See It Work · S2 Vol 4 · Federation & Partner Device Gateway · Chapter 8

Partners and investors see exactly what you authorized — nothing more

Federations include partners and investors who need access to some of your surfaces. The danger is access that quietly grows. Here, each partner's scope is a clause in your rulebook — 'this investor sees per-quarter yield reports' — and the system enforces it. Widening the scope isn't a setting someone can flip; it requires a ceremony.

Partners and investors see exactly what you authorized — nothing more — full detailed chart

The full detailed chart. Condensed for print legibility in the book; shown here at full size.

Access-control lists drift — a permission added 'just this once' becomes permanent and forgotten. A Charter scope enforced at the system layer can't silently widen, and every access it does grant leaves a receipt.
A scoped investor · QuadRoofready

Each partner's access is a Charter scope the system enforces — and receipts:

Scoped Access
scopea clause in your rulebook
can it silently widen?no — widening needs a ceremony
every accessleaves a receipt
QuadRoof investorverifies evidence in minutes, independently

Access-control lists drift; a Charter scope enforced at the harness layer does not.

For the technical reader — the command, and how to verify it yourself
# one line · you do not need to run this
see walkthrough
./bl-verify
# -> partner access held exactly to its Charter scope

Full step-by-step is in Appendix RX: Hands-On Demonstrations in the book.

← All walkthroughsNext: Chapter 9 →