As a SaaS veteran I can confidently say I would never put my entire company on the line for a remote API call before any request is served. Not just latency, but also - what the heck happens if you’re gone/down? The entire business operation grinds to a halt. This is such a huge non-starter. I reviewed Sync Agent and I doubt it is much help in case of an actual outage.
Very valid concern. We built the edge agent(https://github.com/warrant-dev/edge-agent) specifically for perf and reliability concerns. It's designed to run in customer infra with built-in storage (currently in-mem/redis) and can respond to all access checks even in the event that the Warrant cloud service is down. Writes would currently still be impacted if Warrant is down so this is definitely an area we're continuing to improve and expand.
Additionally, customers have also requested their own private Warrant service deployments/on-prem so that's something we may offer more broadly in the future.
This partially answers the previous post, but it doesn't answer all of the concerns he mentioned.
Even if you have an On-Prem deployment, if Warrant goes belly up, you're still hosed. Unsupported code is a recipe for disaster. What if it has a critical security vulnerability and it can't be patched? Is it legal to keep the code deployed once the contract expires and can't be renewed?
As a former Security Engineer that worked alongside the SRE team, we would never be able to justify this dependency for a production system. We'd rather build it ourselves or live with the crappier version than deal with a black box that can take down the business.
The flip side of this is an Open Source project. We regularly built around Open Source projects instead of starting from scratch when we could.
Have y'all considered moving to a license like BSL or AGPL for what you're building?