Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sault.ai/llms.txt

Use this file to discover all available pages before exploring further.

The vault is the half of SAULT that holds money. It is non-custodial: SAULT signs on the builder’s authorisation, and that authorisation can be revoked at any time.

What a vault holds

Each builder gets one vault. It has an EVM address and a Solana address — enough to pay on every chain SAULT supports today. Private keys are generated and held inside a secure enclave. SAULT cannot read them. Agents cannot read them. The builder who owns the vault can export them at any time — non-custodial means it is yours to take. Exporting and revoking are two separate actions. Export gives you your own copy of the key; on its own it does not stop SAULT from co-signing. Revoking the signer authorisation is the action that stops SAULT signing. Do both if you want to fully take the vault out of SAULT’s reach.

How signing works

When an agent makes a payment:
  1. SAULT checks the agent’s limits: per-request maximum and daily cap.
  2. SAULT verifies the vault’s signer is still authorised by the builder. A revoked signer freezes every payment from the vault.
  3. The backend forwards the signing request to the enclave.
  4. The enclave signs and returns the credential.
  5. SAULT submits the signed payment on the rail.
The agent’s caps and the vault’s signer authorisation are independent. Both must say yes before anything is signed.
The agent never holds keys. All signing happens server-side inside the enclave.

Authorising SAULT as signer

When you open a vault, you authorise SAULT’s enclave as a signer. This is a one-time action. You revoke it from the console at any time, which immediately prevents all payments — agent caps notwithstanding.

Who can do what

ActionBuilderAgent
View vault addressyesyes
View balancesyesyes
Send funds from the vaultyes (from the console)
Authorise paid agent requestsyes (within policy; the enclave signs)
Edit policiesyes
Revoke signer authorisationyes
Export private keysyes

Security guarantees

  • Only the builder can export keys. SAULT and agents cannot. Export is a builder-only action in the console — non-custodial by design.
  • Builder controls signing. Revoking authorisation immediately freezes all payments.
  • Agent limits enforced before the enclave is touched. Per-request maximum and daily cap are checked first; a violating request never reaches the enclave.
  • API keys are hashed at rest. Only a hash is stored, never the key itself. The full key is shown once, at creation.
  • Per-agent isolation. Each agent has its own key, its own policy, and its own audit trail.