TokenVault Guardian

An institutional risk engine using Auth0 CIBA and LangGraph to mathematically constrain Web3 agents via out-of-band mobile push authorization.

Comment

Inspiration ๐Ÿ’ก

The biggest unresolved threat in autonomous infrastructure today is the reliance on hyper-vulnerable, static .env API keys. Currently, if an AI agent is instructed to execute a high-value financial transaction, it does so blindly. If the underlying LLM hallucinates, prompt-injected, or goes rogue, it drains the wallet. We recognized that true global adoption of autonomous agents requires institutional-grade constraints. We needed a way to physically separate execution privileges from reasoning intent.

What it does ๐Ÿš€

TokenVault Guardian is an institutional risk management engine that introduces a concept we call the Dual-Factor Authorization Pipeline. When our custom LangGraph trading agent detects the intent to rebalance a high-value Treasury, it is mathematically incapable of doing so autonomously. Instead, the agent forcefully halts its execution thread and delegates entirely to the Auth0 Token Vault. Utilizing the CIBA (Client-Initiated Backchannel Authentication) flow, the Vault immediately bypasses the compromised terminal and shoots a strict push notification directly to the remote Risk Officer's mobile device via Auth0 Guardian. The agent physically pauses in memory while it rigorously polls the Vault. Only once the human physically taps Approve on their hardware device does the Vault release the ephemeral execution scope (execute_transfer). To enforce strict "Four-Eyes" consensus, the LangGraph node then requires a final click on the Terminal UI before it connects to Base Sepolia via Viem to mathematically sign the EIP-712 cryptographic payload.

How we built it ๐Ÿ› ๏ธ

  • Frontend Engine: Built an institutional Bloomberg-style dashboard using Next.js (App Router), React, and Tailwind CSS.
  • Agent Architecture: Engineered the cognitive decision engine using LangGraph.js, expressly utilizing .compile({ interruptBefore: [...] }) to suspend execution boundaries.
  • Security Perimeter: Completely decoupled our agent using the Auth0 Token Vault and the @auth0/ai-langchain SDK. We mapped a custom M2M API using the urn:openid:params:grant-type:ciba grant type to achieve true out-of-band mobile verification.
  • Execution Matrix: Integrated Viem to parse the explicitly granted scopes and generate secure Web3 digital signatures on Base L2.

Challenges we ran into ๐Ÿšง

The toughest hurdle was bridging the gap between an asynchronous AI graph state and strict CIBA OAuth specifications. Mapping custom APIs to specific CIBA grants within an isolated Next.js Server Action required careful maneuvering. Furthermore, designing an elegant UI "Consent Panel" that accurately reflected the active polling state of the Auth0 backend in real-time meant tightly engineering our React hooks to watch the Vault webhook status without timing out the client.

Accomplishments that we're proud of ๐Ÿ†

We successfully proved that AI agents do not need static keys to function. We achieved a verified, end-to-end "Authorized to Act" threshold where the LangGraph node is genuinely helpless until an out-of-band human explicitly grants it an ephemeral OAuth scope.

What we learned ๐Ÿง 

We learned just how powerful the CIBA grant is for autonomous logic. Traditional OAuth redirects require a browser windowโ€”which AI agents don't have. CIBA solves the "headless agent" problem perfectly by moving the authentication entirely to the background and the user's secondary device.

What's next for TokenVault Guardian ๐Ÿ”ฎ

Our next step is integrating dynamic Vault scope authorization based on real-time anomaly detection. If an agent tries to transfer $5, it is granted access automatically. If the agent tries to transfer $5M, the Vault triggers the Dual-Factor Authorization Pipeline dynamically.

Built With

Share this project:

Updates