-
-
Hub: Unified GitLab, Slack, and Calendar management using Auth0 Token Vault for zero-trust security.
-
Safety First: Automated high-risk detection requiring mandatory human verification.
-
Full Visibility: Side-by-side workflow execution and tamper-proof audit logging.
-
Trust Verified: Audit logs confirming secure, delegated token usage for every action.
-
Instant Alerting: Critical GitLab incident summaries delivered to Slack in seconds.
Inspiration
AI agents are becoming capable of taking real actions across tools like GitLab, Slack, and Google Calendar.
However, most implementations rely on storing credentials or granting overly broad access, introducing serious security risks.
We were inspired by a key gap:
AI can act, but it cannot act safely, transparently, and under user control.
Luvira Guardian was built to prove that AI systems can operate with zero stored credentials, explicit approval, and full traceability.
What it does
Luvira Guardian is a secure AI incident response agent that automates workflows across GitLab, Slack, and Google Calendar in under 60 seconds.
What typically takes engineers 30–60 minutes of manual coordination across multiple tools is reduced to a single, structured, user-approved workflow.
Instead of storing credentials, it uses Auth0 Token Vault to retrieve short-lived delegated tokens for each action.
Before execution, the system generates a Permission Contract, allowing users to:
- see exactly what actions will occur
- understand which permissions are used
- approve or modify the workflow
Once approved, the agent:
- retrieves incident data from GitLab
- generates a summary
- sends a Slack notification
- schedules a follow-up meeting
Every action is recorded in a structured audit trail, ensuring 100% traceability and accountability.
How we built it
Frontend
- React / Next.js interface
- Displays connected services, scopes, Permission Contract, and execution timeline
- Handles approval and high-risk verification
Backend
- FastAPI orchestration engine implementing:
observe → preflight → reason → permission contract → act → trace - Executes workflows using delegated tokens from Auth0 Token Vault
- Enforces zero-local-secrets architecture
- Produces structured audit logs and controlled error states
Auth0 Integration
- Authentication and identity
- Connected accounts (GitLab, Slack, Google Calendar)
- Token Vault for delegated execution
- Step-up authentication for high-risk actions
We also built controlled demo scenarios to simulate failures like connection_lost and partial_success.
Challenges we ran into
The biggest challenge was ensuring security at the architecture level, not just the UI.
We had to:
- prevent tokens from entering the AI reasoning layer
- strictly separate reasoning from execution
- enforce zero credential storage
Another challenge was designing a Permission Contract that communicates complex security concepts instantly.
Accomplishments that we're proud of
- Reduced incident response from 30–60 minutes to under 60 seconds
- Achieved zero stored credentials across the system
- Built real delegated execution using Auth0 Token Vault
- Designed a Permission Contract UX for transparent AI actions
- Delivered end-to-end automation across multiple services
- Ensured 100% user-approved and auditable execution
Impact
Impact Comparison
| Metric | Before Luvira | With Luvira Guardian | Improvement |
|---|---|---|---|
| Coordination Time | 45 minutes | 58 seconds | 97.8% faster |
| Tool Context Switching | 3–5 switches | 0 switches | 100% reduction |
| Security Risk | Manual credential handling | Zero-Local-Secrets architecture | Risk eliminated |
Strategic Impact
Efficiency
Reducing coordination time from 45 minutes to 58 seconds transforms incident response into a single, structured workflow enabling time compression at scale.
Focus
Eliminating context switching (GitLab → Slack → Calendar) allows engineers to return to deep work immediately.
Response Clarity
Luvira Guardian converts raw incident data into structured, real-time alerts delivered via Slack, including summaries, priority levels, and context. This eliminates ambiguity during incidents and ensures teams have a single, consistent source of truth for coordination.
Security
Using Auth0 Token Vault with a Zero-Local-Secrets architecture eliminates credential leakage risk, enabling secure automation without compromising compliance.
What we learned
We learned that the real challenge in AI systems is not intelligence, it’s trust and control.
Key insights:
- Automation without visibility creates risk
- Users must approve actions explicitly
- Security must be enforced at the architecture level
- Delegated authorization is essential for safe AI systems
Speed alone is not enough, it must be paired with control and transparency.
What's next for Luvira Guardian
Next, we plan to:
- expand integrations beyond GitLab, Slack, and Google Calendar
- introduce advanced workflow customization
- enhance Permission Contracts with policy controls
- improve real-time monitoring and alerting
Our goal is to define a new standard where AI systems can act fast, safely, and under full user control reducing hours of work into seconds without compromising security.
Log in or sign up for Devpost to join the conversation.