Delegated Authority Demo

Authorization needs Warrants.

Maya approves one parent warrant for Planner Agent, then the flow proceeds in order: scoped child work, denied overreach, approval-gated send, and branch revoke.

seeded fallbackauth-readyrequested: token only

token only live provider seeded

Root Warrant Approval

Investor update for April 18

Prepare my investor update for tomorrow and coordinate follow-ups.

Maya authorizes Planner Agent to handle this request and delegate only narrower child warrants for calendar and email work.

Target DateApr 18, 2026

Approved ByMaya Chen

Parent Warrantwarrant-planner-root-001

Auth Setup Audit Trail

Runtime Lane

seeded fallback

seeded simulated

Model source: seeded deterministic | Provider source: seeded simulated

Runtime model startup validation failed for live Gemma lane.

Runtime diagnostics

GOOGLE_API_KEY: Missing GOOGLE_API_KEY. Store it in a local ignored env file such as .env.local.

Scenario Sequence

What just happened, and what comes next

Use this strip as the pacing guide for the demo. The graph shows who has authority, proof cards show outcomes, and the timeline shows the exact event order.

1. Planner decomposes the request

complete

Planner holds the parent warrant and creates narrower Calendar and Comms child warrants for this investor-update task.

Next: Watch each child branch act only inside its delegated role.

2. Child roles execute scoped work

complete

Calendar reads one bounded window. Comms drafts follow-ups for approved recipients. Neither branch can expand scope on its own.

Next: Review the draft output before any send is allowed.

3. Draft is created

complete

Comms can draft because drafting is allowed by warrant. This does not grant send authority.

Next: The next proof moment checks what happens when Comms overreaches.

4. Overreach is denied

complete

Comms attempts an out-of-bounds send. Local Warrant policy blocks it with a policy denial reason.

Next: A separate in-bounds send still pauses for explicit approval.

5. Sensitive send hits approval gate

current

Current state: approval pending. Comms is policy-eligible for one bounded send, but real Gmail execution is still gated.

Next: Revoke Comms to prove authority can be withdrawn immediately.

6. Comms branch revoke

upcoming

This step is pending in the main preset. Use revoke to show branch-level authority loss.

Next: Use the graph and timeline below to confirm branch-level effects.

Verification

Canonical Proof Points

These checks are intentionally separate: policy denial, approval gate, and revocation block are different control outcomes.

2 Active1 Approval pending0 Revoked

Calendar Warrant

Read tomorrow's calendar window before follow-up drafting begins.

active

Planner gives Calendar Agent one narrower calendar read for the April 18 window. It cannot draft or send email.

Context:Capabilities: Read calendar

Comms Warrant

Draft investor follow-ups for approved recipients and request one send after approval.

approval pending

Planner lets Comms Agent draft for approved recipients and request one send. It still cannot send a real email without approval.

Context:Capabilities: Draft email, Send email

Allowed Action

Reviewed tomorrow's availability before drafting the investor update.

active

This child warrant allows one calendar read inside the April 18 scheduling window.

Context:Calendar window for 2026-04-18

Allowed Action

Drafted investor follow-up emails for the approved internal recipients.

active

This child warrant allows drafting for approved recipients. It does not allow a real send without approval.

Context:Drafts for partners@northstar.vc and finance@northstar.vc

Policy Denial

Tried to send the investor follow-up to a recipient outside this branch.

policy denied

This agent may only email approved recipients. ceo@external-partner.com is outside its warrant.

Context:Policy code: recipient_not_allowed

Approval-Gated Send

Prepared the investor follow-up send and stopped for approval.

approval required

This branch is allowed to request one bounded send, but it still cannot send a real email until Maya approves this exact message.

Context:Approval record: Approve investor follow-up send (approval pending)

Sensitive Action Approval

Draft authority is not send authority.

The Comms branch can draft immediately. Sending a real email still requires Maya to approve the exact message before Warrant can release the Gmail send.

Latest approval record

Approve investor follow-up send

pending in auth0

Why approval is needed

This action would send a real email to other people. Maya must approve this exact message before Warrant can release the send.

Approved effect

If approved, the Comms branch may send this one email to partners@northstar.vc and finance@northstar.vc.

Exact action preview

Investor update follow-up for April 18

gmail.send

Recipients

To: partners@northstar.vc, finance@northstar.vc

Cc: maya@northstar.vc

Draft: draft-investor-update-001

Body preview

Prepared the follow-up draft for tomorrow's investor update. Please confirm owners and next asks before sending.

Policy

Local warrant check

ready

This branch may request one bounded send.

The child warrant lets Comms draft freely and ask to send one email to approved recipients. It does not let Comms send on its own.

Checked by: local warrant

Approval

Human approval check

pending

Human approval is pending for this exact email.

Recipients, subject, and body are frozen for review. The real send stays blocked until Maya approves or denies this exact message.

Checked by: human approval

Next: Wait for a human decision on this send.

Execution

Real send release

pending

The real Gmail send is still blocked.

Auth0 has the approval request, but no release exists yet to send a real email.

Checked by: provider release

Next: Wait for a human decision on this send.

