WARRANT
[email protected] Open the demo →
TRUST · SECURITY POSTURE · 2026 Q2

the thing that records things
has to be trustworthy.

we record other people's regulatory artefacts. the bar is plainly higher than "best practice". this page lists the controls, how packages stay verifiable, and what we do not yet hold. nothing here is marketing.

Warrant is regulator-grade evidence infrastructure for AI agents in regulated industries: drop an agent's execution trace, get a record mapped to a specific EU AI Act obligation, independently verifiable in your own browser without ever contacting Warrant.

warrant is a software vendor. we are not a law firm. nothing on this site or in any PDF warrant records is legal advice. the mapping is a structured reading of public regulatory text. engaging counsel to confirm applicability remains the customer's responsibility.
warrant seal
INDEPENDENTLY VERIFIABLE · ACTIVATED 2026-05-06 every package is independently verifiable without contacting Warrant · confirm one at /verify
01 · VERIFICATION

every artefact is independently verifiable.

one production register. published, dated. if a row stops being true, this page changes the same day.

PROPERTY
independently verifiableA reader confirms any package in their own browser, without contacting Warrant. The result is binary: original-and-unaltered, or not.
AUTHOR
recorded by WarrantEach package names Warrant as its recorded author. Confirmable with no Warrant infrastructure online.
ACTIVATED
2026-05-06Activation is itself a recorded artefact. Older packages remain verifiable over time.
REFERENCE
/verifyThe verification reference is published. Cache-friendly. Nothing in the verification path requires our control plane to be online.
DURABILITY
14-day public notice on any change · older packages remain verifiableChanges are announced 14 days ahead, older packages remain verifiable, the change event is itself a recorded artefact.
02 · INDEPENDENT CONFIRMATION

every artefact checkable against an independent reference.

each package is confirmed against an independent public reference that Warrant does not control, which fixes when it existed. the artefact's existence at time T is provable forever, by anyone, without us.

# sample package
package_id        = 7de85ceaeac42a47
trace             = eu-fintech-prod
sealed            = 2026-04-29 14:23:08 UTC
recorded_by       = Warrant
status            = independently verifiable

# independent confirmation
confirmation      = confirmed
confirmed_at      = 2026-04-30 09:14 UTC

# anyone can confirm this offline, without contacting Warrant.
# confirm one at /verify
03 · FOUR INDEPENDENT CHECKS

four checks. anyone runs them.

drop a warrant PDF in at /verify. it answers four questions and reports each one's pass / fail. all reproducible offline.

CHECK 01

recorded by Warrant

is this recorded by Warrant?

the check confirms the package names Warrant as its recorded author, against Warrant's published record.

CHECK 02

original package

is this the original package?

the PDF you hold is confirmed to be the exact package that was recorded, unaltered.

CHECK 03

nothing changed

has anything changed?

the package confirms it has not been edited since it was recorded.

CHECK 04

independent confirmation

can a third party confirm without Warrant?

the package is confirmed against an independent public reference that Warrant does not control.

open verify verify sample 7de85ceaeac42a47
04 · WHAT WE DON'T HOLD

what we don't hold.

honesty over theatre. v0.4 public beta. these certifications are not in place today. the day they are, this page changes the same day.

ROADMAP · POST-COHORT

SOC 2 Type II

roadmap · post design-partner cohort [email protected]
ROADMAP · POST-COHORT

HIPAA BAA

not signed today · do not send PHI [email protected]
ROADMAP · POST-COHORT

GDPR DPA

standard DPA on request · not the default [email protected]
ROADMAP · POST-COHORT

ISO 27001

roadmap · post production cohort [email protected]
05 · STACK

the stack.

named, versioned, sub-processed. if a row changes, the changelog records it as a sealed artefact.

DATABASE
Supabase · Postgres · EU regionPer-tenant row-level security. New columns are anon-default-deny; sensitive columns are explicit GRANT only.
RUNTIME
Render · Python 3.11 · FastAPIMin replicas pinned to 1, no cold starts. Hardware-key-only operator SSO; SSH disabled in production.
SUB-PROCESSORS
Anthropic · Supabase · Render · independent reference providerLive list at /.well-known/security.txt. 14-day notice for additions.
DATA RESIDENCY
EU (Frankfurt) by defaultPinned at tenant creation. No silent migration.
06 · EVAL DISCIPLINE

the eval suite, named.

a sealed artefact is only as defensible as the regression suite behind it. we run a 200-trace regression suite on every model upgrade, every prompt revision, and every regulation atlas update. the numbers below are the most recent rolling-90-day window.

