving identity, KYC, or compliance records

Configuration and retry operations also require operator sign-off.

  • changing trusted issuers, compliance templates, feeds, or provider settings
  • replaying webhooks, resubmitting failed operations, or retrying a mutation after an unclear result

Apply these rules on every run.

  • Ask the assistant to query current platform state before proposing a mutation.
  • Confirm the exact command: target token, amount, recipient, and organisation before approving any change.
  • Keep high-risk operations under the same approval process used for Console or CLI work.
  • Use roles to limit what the authenticated account can do. Do not rely on prompt wording as a permission control.
  • Keep production credentials in the local credential store. Do not paste tokens, private keys, recovery codes, or customer data into the assistant conversation.
  • Treat assistant output as a draft until the operator checks DALP records, transaction data, or API responses.
  • Capture operational evidence from DALP records and transaction data, not from the assistant's summary alone.

Safe operating pattern

Use this pattern for any assistant-controlled DALP task:

  1. Inspect current state with read-only commands.
  2. Ask the assistant to propose one exact mutation command or MCP tool input.
  3. Review the command, organisation, target resource, and expected effect.
  4. Run the approved command with --format json for shell-based operations.
  5. Inspect the target state again when the result is unclear.
  6. Store the DALP response, transaction reference, operation record, or event output as evidence.
# Inspect the current account and roles.
dalp whoami --format json
dalp system access-manager roles-list --format json

# Inspect the target record before asking the assistant to prepare a change.
dalp tokens read <tokenAddress> --format json

Do not let an assistant retry a failed mutation blindly. If the command timed out or returned an unclear error, inspect the target state again before retrying.

Prompt examples with command patterns

Write instructions that force the assistant to inspect before acting. Include the expected DALP command pattern when the task depends on a specific product surface.

Token inspection

The following instruction lists equity tokens read-only and returns structured data. The assistant must not make any changes:

List all equity tokens in the active organisation. Do not make changes. Use DALP CLI JSON output and return the token name, symbol, address, total supply, and paused status.
dalp tokens list --format json

Identity review

This prompt groups unverified users by status and proposes next steps without taking any. The assistant must not approve, invite, or issue claims:

Check which users do not have verified identity. Group them by current status and propose the next manual action for each group. Do not approve, invite, or issue claims.
dalp users list --format json
dalp kyc profile <userId> --format json
dalp kyc versions <userId> --format json

Compliance preparation

This prompt inspects compliance configuration and proposes a change. The assistant must not run the command. The operator reviews and approves each proposed mutation:

Inspect this token's compliance configuration. Tell me which controls are active, which roles can update them, and what command you would run if I approve the change. Do not run the command.

The assistant starts by checking account and role context, then inspects token compliance. The operator must approve each proposed change: none of dalp tokens add-compliance-module, dalp tokens remove-compliance-module, or dalp tokens set-compliance-module-params should run without that approval:

dalp whoami --format json
dalp system access-manager roles-list --format json
dalp tokens compliance <tokenAddress> --format json

What the assistant should return

Before approving a privileged command, ask the assistant for a short run note. Require these facts:

FactWhy it matters
Active organisationPrevents the assistant from acting in the wrong tenant.
Target recordConfirms the asset, identity, feed, or role being changed.
Read-only checks performedShows which DALP state the assistant inspected before proposing the operation.
Proposed command or MCP tool inputLets a human review the exact operation before execution.
Expected effectMakes the state change and rollback or recovery path explicit.

Keep secrets, private keys, and recovery material out of the run note. Omitting them prevents sensitive data from appearing in conversation history or logs.

What stays outside the assistant

Prompts and skill files are not security controls. The platform account, wallet controls, and human approval process decide what is allowed. Keep each of the following entirely outside the assistant.

  • DALP roles and organisation membership
  • wallet custody and transaction signing policy
  • approval policy for privileged operations
  • secrets, API keys, private keys, and recovery material
  • incident escalation and final operational sign-off

Troubleshooting

DALP tools are not available

  1. Check that the CLI is installed.

    dalp --version
  2. Check authentication.

    dalp whoami --format json
  3. Re-run MCP registration if your assistant supports MCP.

    dalp mcp add
  4. Restart the assistant after configuration changes so it picks up the updated registration.

Authentication required

The CLI session may be missing or expired. Log in again and then restart the assistant so it picks up the refreshed session:

dalp login --url https://your-platform.example.com

Permission denied

The authenticated account lacks the required role for the operation. Check the current account and ask a platform administrator to grant the needed role.

dalp whoami --format json
dalp system access-manager roles-list --format json

Next steps

  • Read CLI AI agent integration to wire shell commands, MCP registration, and skill files into a developer workspace.
  • Read CLI scripting for read-before-mutate shell patterns and structured error handling.
  • Use the command reference to confirm platform command groups such as auth, whoami, tokens, and system access-manager prior to giving an assistant a task.
  • Review user onboarding before asking an assistant to help with identity workflows.
  • Review the compliance overview before asking an assistant to prepare compliance changes.
  • Follow SDK integration when an assistant prepares application code that calls DALP APIs instead of CLI commands.

On this page