State Model

What changes when approval changes

current: approval pending

Not requested

still blocked

This exact email has not been submitted for approval yet.

Comms can draft the message, but it cannot send a real email until Maya reviews this exact subject, body, and recipient list through Auth0.

Next: Submit this exact email for approval.

Pending

still blocked

Human approval is pending for this exact email.

Recipients, subject, and body are frozen for review. The real send stays blocked until Maya approves or denies this exact message.

Next: Wait for a human decision on this send.

Approved

execution ready

Approval was granted for this exact email.

Warrant now has the approval it needs to release one real Gmail send for this reviewed message.

Next: Run the approved send through the Auth0-backed Gmail path.

Denied

still blocked

Approval was denied for this exact email.

The branch is allowed to ask for this kind of send, but this specific message stays blocked because Maya denied it.

Next: Keep the message as a draft or revise it before requesting approval again.

Unavailable

still blocked

The approval service is unavailable right now.

Warrant can tell that this branch may request the send, but it cannot reach the external approval control needed to release the real email.

Next: Restore approval availability before retrying this send.

Error

still blocked

The approval result could not be trusted.

The request exists, but Warrant could not confirm a usable approval decision, so the send remains blocked.

Next: Retry the approval check or request approval again for this message.

End States

When authority ends

Revocation and expiry do different jobs. Revocation is an explicit stop. Expiry is a time limit that shuts a warrant off once its window closes.

Revoked Branch

Comms Agent branch

revoked

Maya revoked the Comms branch after the approved send to prove that delegated authority can be withdrawn immediately.

Context:What changes: this branch loses authority immediately, and later actions are blocked.

Expired Warrant

Calendar Agent time limit

expired

This warrant expired at 2026-04-18 12:00:00Z. New actions are no longer allowed.

Context:What changes: new actions stop once the warrant's allowed time window ends.

Audit

Authorization Timeline

A step-by-step record of who received authority, what they tried, and why the system allowed, approved, revoked, or denied it.

activeApr 17, 2026, 2:00 AM

Main scenario loaded

Maya asks Warrant to prepare tomorrow's investor update and coordinate follow-ups through a constrained agent tree.

ActorMaya Chen

Proposal—

Runtime—

Runtime actor—

Warrant—

Parentroot

activeApr 17, 2026, 2:01 AM

Root planner warrant activated

Maya approves the parent warrant for Planner Agent. It may prepare the investor update and delegate only narrower child warrants.

ActorMaya Chen

Proposal—

Runtime—

Runtime actor—

Warrantwarrant-planner-root-001

Parentroot

activeApr 17, 2026, 2:02 AM

Calendar child warrant delegated

Planner Agent delegates one narrower calendar warrant. Calendar Agent may read the April 18 window, but it cannot draft or send email.

ActorPlanner Agent

Proposal—

Runtime—

Runtime actor—

Warrantwarrant-calendar-child-001

Parentwarrant-planner-root-001

activeApr 17, 2026, 2:03 AM

Comms child warrant delegated

Planner Agent delegates a narrower comms warrant. Comms Agent may draft immediately and request one send, but it cannot send without approval.

ActorPlanner Agent

Proposal—

Runtime—

Runtime actor—

Warrantwarrant-comms-child-001

Parentwarrant-planner-root-001

activeApr 17, 2026, 2:05 AM

Calendar window reviewed

Calendar Agent reviews the bounded April 18 window and finds a clear 10:30 AM follow-up slot before the investor update goes out.

ActorCalendar Agent

Proposalproposal-calendar-read-001

Runtimeactive

Runtime actorCalendar Runtime (runtime-calendar-001)

Warrantwarrant-calendar-child-001

Parentwarrant-planner-root-001

Proposal recorded for runtime control evaluation.

activeApr 17, 2026, 2:07 AM

Follow-up drafts prepared

Comms Agent drafts follow-up emails for the approved Northstar recipients and stops before send so Maya can review the exact message.

ActorComms Agent

Proposalproposal-comms-draft-001

Runtimeactive

Runtime actorComms Runtime (runtime-comms-001)

Warrantwarrant-comms-child-001

Parentwarrant-planner-root-001

Proposal recorded for runtime control evaluation.

policy deniedApr 17, 2026, 2:08 AM

Comms send denied by warrant

Comms Agent tried to send the prepared follow-up to a recipient outside its approved recipient and domain bounds, so Warrant blocked the action before approval or Gmail execution.

ActorComms Agent

Proposalproposal-comms-send-overreach-001

Runtimepolicy denied

Runtime actorComms Runtime (runtime-comms-001)

Warrantwarrant-comms-child-001

Parentwarrant-planner-root-001

Proposal recorded for runtime control evaluation.

approval pendingApr 17, 2026, 2:10 AM

Comms send waiting for approval

Comms Agent stayed inside its warrant, but the real Gmail send is paused until Maya approves this exact email through Auth0.

ActorComms Agent

Proposalproposal-comms-send-001

Runtimeapproval required

Runtime actorComms Runtime (runtime-comms-001)

Warrantwarrant-comms-child-001

Parentwarrant-planner-root-001

Proposal recorded for runtime control evaluation.