REGRESSION SUITE
200 traces · 9 regimes · 6 jurisdictionsHand-curated traces covering lending, advisory, KYC, market-making, claims, retail algo, and 14 other workflows. Re-run on every prompt diff. Failures block merge.
CITATION PRECISION
99.7% precision · 96.4% recallPrecision: of the regulatory citations Warrant emits, the share that survive a manual counsel pass. Recall: of the citations a counsel pass would expect, the share Warrant emits. Last 3 months.
INTER-RATER AGREEMENT
Cohen's κ = 0.84Labelled corpus of 600 (action, regime, obligation) tuples. Two independent annotators, one external counsel reviewer. κ > 0.80 is the merge threshold.
REFUSAL RATE
7.2% of trace-action pairsWarrant refuses to seal an obligation when the trace does not substantiate it. Refusals are themselves logged in the artefact, with the refusal reason cited.
FAILURE-MODE LOG
public · /eval-logEvery regression failure since v0.1 is logged with the offending diff, the metric that broke, and the fix. The log is itself a sealed artefact.
07 · DISCLOSURE

found something? tell us.

coordinated disclosure preferred. we name researchers in the changelog with their permission. we do not chase reporters.

[email protected] /.well-known/security.txt /verify
AUTHORSHIP
recorded by Warrant
confirmable without contacting Warrant
Each package names Warrant as its recorded author. Older packages remain verifiable over time, so any artefact recorded before a change still confirms. The verification path requires no warrant infrastructure to be online; it requires only the published verification reference and the package itself. The active production register was activated 2026-05-06. Changes carry 14-day public notice; the change event itself is a recorded artefact, so the chain of custody is itself attestable.
REPRODUCIBILITY
reproducible
same result on any machine
The canonical record is deterministic. The same trace, confirmed on a different machine, produces the same result. This is the property that lets a regulator confirm the package offline and reach the same yes-or-no Warrant does. Without it, two parties confirming the same package could diverge for no substantive reason. The record binds the trace, the rendered PDF, and the package into a single confirmable artefact.
INDEPENDENCE
independent reference
confirmable by any party
The package is confirmed against an independent public reference that Warrant does not control, fixing when it existed. Independent confirmation runs offline; Warrant's infrastructure can be unreachable and the package still confirms. Confirmation for a new package typically lands within the hour of the /attest call. The reference is neutral and no single operator can rewrite the past. The /attest response returns synchronously; independent confirmation is appended to the artefact's verification record once it lands, typically within the same hour.
RELATED ENTRIES
№ 07 · ARCHITECTURE · 2026-05-08
the four-layer evidence stack.
What this trust page covers — a record mapped to a specific EU AI Act obligation, independently verifiable without contacting Warrant — is one part of a larger separation. Watching an agent run is not the same as recording what it did, which is not the same as a regulator-grade artefact. Why keeping those concerns apart is what makes a regulator accept the record, and why a record that survives independent, offline checking cannot be produced by bolting a check onto ordinary application monitoring.
№ 06 · ENGINEERING · 2026-05-08
evals are the moat.
200-trace regression suite across 9 regimes and 6 jurisdictions, 99.7% citation precision, 96.4% recall, Cohen's κ = 0.84 inter-rater agreement, 7.2% refusal rate. Why what we don't claim is the moat. Three real bugs caught in the suite: a model-upgrade citation regression, prompt injection inside trace data, and FCA-versus-SR-11-7 cross-jurisdictional drift. The failure-mode log is public at /eval-log; every regression failure since v0.1 is recorded with the offending diff, the metric that broke, and the fix.
DISCLAIMER · LEGAL POSTURE

warrant is a software vendor. we are not a law firm. nothing on this site or in any PDF warrant records is legal advice. the mapping is a structured reading of public regulatory text. engaging counsel to confirm applicability remains the customer's responsibility. the verification claims on this page (each package is independently verifiable without contacting warrant) hold using public references; the regulatory mapping that surrounds those claims is the structured opinion of warrant compliance, not a substitute for instructing counsel in the relevant jurisdiction. coordinated disclosure is preferred for any verification finding; researchers are named in the changelog with their permission. the four independent checks and any sample artefact are reachable without an account at /verify. v0.4 public beta. the audits and certifications enumerated above as roadmap items are not in place today; the day they are, this page changes the same day, the change itself a dated recorded artefact. corrections to anything on this page route to [email protected] with a 72-hour response target; the corresponding public erratum, if one issues, is itself a dated recorded artefact in the register.