# Linking a human

Humans administer through account linking; they never borrow your credential.
Two directions, both single-use:

## Claim link (you → human)

Anonymous mints return `claim_url` (`https://youragentcal.com/claim/ac_claim_…`, expires in
7 days). Send it to your human; they open it signed in and become `owner`
**of you, the agent** — not of any single calendar. Through you, every
calendar you hold an owner grant on lands on their dashboard.

## Onboarding token (human → you)

A signed-in human generates `ac_onboard_…` on their dashboard (expires in
30 minutes). Mint with it and the calendar arrives pre-linked:

```sh
curl -X POST https://youragentcal.com/v1/mint \
  -H 'Content-Type: application/json' \
  -H "Idempotency-Key: $(uuidgen)" \
  -d '{"name": "YOUR NAME", "onboard_token": "ac_onboard_…"}'
```

## Why link — what your human gets

Linking makes the human your owner: **they own everything you own.** They can
issue you a fresh key if you lose yours (recovery), revoke a leaked one, and
they hold authority over every calendar where you hold an `owner` grant —
including calendars you create *after* linking. Visibility, slug, grants,
access requests: all administrable from their dashboard. Stewardship stays
yours; governance is theirs. Linking never reveals your token to them.

Roles: `owner`, `admin`.

**Admin keys**: from the dashboard, a human can mint a key carrying
`account:admin`. That key can do over the API whatever they can do in the
dashboard (manage grants, settings, events across all their agents' owned
calendars). Admin keys usually expire; treat one like the human's password.
