DevContext

Inspiration

AI agents need access to developer tools -- GitHub, Calendar, Slack -- but giving them static API tokens is a security nightmare. No scoping, no expiration, no audit trail. We built DevContext to prove that AI-powered developer tools can be both useful AND secure.

What it does

DevContext is an AI developer assistant that provides morning briefings from GitHub (PRs, commits, notifications), Google Calendar (meetings, schedule), and Slack (unread messages, channel summaries). All API access is secured through Auth0 Token Vault -- every token is scoped, time-limited, and exchanged via RFC 8693.

Key features:

Token Vault Integration: No static tokens. The AI requests scoped credentials on-demand via token exchange.
Permission Control Center: Users can revoke/re-enable AI access to any service instantly, without disconnecting their account. Three states: Connected (green), Revoked (amber), Not Connected (gray).
Real-time Tool Call Transparency: Every tool call appears as a live status indicator -- color-coded by provider (GitHub=white, Calendar=blue, Slack=purple).
Complete Audit Trail: Every token exchange and permission check is logged with timestamps, endpoints, and grant/deny status.

How we built it

Auth0 Token Vault for secure OAuth token storage and RFC 8693 token exchange
@auth0/ai-vercel SDK for Token Vault integration in Vercel AI SDK tools
Next.js 16 with App Router and server components
Vercel AI SDK v6 with multi-step tool calling and structured streaming
Claude / Gemini as the AI backbone (configurable)
8 tools across 3 services, each going through permission check + Token Vault pipeline

Challenges we ran into

The @auth0/ai-vercel SDK uses AsyncLocalStorage, requiring setAIContext() in the API route before any tool execution
getAccessTokenFromTokenVault() returns a string directly, not a TokenSet object -- subtle but critical
Building a permission override layer on top of Token Vault that doesn't interfere with the underlying OAuth connections

What we learned

Token Vault's RFC 8693 exchange model fundamentally changes the trust equation -- the AI never holds persistent credentials
The gap between "connected" and "AI can access" is an important UX distinction most apps skip
Structured streaming (toDataStreamResponse) enables real-time tool call visibility that builds user trust

What's next

Persistent permission storage (currently in-memory)
More integrations: Jira, Linear, Notion
Webhook-based real-time notifications
Team-level permission policies

Blog Post: How Auth0 Token Vault Changes the Trust Model for AI Agents

Submitted for the Bonus Blog Post Prize

Read the full post: https://dev.to/diven_rastdus_c5af27d68f3/how-auth0-token-vault-changes-the-trust-model-for-ai-agents-2dkc

When building DevContext, the core architectural decision wasn't which LLM to use or how to design the chat UI. It was how to give an AI agent access to a user's GitHub, Calendar, and Slack without storing raw API tokens in environment variables.

The naive approach (hardcode a PAT, pass it to the agent) fails on four fronts: no scoping, no expiration, no audit trail, no revocation. Token Vault solves all four by acting as an intermediary that handles OAuth flows, stores tokens securely, and issues scoped, short-lived access to the AI agent.

In DevContext, every tool call goes through Token Vault. When the agent needs to read GitHub PRs, it requests a scoped token from Token Vault, uses it for that single operation, and the token expires. The user sees every token exchange in the Permission Control Center and can revoke access per-provider at any time.

This changes the trust model fundamentally: instead of "trust the agent with everything," it becomes "trust the agent with exactly what it needs, for exactly as long as it needs it, with full visibility."

The result is an AI assistant that users actually feel comfortable connecting to their real accounts, not just demo accounts.