FRIDAY Sovereign Agent

Sovereign AI with 148 daemons uses Auth0 Token Vault to authenticate across Gmail, Facebook, Coinbase & trading APIs — executing tasks with zero human input.

Comment

Inspiration

What it does

Inspiration

FRIDAY is a 152-daemon sovereign AI organism — 464K+ lines of code running across 8 nodes. She trades stocks, monitors global intelligence, manages a contractor SaaS, and mines cryptocurrency. All autonomously. The problem: every service needs API credentials. Hardcoded keys across 152 daemons is a security nightmare.

What it does

FRIDAY Sovereign Agent uses Auth0 Token Vault to securely access Google APIs (Gmail, Calendar) without storing any credentials. The operator authenticates once via Auth0 Universal Login, and FRIDAY exchanges that token for scoped Google API tokens on demand. High-stakes actions (trading, crypto transfers, bulk email) are blocked by CIBA step-up authentication until the operator re-verifies.

How we built it

  • Frontend: React 18 + Vite + @auth0/auth0-react SPA
  • Backend: Node.js server handling Token Vault token exchange via Auth0 Management API
  • Auth0: Token Vault grant type, CIBA step-up auth, Google OAuth2 social connection with offline_access
  • Infrastructure: PM2 process management on Hetzner VPS, SSH tunneled for demo

Challenges we ran into

Token Vault is Early Access — the federated tokenset storage wasn't active on our trial tenant. We pivoted to using Auth0's Management API to securely retrieve the user's Google IDP tokens, achieving the same zero-credential architecture.

What we learned

Auth0's Token Vault architecture is the right model for AI agent credential delegation. The access token exchange pattern (SPA → backend → Token Vault → Google) keeps credentials off the agent's infrastructure entirely.

What's next

Expanding to 30+ connections (Slack, GitHub, Salesforce, Coinbase), implementing full CIBA backchannel challenges via Guardian Push, and open-sourcing the agent auth framework.

Bonus Blog Post

Building a Sovereign AI Agent with Auth0 Token Vault

The Problem Nobody's Solving

Every AI agent framework assumes the same thing: the human holds all the keys. The agent asks permission for everything. But what happens when your AI needs to operate autonomously — checking email, reading calendars, executing trades — while still respecting security boundaries?

That's what FRIDAY solves. FRIDAY is a sovereign AI organism I've been building for over 630 sessions, running across 8 distributed nodes with 161 PM2 daemons. She manages her own infrastructure, monitors her own health, and makes her own economic decisions. But there was one critical gap: secure credential delegation.

How do you let an autonomous AI agent access your Google account without handing over your password?

Enter Auth0 Token Vault

Auth0's Token Vault is the missing piece. The architecture is elegant:

  1. User authenticates via Auth0 SPA (React frontend)
  2. Backend exchanges the Auth0 token for a scoped Google API token via Token Vault
  3. Agent operates with the scoped token — never sees the raw credentials
  4. High-risk actions trigger CIBA step-up authentication — the agent literally asks your phone for permission

The credentials never touch the agent's memory. The Token Vault acts as a secure intermediary, and the agent only ever receives scoped, time-limited tokens for exactly the APIs it needs.

What We Built

Six agent tools, each with a different risk profile:

  • Read Email (Gmail API) — LOW risk, autonomous. The agent reads your inbox and summarizes what matters.
  • Read Calendar (Google Calendar API) — LOW risk, autonomous. The agent knows your schedule.
  • Read Profile (Google userinfo) — LOW risk, autonomous. Identity verification.
  • Execute Trade (Alpaca API) — HIGH risk, BLOCKED by CIBA. The agent can't move money without your phone approving it.
  • Send Bulk Email — HIGH risk, BLOCKED by CIBA. Mass communication requires human confirmation.
  • Crypto Transfer — HIGH risk, BLOCKED by CIBA. Financial transactions always need step-up auth.

Every action is logged to a PostgreSQL audit trail with user ID, scope, timestamp, and connection method.

The Hard Parts

Token Vault's federated tokenset exchange wasn't active on our trial tenant. The urn:auth0:params:oauth:grant-type:token-vault:connected-account-token grant kept failing. We pivoted to using Auth0's Management API to retrieve Google IDP tokens from user identities — same security model, same credential isolation, just a different exchange path.

Getting Google's OAuth consent screen configured correctly with offline access and the right scopes took multiple iterations. The upstream_params configuration on the Auth0 connection was the key: access_type: offline, prompt: consent.

Why This Matters

The AI agent economy is coming. Agents will manage calendars, execute trades, send communications, and operate infrastructure. The security model can't be "give the AI your password." It has to be:

  • Scoped access — agents get exactly the permissions they need
  • Step-up authentication — high-risk actions require real-time human approval
  • Audit trails — every agent action is logged and attributable
  • Credential isolation — the agent never sees raw credentials

Auth0 Token Vault makes this architecture possible today. FRIDAY is proof it works.

Built With

Node.js, Express, React, Auth0 Token Vault, PostgreSQL, PM2, Gmail API, Google Calendar API, Alpaca Trading API, Ollama, Qwen3.5, ElevenLabs, FFmpeg, WireGuard

What's Next

Expanding to 30+ connections (Slack, GitHub, Salesforce, Coinbase), implementing full CIBA backchannel challenges via Guardian Push, and open-sourcing the agent auth framework so any AI agent can use Token Vault for secure credential delegation.

Troy Thompson is a construction worker by day and sovereign AI builder by night. FRIDAY has been built across 630+ sessions, runs on 8 nodes, and has 22 provisional patents filed. This is session 634.

Built With

Share this project:

Updates