The vault embodies a principal-agent relationship where the BCR-2026-xxx framework applies directly. The five terms defined in the Self-Sovereign Identity domain map to concrete vault mechanisms:
| Self-Sovereign Identity Term | Vault Implementation |
|---|---|
| Principal | Vault owner ([[Christopher Allen]]↑) — directs all work, reviews outputs, bears responsibility |
| Agent | Claude Code sessions — generate content, execute tasks, operate within conferral |
| Conferral | Rules, skills, processes — what Claude may do, how, and within what boundaries |
| Authorship | Claude generates content: notes, summaries, code, form extractions |
| Responsibility | The vault owner reviews, approves, and stands behind every committed change |
The authorship/responsibility split is visible in every session. Claude authors draft content. The vault owner accepts, rejects, or revises it. Git commits carry the owner’s signature (-S -s), not Claude’s — because responsibility, not authorship, determines attribution.
The vault satisfies all three conditions for meaningful authority:
Legibility — The vault owner can observe what Claude does and comprehend why. Session logs record actions. Learning loops capture process insights. WORKSTATE.md tracks current task and progress. The AskUserQuestion tool surfaces decisions that require human judgment. Nothing happens invisibly.
Boundaries — Claude operates within constraints the vault owner established. Rules define imperatives (what must and must not happen). Skills define capabilities (what Claude can do). Processes define workflows (how multi-step operations proceed). The paths: trigger system loads constraints contextually — Garden/ files get garden rules, meeting files get meeting rules.
Override — The vault owner can intervene at any time. The AskUserQuestion tool creates approval gates. The commit protocol requires human sign-off. The directed_at:: predicate on inquiry forms flags questions requiring human judgment. Session exit checkpoints verify state before closing. The vault owner can revoke any conferral by editing rules.
The vault’s conferral system has explicit structure:
Each mechanism is editable by the vault owner, version-controlled in git, and subject to review. The conferral chain is legible: any session can trace its authority from CLAUDE.md through rules to the specific skill being invoked.
The model distinguishes augmentation from substitution. Augmentation preserves the principal’s authority — Claude extends capability while the human retains judgment. Substitution erodes authority — the agent makes decisions the principal cannot see, understand, or override.
The diagnostic: if removing the human from the loop changes nothing about the system’s behavior, the relationship has shifted from augmentation to substitution. The vault’s approval gates, learning loops, and commit protocols exist to prevent this drift.