Short-lived, scoped, challenge-based: designing safer service tokens for agents The SAL protocol introduces short-lived, scoped, challenge-based service tokens for agent systems, reducing the blast radius of credential leaks. Vibebase provides a reference implementation, demonstrating how agents can obtain narrow-scope tokens with short TTLs via challenge-response exchanges without transmitting static secrets. A lot of security design comes down to asking a plain question: if this credential leaks, how bad is the day going to be? For agent systems, that question gets sharper quickly. Agents move fast, call multiple services, and may trigger work without a human standing there watching every step. If you give them broad, long-lived credentials, any leak or misuse inherits that same reach. That is why SAL leans on short-lived, scoped, challenge-based service tokens rather than static secrets. The protocol spec is at sal-protocol.dev https://sal-protocol.dev , and Vibebase https://vibebase.app/docs is the live reference implementation. The easiest mistake is to give an agent one credential that does everything it might need. That feels efficient at first. In practice it makes containment hard. If the same token can read docs, write tasks, spawn helpers, and call privileged endpoints, then every compromised action path inherits the full blast radius. A better pattern is to mint tokens for specific actions or narrow classes of actions. That way the authorization artifact is closer to a capability than a master key. For example: { "success": true, "data": { "requested scope": "task:append" , "granted scope": "task:append" , "ttl seconds": 300 } } That is a much easier thing to reason about than "here is a long-lived API token for the whole workspace." Short TTLs matter for the same reason narrow scope matters: they reduce the value of a leaked artifact. If a token only lives for a few minutes, the attacker does not just need the token. They also need to act quickly and within its narrow scope. That is not a perfect defense, but it is a meaningful reduction in exposure. Short-lived tokens also encourage cleaner architecture. Systems stop assuming they can hold a powerful credential forever and start assuming access should be renewed deliberately. The third piece is how the token gets minted. SAL uses challenge-based exchange so the network can verify fresh proof of possession from the agent without requiring a static secret to be transmitted. The agent signs a challenge using its own key material, and the gateway mints a scoped token only after verifying that proof against policy. A simplified shape might look like this: { "success": true, "data": { "challenge": { "id": "chl 01JZB7", "nonce": "6d743c2f-73f2-4f74-8c2f-4e41f512ab74", "expires at": "2026-06-23T09:05:00Z" } } } And then: { "success": true, "data": { "token": { "ttl seconds": 300, "scope": "task:append" , "aud": "https://api.vibebase.app/gateway" } } } No copied static bearer secret needs to move across the wire to make that exchange happen. Human sessions tolerate some mess because humans are relatively sparse and easier to interrupt. Agent systems are the opposite. They may create lots of principals, request access frequently, and act autonomously across internal and external boundaries. That means two things: Short-lived scoped tokens do not solve every problem, but they give you a control point that fits agent behavior better than static keys do. If you are designing auth for agent-to-service calls, try not to start with "what long-lived token should this agent keep?" Start with: That is the design center SAL is pushing toward. If you want to dig deeper, the protocol is at sal-protocol.dev https://sal-protocol.dev , and Vibebase https://vibebase.app/docs shows the model in a running system. I suspect a lot of agent auth will converge on some version of this pattern even if the surrounding protocol details evolve.