Sentinel-AI

screenshot of output

Inspiration

In modern DevSecOps, Site Reliability Engineers face a significant challenge: balancing the rapid response required during incidents with the strict access controls demanded by security protocols. Often, rapid resolution requires maintaining standing privileges, which introduces security vulnerabilities. Conversely, enforcing strict access controls can delay critical interventions. As autonomous AI agents become more prevalent, the risk of granting unsupervised write access to production systems increases. Our objective was to engineer an autonomous response system that operates at machine speed while remaining strictly governed by Zero-Trust security principles.

What it does

Sentinel-AI functions as a Zero-Trust Autonomous Site Reliability Engineer. Upon detecting an anomaly, such as a latency degradation linked to a specific commit, the agent initiates our Triple-Lock Protocol as a first responder.

Quarantine: Immediately isolates the affected repository branch to prevent further systemic impact.
Analyze and Notify: Evaluates the impact scope of the anomalous commit and dispatches automated diagnostic reports to the engineering team.
CIBA Intercept: When the agent determines a rollback is necessary, it requests an elevated token. Based on our Zero-Trust architecture, this request is initially denied. The system then initiates an Auth0 Client-Initiated Backchannel Authentication (CIBA) workflow, pushing an approval request to the authorized administrator's mobile device.
Resolution: The Auth0 platform only releases the required execution token to the autonomous agent after the administrator provides biometric verification, ensuring a strict human-in-the-loop security measure before any destructive action is taken.

How we built it

🔐 Core Integration: Auth0 Token Vault

To ensure strict Zero-Trust, Sentinel-AI does not store any third-party API keys (GitHub, Slack) locally. We fully implemented Auth0 Token Vault. When the ReAct Engine needs to execute a tool, it makes a secure API request to the Auth0 Token Vault via the Management API to dynamically retrieve the specific credentials required for that action, alongside using CIBA for step-up biometric approvals.

Reasoning Engine: We integrated Google's Gemini 2.5 Flash to provide high-speed, deterministic decision-making capabilities.
Authentication Vault: We utilized Auth0 to manage API access, specifically leveraging the Token Vault for secure credential storage and the CIBA grant type to facilitate secure, out-of-band mobile approvals.
Tool Integrations: We developed custom Python modules to interface securely with the GitHub API for version control operations and the Slack API for incident communication.
Execution Interface: We implemented a comprehensive terminal interface using the Python Rich library to provide real-time visibility into the agent's reasoning and execution processes.

Challenges we ran into

Our primary technical hurdle involved instability within standard AI agent frameworks. Initial implementations relying on established libraries encountered persistent version conflicts and internal routing failures, specifically when attempting to inject dynamic system prompts.

To guarantee reliability, we bypassed these generic frameworks entirely. We engineered a proprietary ReAct (Reasoning and Action) execution loop natively in Python. This custom architecture parses deterministic JSON outputs from the LLM, maps them securely to local execution tools, maintains operational context, and brokers all Auth0 Token Vault requests. This engineering pivot resulted in a highly stable, performant execution environment.

Accomplishments that we're proud of

Designing and deploying a custom execution engine tailored for reliability, avoiding the overhead and instability of generic AI frameworks.
Successfully integrating the Auth0 Token Vault and CIBA flows to securely halt an autonomous execution loop pending verified, biometric human authorization.

What we learned

We validated that the utility of autonomous agents is directly proportional to the strength of their security guardrails. By architecting the AI as an untrusted client requiring step-up authentication for high-risk actions, we demonstrated that rapid autonomous remediation and strict enterprise security standards can successfully coexist.

What's next for Sentinel-AI

Future iterations will expand tool integrations to support infrastructure rollbacks across AWS and Google Cloud environments. We also intend to integrate interactive Slack components for streamlined administrative approvals and implement dynamic, severity-based Role-Based Access Control (RBAC) utilizing Auth0.

Bonus Blog Post: Engineering the Human-in-the-Loop Intercept

The most difficult part of building an autonomous agent isn't the "automation"—it is the "trust." When we started Sentinel-AI, we were obsessed with the idea of a machine that could fix production outages faster than a human. However, we quickly realized that speed without a "Token Vault" is just a faster way to break things.

Our biggest technical hurdle came halfway through the hackathon. We were using a standard AI agent framework that promised to handle everything. But every time we tried to implement a security "pause"—a moment where the AI stops to wait for a human to tap "Approve" on their phone—the framework would crash. It wasn't designed for a Zero-Trust world where an LLM is denied permission by default.

This led to a grueling 4-hour pivot where we stripped out the framework and built our own Custom ReAct Engine. By doing this, we turned the Auth0 Token Vault and CIBA flow into the heart of the application. We engineered a logic where the AI carries no standing privileges. It must pull from the vault, argue its case, present its blast-radius analysis, and then wait. Seeing the terminal pause, trigger a biometric push notification to a physical iPhone, and only then resume the rollback was the "eureka" moment of our project. We learned that the most powerful tool in an SRE’s arsenal isn't just a smart AI—it's a secure, human-gated vault that keeps that AI in check.

Built With

auth0
gemini-2.5-flash
github-api
python
slack-api

Submitted to

Authorized to Act: Auth0 for AI Agents

Created by

Role: Lead Software Engineer & Security Architect

Contribution:-
Custom Engine: Architected the Python ReAct loop to replace unstable AI frameworks.
Auth0 Security: Integrated the CIBA workflow for biometric human-in-the-loop approvals.
Core Logic: Developed the "Triple-Lock Protocol" for autonomous quarantine and rollback.
Integrations: Built the GitHub and Slack API toolsets for real-time incident response.

Aman Kumar
Btech Class of 24' ECE Core interested in linux kernels and embedded system

Updates

Aman Kumar started this project — Apr 04, 2026 04:03 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.