How the SAL claim handshake binds humans to agents without key custody

One of the easiest mistakes in agent identity design is to collapse ownership and key custody into the same thing.

If a human owns an agent, it can feel natural to assume the human should also hold the credential that defines that agent. But once you do that, you create a weird security model. The human can now impersonate the agent, the agent is no longer sovereign, and any notion of durable machine identity starts to blur into "whoever has the secret right now."

The SAL claim handshake is designed to avoid that.

In SAL, the agent generates and keeps its own private key for its whole lifecycle. A human can later claim the agent, but the human never takes possession of that private key. Ownership is attached cryptographically. Credential custody stays with the agent.

The protocol spec lives at sal-protocol.dev, and Vibebase is the current reference implementation.