SentryVault AI

A zero-trust AI assistant using Auth0 Token Vault to bridge sovereign AI and third-party apps securely. No credential leaks, just granular, user-authorized actions via Gmail.

Comment

Inspiration

With only 17 hours left on the clock, I decided to dive into the Auth0 for AI Agents Hackathon. As someone new to this specific stack, my inspiration was simple: Could I take a high-level security concept (Token Vault) and a professional AI Framework (LlamaIndex) and build a working, secure prototype in less than a day? I wanted to prove that "Zero-Trust" doesn't have to mean "Slow-to-Build."

What it does

SentryVault AI is an AI Executive Assistant that operates on a Zero-Trust model. It can analyze student data or professional schedules locally, but it cannot "reach out" to the internet unless it uses the Auth0 Token Vault. When a user asks to send an email, the agent fetches a temporary, scoped OAuth token from Auth0. This ensures the AI never sees the user’s real password and only has permission to perform the specific task requested.

How we built it

To move fast, I leveraged the official Auth0 "Teacher Assistant" tutorial repository. I used it as a foundational "engine" to understand the Token Exchange flow. However, I didn't just copy-paste; I pivoted the entire logic transforming a classroom-focused tool into SentryVault AI, a restricted Executive Assistant. I swapped out the default LLM for Groq (Llama 3.3 70B) to achieve near-instant response times but due to free tier constraints had to finally use Gemini 3 flash and moved the development environment into GitHub Codespaces for a cloud-native workflow.

Challenges we ran into

Starting with less than 20 hours meant there was zero room for error. My biggest hurdle was "Dependency Hell" when trying to upgrade the tutorial's LlamaIndex core to support the new Groq provider. I spent nearly 3 hours fighting Poetry version conflicts and configuring public port forwarding in Codespaces so that Auth0's callback URIs could reach my local server. It was a high-stakes lesson in environment management!

Accomplishments that we're proud of

I successfully implemented a full Token Exchange (Federated Connection) flow. It is incredibly satisfying to see a "restricted" agent successfully send a real-world email via the Gmail API without ever having the Gmail credentials hardcoded in the environment or known to the LLM itself. This is my blog post

What we learned

I learned that Token Vault is the missing piece for AI Agent security. Moving from "System-level API keys" to "User-level delegated tokens" changes the entire security model of Generative AI, making it safe for enterprise and personal use. I also learned how to swap LLM providers (from OpenAI to Groq to HuggingFace Inference APi to Gemini)while maintaining strict LlamaIndex tool-calling logic.

What's next for SentryVault AI

The next step is implementing Step-up Authentication for high-stakes actions. For example, if the AI wants to delete a folder or send an email to a CEO, the system should trigger an Auth0 CIBA flow to ask for a "Push-to-Verify" on the user's phone before the Token Vault releases the final access token.

Bonus Blog Post

Hackathons are usually marathons, but for me, the “Authorized to Act” challenge was a 17-hour sprint. I joined with less than a day to go, a fresh GitHub Codespace, and a big question: Is it actually possible for a beginner to secure an AI agent without a PhD in OAuth?

Standing on the Shoulders of Giants To beat the clock, I started with the Auth0 “Teacher Assistant” tutorial repo. Tutorials are great for “Hello World,” but I wanted to push the boundaries. I spent the first few hours gutting the “Teacher” logic and re-wiring it into SentryVaultAI zero-trust assistant designed for professionals who want the power of AI without the risk of credential leaks.

The 3 AM “Dependency Hell” The mid-point of my 17-hour journey was a battle with Python's package manager. Trying to integrate the Groq Llama-3.3–70B model into a repository built for OpenAI was a crash course in library compatibility. But again Groq didnt work either due to free tier constraints so I had to finally use Gemini. I had to "hit the hammer" on the dependencies, forcing a LlamaIndex upgrade while maintaining the delicate Auth0 FastAPI connection.

The Insight: Speed vs. Security Often, developers trade security for speed. We hardcode API keys because “we’re in a hurry.” But what I learned in these 17 hours is that Auth0 Token Vault actually saved me time. Instead of building my own encrypted database to store user refresh tokens, I let Auth0 handle the “Vaulting.” It allowed me to move from a “Teacher Assistant” to a “Secure Gmail Agent” in a single afternoon.

Conclusion If I could build a secure, delegated AI agent in 17 hours starting from a tutorial, there is no excuse for “unprotected” agents in the real world. The tools are here. The identity layer is ready. The future of AI isn’t just about what the agent knows it’s about what the user authorizes.

Share this project:

Updates