Skip to content
Planned Infrastructure engine

Warrant

Identity, consent, and granular permissions for multi-tenant trust circles — who is who, and exactly what they may do.

Replaces rolling your own auth and sharing rules per app

In the constellation

Warrant highlighted in the live map — hover or tap any node to explore.

01Why

Why it exists

Authentication tells you who someone is. It doesn’t tell you what they’re allowed to do, what they’ve consented to, or how to keep one tenant’s data walled off from another’s. Trust circles, multi-tenant products, and governance all need that richer layer — and most teams roll their own per app.

Granular permissions and durable consent records are easy to get subtly wrong, and getting them wrong is how data leaks between people who were never supposed to see each other’s information.

02What it is

What Warrant is

Warrant is the identity, consent, and permissions layer. It answers “who is this person, what may they do, and what have they consented to” — over the grants you’ve declared, with strict isolation between tenants and trust circles.

It’s the semantics layer above a login: richer than a bare auth bridge, and deliberately provider-neutral — the external identity provider stays in config and is never named in the engine. Permissions are a deterministic function of declared grants, never a guess.

03Capabilities

What it does

Granular permissions

A permission grammar evaluated deterministically over the grants you’ve declared.

Consent records

Durable, auditable records of exactly what each party has consented to.

Multi-tenant isolation

Strict tenant boundaries — one circle or org never sees another’s grants or data.

Trust-circle authorization

Multi-party authorization semantics for shared circles, peers, and the people in them.

04The cleavage

The line between judgment and machinery

AccelMars draws one hard line through every product: what an AI decides, and what runs deterministically. Warrant sits on the deterministic side.

Deterministic — no AI in the path

Deterministic by design

  • Permission evaluation over declared grants
  • Consent-record keeping
  • Strict multi-tenant isolation

Authorization is a deterministic function of the grants it holds — never an AI guess. Warrant answers who-and-what-may-they-do; enforcing business policy on top of that answer is the Warden engine’s job, kept clearly distinct.

05Connections

How it connects

Powers

Engines that build on Warrant.

Planned

Planned — designed, not yet built. It will power trust-circle authorization in Bond, team permissions in Crew, and account-level access for Ledger and Warden.

Open-core, like Anchor and Booster — the mechanical engine in the open.