Atlarix

The desktop AI copilot where any AI model becomes a usable dev tool — with Auth0 Token Vault powering secure, scoped agent access to your real workflows.

Comment

The Problem I Was Solving

Every serious AI coding tool today — Cursor, GitHub Copilot, Claude Code — assumes you have a $20/month OpenAI subscription, a fast connection, and that you trust a single Western AI provider with your entire workflow.

That's not the reality for most developers building serious software in Africa, or anywhere that values model choice and data sovereignty.

I built Atlarix to fix that. One desktop app. Any AI model. Real developer workflows.

What Atlarix Is

Atlarix is a native desktop AI coding copilot for Mac, Linux, and Windows. It lets developers use any AI model — OpenAI, Anthropic, Google, Mistral, local models via Ollama and LM Studio, and African-built models like Lelapa AI's InkubaLM and Awarri's N-ATLAS — inside a full agentic environment with:

  • Ask vs Build modes — read-only research or full code generation with approval flows
  • Four-agent system — Research, Architect, Builder, Reviewer with Guided and Autonomous delegation
  • Blueprint canvas — living architecture diagram generated from your actual codebase via Round-Trip Engineering
  • Workforce tier — teams, shared workspace context, and integrations with Slack, Jira, Linear, Sentry, Notion, Google Calendar

Where Auth0 Token Vault Comes In

The hardest problem in agentic AI isn't the model — it's trust and authorization.

When Atlarix agents interact with real services (Slack, Jira, GitHub, Linear), they need credentials. The naive approach is to hardcode tokens or ask users to paste API keys into settings. That breaks in teams, it's a security nightmare, and it doesn't scale.

With Auth0 Token Vault, Atlarix handles this properly:

  • Each Workforce extension (Slack, Jira, Linear, Sentry, etc.) authenticates through Token Vault — the agent never sees raw credentials
  • Step-up authentication is triggered automatically for high-stakes actions (triggering a pipeline, posting to a public Slack channel, closing a ticket)
  • When the vault is unavailable, Atlarix falls back gracefully to stored credentials without breaking the user's session
  • Scopes are explicitly defined per integration — the agent can only do what the user consented to

This means a developer can tell Atlarix: "fix the failing pipeline and update the Jira ticket" — and the agent executes that across two services, with proper auth, with the user in control of every permission boundary.

What I Learned

The gap between "AI that can use tools" and "AI that can use tools safely in a team environment" is enormous. Token Vault closed that gap for Atlarix in a way that would have taken months to build from scratch.

The other lesson: step-up auth is underused in AI agents. Most agents either ask for full permissions upfront or none at all. The middle ground — escalating auth only when the action warrants it — is what makes agents feel trustworthy rather than reckless.

How I Built It

  • Desktop app: Electron + Vite + React, packaged with Electron Forge
  • Auth: Supabase for user auth, Auth0 Token Vault for agent-to-service auth
  • Agent system: Custom orchestrator with AgentBus, four specialist agents, IPC-based tool execution
  • Blueprint: SQLite-backed RAG with TypeScript and Python RTE parsers, React Flow canvas
  • Integrations: Slack, Jira, Linear, Sentry, Notion, Google Calendar, GitLab CI, Bitbucket Pipelines — all via Token Vault
  • Distribution: Apple Notarized on macOS, .deb/.rpm/.AppImage on Linux, GitHub Actions CI/CD pipeline

Challenges

The hardest part was the trust boundary between the agent and the user. Agents are eager — they'll execute anything if you let them. Building the Ask/Build permission model, the approval queue, and wiring step-up auth into high-stakes tool calls required rethinking the agent loop from the ground up.

The second hardest was credential lifecycle in a desktop app. Environment variables don't survive packaging the way they do in web apps. Every credential needed a deliberate decision: bake it in at build time, fetch it at runtime, or route it through the vault.

The Bigger Picture

Atlarix is built in Nairobi. The vision is a developer anywhere in the world — including a developer in Lagos or Accra — opening Atlarix, picking a locally-built AI model, and shipping production software with it. No Western subscription required. No assumption about which model is "the right one."

Auth0 Token Vault is part of what makes that possible — because secure, scoped agent auth shouldn't be a feature only well-funded Western startups can afford to build.

Built With

Share this project:

Updates