Prototype Only

Broker Permission Consent

Requested tier: Read-only account visibility. These screens demonstrate permission copy and acknowledgements only; they do not connect to any provider.

Broker permission consent screens are prototypes only. They do not connect brokers, store tokens, place orders, deploy strategies, edit schedules, or modify runner state.

Permission Tiers

Read-only account visibility read_only

Allowed In This Tier

View masked account metadata after a reviewed provider flow exists.
Sync balances, buying power, holdings, historical activity, and connection health.
Show customer-owned account data only to the customer and authorized admins.

Still Blocked

No paper or live automation.
No account binding.
No broker credential collection in OmniMint tables.

Paper deployment candidate paper

Allowed In This Tier

Paper-only strategy/account binding after evidence review.
Risk-limit preview and paper-first approval checks.
Immediate revocation and kill-switch handling.

Still Blocked

No live access.
No funding, withdrawals, margin changes, or account profile edits.
No bypass around human paper-review approval.

Live candidate review live_candidate

Allowed In This Tier

Future live-readiness review after paper evidence exists.
Additional compliance, broker, and explicit customer confirmations.
Strict kill-switch and revocation checks before any future live path.

Still Blocked

No default live automation.
No unreviewed strategy version swaps.
No live enablement without compliance and broker approval.

Required Acknowledgements

I understand this prototype does not connect a real brokerage account.
I understand subscription access and broker permissions are separate.
I understand read-only, paper, and live-candidate tiers require separate review.
I understand revocation must immediately disable affected future capabilities.
I understand strategy performance is not guaranteed and this is not investment advice.

Revocation Language

Scenario	Prototype Copy
User Disconnect	Disconnecting should stop sync and disable affected future bindings immediately.
Provider Revoked	If a provider revokes access, OmniMint should mark the connection disabled and require a fresh consent flow.
Token Expired	Expired tokens should pause sync and block future deployment actions until reauthorized.
Admin Block	Admins can block a connection for safety, fraud, compliance, or incident response.
Security Incident	Security incidents should activate the strictest affected kill switch and preserve audit history.