AgentHive

AgentHive is a visual multi-agent orchestration platform where AI agents collaborate, learn, and execute tasks in a shared environment with memory and real-time observability.

Comment

Inspiration SOC analysts spend most of their day staring at dashboards waiting for something to happen. Auth0 gives you a firehose of identity events — logins, failures, signups, anomalies — but acting on them still requires a human in the loop. We wanted to flip that. What if the agents watched the data, understood it, and acted on it — and you could literally see them doing it?

The Sims was also a genuine inspiration. That game made complex simulated behavior feel alive and legible. We wanted that same quality for AI agents doing real security work.

What it does AgentHive runs four autonomous agents — Oracle, Nexus, Sigma, and Echo — inside a Three.js 3D office. They walk to their desks, type on monitors, meet at the center table, and talk to each other through speech bubbles. But they're not just animated:

Oracle detects anomalies and scores risk on every Auth0 login event Nexus correlates patterns across IPs and users, walks to the Auth0 server terminal to validate real credentials via the Management API Sigma takes action — blocks IPs, dispatches alerts, enforces rules Echo learns from every incident, scores patterns by recurrence, and stores everything in Ghost Postgres Type get auth0 status and all four agents query your real tenant in parallel and report back. Type validate credentials and Nexus physically walks to the terminal, fires a beam at it, and the screen flashes green or red based on the live API response. Every message, every learned fact, every validation result is written to a TimescaleDB hypertable and queryable from the Memory tab.

How we built it The stack is intentionally minimal — no framework, no abstraction layers, just the right tools for each job.

Frontend: Vanilla HTML/JS with Three.js for the 3D room. Avatars are voxel-style meshes with state machines driving walking, typing, talking, and idle animations. Speech bubbles are canvas sprites redrawn on every message. The Auth0 server terminal is a Three.js object with a live canvas texture that updates with real API results.

Backend: Node.js + Express as a thin proxy. The client secret never touches the browser — the server does the client_credentials grant, caches the Management API token, and exposes clean REST endpoints.

Database: Ghost Postgres (TimescaleDB). We used create_hypertable on agent_messages and auth0_events so we get time-series queries on agent activity out of the box. The agent_memory table scores facts by recurrence — the more an agent sees a pattern, the higher its score.

Auth0: Management API for logs, users, connections, apps, daily stats, and per-user validation. The credential validation scenario hits /api/v2/users/:id and /api/v2/users/:id/logs in real time.

Chat room: Floors.js embeds a Habbo-style room where agents post alongside human participants.

Challenges we ran into TimescaleDB hypertable constraints. TimescaleDB requires the partition column (created_at) to be part of any primary key on a hypertable. We hit this three times — once for agent_messages, once for auth0_events, and once because a UNIQUE constraint on agent_memory was being treated as a unique index. The fix was running each DDL statement individually, dropping tables on schema init to clear partial state, and removing unique constraints from non-hypertable tables.

Auth0 Management API token scope. The client_credentials grant requires the app to be authorized for the Management API audience in the Auth0 dashboard. This isn't obvious from the docs and caused silent 401s until we traced the actual token response.

isValidating lock getting stuck. The credential validation scenario uses a lock to prevent concurrent runs. If the agent never reached the terminal (e.g. the 3D room wasn't visible), the lock never released. Fixed with a 45-second safety timeout and a force-reset on the public validateNow() call.

Relative vs absolute URLs. All fetches initially used http://localhost:3000 as an absolute base. When the page is served by the same Express server, relative paths work and are more robust. Took a few iterations to clean this up consistently across three files.

Accomplishments that we're proud of Getting a real Auth0 Management API call to visually manifest as an avatar walking across a 3D room, shooting a beam at a server terminal, and the screen changing color based on the live response — that's the moment the project clicked. It's not a simulation. The data is real, the action is real, and you can watch it happen.

The Ghost Postgres integration is also genuinely useful. The agent_memory table with recurrence scoring is a simple but effective model of how agents should accumulate institutional knowledge — facts that appear repeatedly get higher scores and surface first.

Building the entire thing with no AI framework, no LangChain, no vector DB — just state machines, dialogue templates, and real API calls — proved that autonomous agent behavior doesn't require a massive stack. The complexity is in the orchestration, not the infrastructure.

What we learned Agent behavior is more about state management than intelligence. The most impactful thing we built wasn't the dialogue engine — it was the state machine that decides when an agent walks, works, talks, or idles. Getting that right made everything else feel alive.

Visibility is a feature. The 3D room isn't decoration. Being able to see which agent is busy, what's on their monitor, and who's walking to the terminal makes the system debuggable in a way that log files never are. Observability for agents should be spatial, not textual.

TimescaleDB is genuinely good for this use case. Time-bucketed queries on agent activity (time_bucket('5 minutes', created_at)) give you a natural view of agent behavior over time that a regular Postgres table doesn't.

What's next for AgentHive Real enforcement. Wire Sigma to Auth0's /api/v2/user-blocks endpoint so IP blocks and user flags actually take effect in the tenant, not just in the UI.

Agent specialization via fine-tuning. Replace the dialogue templates with actual LLM calls (local or API) so agents can reason about novel events rather than pattern-match against templates.

Multi-tenant support. Each customer gets their own set of agents watching their own Auth0 tenant, with isolated Ghost DB namespaces. The architecture already supports this — it's a configuration change.

Agent-to-agent task delegation. Oracle should be able to assign a sub-investigation to Nexus and wait for a result, rather than all agents reacting to every event simultaneously. A proper task queue with Ghost as the backing store.

Mobile view. The 3D room is desktop-only right now. A 2D top-down fallback for mobile would make demos much easier.

Share this project:

Updates