DevGuard

AI-powered CI/CD monitoring agent that acts on your behalf using Auth0 Token Vault — no hardcoded secrets, every action scoped to your identity.

Comment

Inspiration

AI agents are increasingly being used to automate critical engineering workflows — but the way they authenticate today is fundamentally broken. Most agents rely on hardcoded API keys embedded directly in code repositories, shared service accounts with no accountability, and blanket permissions that violate the principle of least privilege. There's no audit trail, no per-user scoping, and no way to revoke access quickly when credentials are compromised.

We wanted to build something that demonstrates what secure AI agent architecture actually looks like in practice — using Auth0 as the identity backbone.

What it does

DevGuard is a secure CI/CD monitoring agent that uses Auth0 Token Vault to eliminate hardcoded credentials from AI agent workflows entirely.

Here's how it works:

  1. Query CI Status — Ask DevGuard to check recent pipeline failures across your monitored repositories.
  2. Identify Issues — The LangGraph agent queries the GitHub Actions API to find failing workflows and extracts error context using Claude Haiku.
  3. Create Tracking — Automatically opens a GitHub issue with detailed failure analysis, stack trace review, and suggested reproduction steps.
  4. Notify Team — Sends a formatted Slack alert to your development channel with urgency level and assignee.

Every action is executed under the identity of the authenticated user — no shared accounts, no secrets in code.

How we built it

DevGuard is built on a layered security architecture:

  • Auth0 Universal Login authenticates engineers with MFA support before any agent action occurs.
  • Auth0 Token Vault stores encrypted OAuth tokens bound to the user session. At runtime, the LangGraph agent retrieves tokens from the Vault — they are never stored in code, config files, or environment variables.
  • LangGraph.js powers the stateful agent workflow, maintaining context across multi-step CI analysis tasks.
  • GitHub REST API is used to query repositories, read workflow run logs, and open issues.
  • Slack API (chat.postMessage) delivers real-time notifications to the team channel.
  • Claude Haiku (Anthropic) analyzes error messages and generates actionable fix suggestions.
  • Next.js serves the frontend UI with server components and API routes.

The key architectural insight: instead of the agent holding credentials, it requests them at execution time from an identity-aware vault. This means access is always tied to a real authenticated session and can be revoked instantly from the Auth0 dashboard.

Challenges we ran into

  • Token Vault integration — Binding agent execution to a user session rather than a static service account required rethinking the agent's request lifecycle. The agent cannot "pre-load" credentials; it must retrieve them on demand.
  • LangGraph state management — Keeping the agent context-aware across multiple tool calls (GitHub → issue creation → Slack) without losing the user identity thread was non-trivial.
  • GitHub Actions log parsing — Extracting meaningful error context from raw workflow logs and passing them to Claude Haiku in a way that produces useful, actionable suggestions took significant prompt iteration.

What we learned

  • Auth0 Token Vault is an underutilized primitive for securing AI agent workflows — it should be the default, not an afterthought.
  • The zero-secrets pattern (runtime retrieval instead of static storage) is achievable today without sacrificing agent performance.
  • AI agents touching production systems need identity, not just capability. Every action must be attributable to a real user or revocable session.

What's next for DevGuard

DevGuard is a deployable blueprint, not just a demo. We see it expanding to:

  • Support for GitLab CI and CircleCI pipelines
  • Multi-agent workflows with scoped per-agent OAuth permissions
  • SOC 2 / compliance reporting mode with exportable audit logs
  • Integration with PagerDuty and Linear for broader incident management ```

🔧 Built With

Auth0 · Auth0 Token Vault · LangGraph.js · Next.js · GitHub API · Slack API · Claude Haiku (Anthropic) · Node.js · React · Vercel

Bonus Blog Post

The same issue affected our case when we began developing DevGuard.
where do you put the credentials ends up being developer eventually.

The unsophisticated solution is environment variables. The answer that is slightly-less-naive is a.
secrets manager. The common failing of both of these approaches, however, is their inherent flaw.
agent still holds the keys. It authenticates itself, and not the user who.
triggered it. The difference may sound scholarly until the time when you are attempting to.
describe to your security team why your CI bot created 47 GitHub issues under a
non-audited shared service account.

Auth0 Token Vault changed our mental model in the opposite direction.

The revelation came with the fact that we ceased to think of the agent as an.
actor and began to consider it as a representative. The agent doesn't own
credentials - it is borrowed by it, at runtime, of a vault that is bound to an.
authenticated user session. Upon termination or revocation of the session, the agent
loses access. Instantly. None of the scripts of credential rotation, no exposed .env files.
to rotate.

The frictionless integration of Token Vault and LangGraph was not an easy one. The trickiest part
was processing the user identity in a multi-step agentic process - through
the Auth0 session, into Vault access call, and all the way to
the GitHub and Slack API is downstream. The invocation of every tool must have carried the.
user context as we do not need to plumb it everywhere manually.

When it did, the pattern seemed self-evident when it was late. Every AI agent
This should be the way touching a production system should be working. DevGuard is our
attempt at making that pattern concrete, forkable and learnable.

Built With

Share this project:

Updates