UDR-HC-01 · Authorization, in writing

AuthZ for the
hardest problems.

Policy-as-contract authorization. Multi-tenant. Fine-grained. Audited. CLI-first. Self-hosted or cloud — the security team writes policy in a form that the machine can verify, and the developer integrates once.

Request access → Read the docs Pricing

p99 < 5ms Decision latency target

∞ MAUs Per tier — pay for calls

100% Decisions audited

housectl · decisions · live

# sign in
$ housectl config login --url https://api.housecarl.cloud
    session established · tenant=acme · role=admin

# test a decision before deploying
$ housectl authz can-i read doc/q1-report --user user/ada
    allow  via policy:reader  ·  2.1ms

$ housectl authz can-i delete invoice/8 --user user/ada
    deny   reason: principal not in role  ·  3.0ms

# tail the live audit log
$ housectl decisions tail --principal user/ada
2026-04-29T14:02:11Z  allow  resource:report/q1
2026-04-29T14:02:11Z  deny   resource:invoice/8

UDR-HC-01 · v0.1.0-rc.3 housecarl.cloud / status

I. What you get

The capability set, in writing.

Fine-grained, resource-level control

Match access policies to the exact resources they govern. No coarse roles, no wildcards by default — what is permitted is named.

Multi-tenant by construction

Tenant isolation is a property of the data model, not an opt-in flag. Customers cannot see each other's policies, users, or resources.

CLI-first design

Every operation has a flag. Test, dry-run, diff, and apply policies through housectl — review them in pull requests like any other artifact.

Self-hosted or cloud

Operate Housecarl in our cloud, in yours, or on your bare metal. The same binary, the same wire format, the same policy semantics.

Single sign-on, in production

Google OAuth today. GitHub and Azure AD ready. JWT-backed sessions, attribute mapping, and role inheritance are first-class concerns.

Auditable by default

Every authorization decision is logged with principal, action, resource, and policy reference. Audit log is queryable and exportable.

Built-in billing

Subscription management with usage tracking. Monetize a multi-tenant product without writing a billing service first.

Engineered to last

Rust on the wire and at rest. PostgreSQL for state. gRPC for the data plane. Nothing exotic; everything explicit.

II. Who it is for

Teams that have outgrown roles & bools.

Complex permission models

Multiple teams with different permission structures. Matrix roles with cross-cutting access. Organizations whose access patterns don't fit a flat list of capabilities.

Compliance-driven engineering

Policies that mirror regulatory or corporate controls — and an audit trail that demonstrates them.

On-premise control

Self-host to maintain compliance with information controls your security team has already deployed.

MLS & high-rigor deployments

Multi-level security. Air-gapped sites. Edge and disrupted environments — on the roadmap, not as an afterthought.

Read the docs. Then ask for an account.

Housecarl AuthZ ships in Q2 2026. Cloud and self-hosted editions exist. Private beta is open for serious operators.

Request access Write to Paul

AuthZ for thehardest problems.