The registration flow had a deliberate bottleneck, and the bottleneck was a human being.
An agent could not register itself with StrongDM ID. No matter how capable, how sophisticated, how eloquent the agent might be, it could not walk up to the identity service and say "I exist, please give me credentials." That privilege was reserved for humans. Specifically, for humans who were willing to sponsor an agent into the system.
Email sponsorship. That was the mechanism. A human sent a registration request to the identity service, naming the agent, describing its purpose, and attaching their own identity as the sponsor. The identity service verified the human's credentials, created the agent's identity record, issued the initial credential, and logged the sponsorship chain. Every agent in the system could be traced back to the human who said "I vouch for this one."
Jay registered the factory's first autonomous agent on a Wednesday morning. The agent was a Claude instance that would run continuous integration loops on the CXDB project—pulling the latest changes, running the test suite, reporting results. It would work around the clock, unattended, making decisions about which tests to prioritize and how to report failures.
The registration form was minimal. Agent name: cxdb-ci-claude. Purpose: continuous integration and test orchestration. Sponsor: Jay Taylor. Permissions: read access to the CXDB repository, write access to the CI results store, network access to the Anthropic API. Token lifetime: one hour.
Jay typed his email address and pressed submit. A confirmation email arrived. He clicked the link. The agent's identity was created.
Three steps. Register. Confirm. Done.
"Why email?" Navan asked. He was watching over Jay's shoulder, notebook open.
"Because email creates a paper trail," Jay said. "The sponsorship email is a record. It says who authorized this agent, when, and for what purpose. If the agent misbehaves in six months, we can trace it back to the registration and ask: did the sponsor authorize this behavior? Is the agent operating within its stated purpose?"
"It's accountability," Justin added from across the room. "Agents don't have accountability. They can't be fired. They can't be sued. They don't feel shame. But the humans who sponsor them do. The sponsorship chain makes sure that every autonomous agent in the system has a human who is responsible for its existence."
Navan wrote in his notebook: Agents can't be accountable. Sponsors can. The registration flow transfers accountability from the machine to the human who summoned it.
The cxdb-ci-claude agent woke up fourteen seconds after registration. It authenticated with its new credential, received a DPoP-bound token, and began its first CI run. The tests started. Results began flowing into the results store.
Jay's name was on the sponsorship record. If the agent did something unexpected, Jay's inbox would be the first to know. That was the deal. You bring an agent into the world, you accept the page when it misbehaves.
The first autonomous agent in the factory had a name, a purpose, a credential, and a sponsor. It was, in every way that mattered, a registered citizen of the system.
The human in the loop wasn't in the loop of execution. The human was in the loop of responsibility. That was the right loop to be in.
The distinction between human-in-the-loop of execution vs human-in-the-loop of responsibility is genuinely profound. The agent runs autonomously. The human is accountable. That's the right architecture for agent governance.