-
-
App Logo
Inspiration
For my inspiration, I mainly used my college mates. Alot of them are split between using AI and not using AI as many of them don't trust them fully. Esepcially with the many different incidents online of agents accidently deleting their entire repo or leaking secrets.
That’s when I realized we needed a better approach. Instead of forcing an all-or-nothing choice, I decided to make VaultDefender. A secure AI agent assistant that gives users the ability to have full control over what the AI can actually access and do.
What it does
VaultDefender is a secure AI agent assistant for GitHub that gives users fine-grained control. It allows user to connect an AI coding agent without granting it full repo access.
Instead, users define exactly: Which repositories the AI can touch Which path prefixes (e.g. /src/, /docs/) are allowed Which actions are permitted (reading files, reviewing PRs, creating branches, editing code, etc.)
The app also has risk detection, where allowed safe actions run automatically, but high risk actions need physical human approval, and anything outside the rules is blocked instantly. Meanwhile, all activity is logged in a clear audit page, so users always know what happened and why.
How we built it
VaultDefender was built by layering a custom policy engine on top of secure authentication. For more details:
Authentication: Users sign in with GitHub through Auth0. Auth0’s Token Vault securely manages and refreshes tokens on the user’s behalf — the app never stores raw GitHub tokens, reducing risks.
Boundary Setting: Users explicitly define allowed repositories, path prefixes, and actions via an intuitive interface.
Policy Engine: Every AI request is intercepted and evaluated in real time against four checks:
- Is the repository allowed?
- Is the path allowed?
- Is the action permitted?
- Is it risky enough to require user approval?
Execution & Logging: Allowed actions execute. Risky ones prompt for approval. Violations are blocked before reaching GitHub. Everything is recorded in the audit log with the policy decision and reason.
Challenges we ran into
We faced multiple problems, such as: Designing a fast, reliable policy engine that could evaluate repo + path + action rules without adding noticeable latency to the AI chat experience.
Working with GitHub’s permission model (OAuth scopes and fine-grained tokens) while adding even stricter path-level controls on top.
Ensuring Token Vault integration remained secure and seamless, avoiding any direct exposure of credentials to the AI layer.
Working with github permissions and Auth0 permissions so VaultDefender Can comfortably access user accounts.
Creation of the audit log,
Accomplishments that we're proud of
I am super proud to have been able to create a working MVP for the hackathon. Not to mention learning alot of new stuff that beforehand I had minimal knowledge with.
Being able to successfuly integrate Auth0 Token Vault for secure, delegated GitHub access without ever storing raw tokens has is absolutely one of my favorite things about the app. While creating a working central policy engine that sets boundaries with allowed vs. blocked behavior has been actually fun.
Most importantly, I created a practical, privleages focused solution to a real and timely security problem in AI agents.
What we learned
Other than learning alot about the more technical aspects of auth0 and how to set up and use an AI agent, this project reinforced how fine grained authorization and least privilege needs to become more promimenet in the era of autonomous AI agents. Broad scopes are no longer safe.
Gaining hands on experience with Auth0 Token Vault and noticing firsthand how combining robust auth infrastructure with custom policy logic creates powerful, trustworthy systems.
I also learned the importance of keeping the human in the loop for high risk actions. It builds far more confidence than pure automation.
Finally, I also realized that auditing isn’t just a nice thing to have, it should be essential for user trust.
What's next for VaultDefender
Looking forward, I plan to:
Expand supported GitHub actions and add deeper integrations with popular AI coding platforms.
Introduce team and organization-level policies for collaborative use.
Enhance risk detection with more intelligent heuristics.
Explore additional providers beyond GitHub using the same Token Vault pattern.
-Make files actually editable with the tool
Our long-term vision is to make VaultDefender the standard for securely connecting AI agents to codebases.
Blog post
In my univeristy, I noticed a clear divide among my college friends: some embraced AI coding agents, while others avoided them entirely. The reason? Scary stories of agents accidentally deleting entire repositories or leaking secrets. Instead of an all-or-nothing choice, I built VaultDefender — a secure AI agent assistant that puts users firmly in control.
VaultDefender lets you connect any AI coding agent to GitHub with fine-grained boundaries. You decide exactly which repositories it can access, which path prefixes (like /src/ or /docs/) are allowed, and which actions are permitted — from reading files and reviewing PRs to creating branches or editing code.
Safe actions run automatically. High-risk ones require your explicit approval. Anything outside the rules is blocked instantly. Every activity is transparently logged in an audit trail, so you always know what the AI did and why.
The architecture is built on Auth0’s Token Vault for secure, delegated access. The app never stores raw GitHub tokens. A custom policy engine intercepts every AI request and evaluates it in real time against repository, path, action, and risk rules before exchanging just-in-time credentials.
The biggest challenges were keeping policy checks fast enough for a smooth chat experience, as having too many guardrails would have each chat take too mcuh time.
I’m proud to have shipped a working MVP that turns a real security problem into a practical solution, while the Token Vault integration is the achievement I am most proud of. VaultDefender uses Auth0 Token Vault so the app never stores raw GitHub tokens itself.
Instead, every tool call goes through a policy engine first, and only then does the system request just-in-time delegated access for the specific operation. That architecture made it possible to separate provider-level GitHub permissions from VaultDefender’s own app-level rules, which was one of the hardest parts of the project.
It also helped surface an important real-world challenge: read access and write access do not behave the same way, so the app needed clearer scope-aware prompts and approval boundaries for sensitive actions.
This project showed me that in the age of AI agents, fine-grained authorization isn’t optional. They are needed.
Next steps include deeper AI platform integrations, team/org policies, smarter risk detection, and expanding beyond GitHub using the same Token Vault pattern.
Log in or sign up for Devpost to join the conversation.