Zero-trust access for autonomous actors.
Brokers every access from an autonomous actor to a consequential resource — identity-bound, scoped, time-limited, audited. Long-lived credentials disappear.
What it is
An actor that needs to call an API, query a database, post to a channel, charge a card, or command a robot requests a Capability Grant from Warrant. Warrant authenticates the requesting Sigil, consults policy, optionally requires human consent, and vends an ephemeral, scoped credential bound to that single Capability Grant. The actor never holds the underlying secret. The actor never sees the network path. Every access is identity-bound, scoped, time-bound, and audited. Prompt injection becomes irrelevant: there is no broad-scope credential to exfiltrate.
The problem
Production agents today operate with credentials too broad and too long-lived — admin tokens, service accounts with wildcard permissions, database passwords in environment variables. Prompt injection becomes credential exfiltration. A runaway agent becomes a runaway-with-admin-keys agent. A breach of the runtime becomes a breach of every system the actor could touch.
Capabilities
Requesting a capability
// The actor never sees a secret. It requests a capability.
const grant = await warrant.request({
capability: "stripe:refund",
resource: "customer:cus_K1g9...",
constraint: { max_amount_usd: 50 },
duration: "30m",
reason: "Customer reported duplicate charge",
})
// grant.token is short-lived, scoped, audit-logged on every use.
await stripe.refund(charge.id, { amount: 4500 }, { auth: grant.token })Open and commercial
Warrant is delivered through two surfaces: an open-source reference in Lattice Runtime (MPL 2.0), and a managed, enterprise-grade delivery in Visca Cloud. Features in the open never move behind the paywall.
Open
MPL 2.0 · self-hostable · foundation-track governance
Commercial
Hosted SaaS · self-managed · hybrid · air-gapped
TLM · same pillar
Cryptographic identity for autonomous actors.
Issues, verifies, and revokes the cryptographic identity every autonomous actor holds — bound to principal, runtime, and lineage from the moment of instantiation.
The autonomic fabric.
Discovery, mTLS, and routing across every autonomous actor and every resource an actor reaches — rooted in Sigil identities, not hardcoded URLs.
Across the platform
The system of record.
A queryable knowledge graph of every autonomous actor in the estate — and the append-only, cryptographically chained audit of every action taken.
Data model as code.
The declarative primitive for your data model. Agents write it as source; humans edit it as a spreadsheet. Plan, apply, drift-detect.
Reproducible bundles for autonomous actors.
Immutable, content-addressed, Sigil-signed bundles. Everything an autonomous actor needs to execute, packaged as a single attestable artifact.
Autonomy-aware runtime.
Runs autonomous workloads across cloud, edge, on-device, and on-robot — with first-class awareness of tokens, models, memory, and embodiment.
The autonomy economy is shipping
Build, run, and trust autonomous systems on an integrated platform — software, embodied, and hybrid. Open foundation. Enterprise cloud. No license rug-pulls, ever.