-
-
Real-time dashboard showing active AI agents, connected accounts, and a live audit log of all authorized actions within the Vouch system.
-
Secure GitHub connection via Auth0 for AI Agents. Credentials stay in the Token Vault so the LLM never touches a raw secret key.
-
Terminal demo of the Vouch SDK. The agent executes scoped GitHub actions while the policy engine ensures human-in-the-loop security.
Inspiration
The idea for Vouch came from watching how developers interact with modern AI coding agents like Cursor and OpenClaw. To make these tools useful, we are currently forced into a dangerous security trade-off: handing over raw GitHub Personal Access Tokens to an LLM. While we want the productivity gains, we are creating a massive vulnerability. If an agent is compromised or misbehaves, your entire digital identity is at risk. I built Vouch to prove that we can have capable AI agents without ever exposing our private keys.
What it does
Vouch acts as a security layer between an AI agent and a user's sensitive accounts. Instead of giving the agent a token, the agent is given a restricted environment where it can only request outcomes. Vouch intercepts these requests, checks them against a pre-defined policy file, and then uses the Auth0 Token Vault to execute the action on the agent's behalf. This ensures that the agent stays productive while the actual credentials remain safely vaulted and invisible to the AI.
How we built it
The core of the system is built on a Node.js and Express backend that manages the policy engine. The frontend is a React-based dashboard that provides a real-time audit log of every action an agent attempts. For the identity and credential management, I integrated Auth0 for AI Agents and the Auth0 Token Vault. This allowed me to delegate the high-stakes task of token storage and refresh logic to a proven identity platform while I focused on the logic of agent authorization.
Challenges we ran into
The most difficult part of the build was the technical "handshake" between the various identity components. Coordinating the Auth0 Token Vault with a machine-to-machine connection for the agent required a deep dive into the technical documentation. I spent a significant amount of time ensuring that the offline access scopes and refresh tokens functioned correctly so that the agent could maintain a long-running session without requiring constant human re-authentication.
Accomplishments that we're proud of
I am particularly proud of the real-time feedback loop. When an agent attempts a restricted action in the terminal, seeing a "Pending Approval" status appear instantly on the web dashboard is a major milestone. It moves the concept of "Human-in-the-Loop" from a theoretical idea to a functional, responsive reality that doesn't significantly slow down the development process
What we learned
This project shifted my perspective on AI security. I realized that the true perimeter for AI is not a firewall, but identity delegation. Building with the Auth0 Token Vault taught me how to effectively separate the right to perform an action from the possession of a credential. This architecture is the only way to scale AI agents in a way that enterprises and security-conscious developers can actually trust.
What's next for Vouch: Secure AI Agent Authorization
The next step for Vouch is expanding the policy engine to support more granular, context-aware permissions. I plan to integrate more third-party services beyond GitHub, such as Linear and Stripe, to create a universal "Authorization Gateway" for AI agents. The goal is to make secure, vaulted identity the standard for every agentic workflow.
Bonus Blog Post
The End of the API Key Era By Anish Shirodkar
I want to talk about a conversation that happens hundreds of times a day across engineering teams right now. A developer gives an AI coding agent access to their GitHub repository by pasting a Personal Access Token into a config file. The agent starts working and nobody stops to think about the long term implications of what just happened. That token now lives in a place where it likely should not stay. It might be in a hidden dotenv file that accidentally gets committed or buried in a log file on a machine that does not belong to the user.
This is a dangerous pattern that we have inherited from a pre-agentic world. While human developers usually act within certain social and technical boundaries, AI agents are fundamentally different. They run continuously and they touch dozens of files across multiple automated actions. A single leaked token combined with an agent that has no scope constraints is a silent disaster waiting to happen. I built Vouch to fix this problem specifically because I believe the fix is only possible through a dedicated identity layer like the Auth0 Token Vault.
The real breakthrough during this build was realizing that Token Vault changes the entire trust model for the developer. Instead of giving the agent a credential to hold, the agent simply requests an outcome. When my Cursor agent wants to create a branch, it sends an authenticated request to the Vouch API. My system then checks the request against a .vouch.yml policy file that I control. If the action is allowed, the backend calls the Token Vault to execute the action. The token is used for that specific task and then discarded. The agent never actually sees it or touches it.
This architecture is what enterprise AI adoption actually needs to move forward. It allows an external agent running on a contractor's machine or a cloud server to execute scoped actions on a private repository without a secret ever crossing an organizational boundary. You keep the audit trail and you keep the control. During the development process, I learned that moving from a model of possession to a model of delegated intent is the only way to let agents be powerful without making them dangerous. This project is my proof of concept for that future of sovereign AI where humans remain the ultimate authority.
I also discovered that the "Step-Up" authentication flow is the missing link in autonomous AI. By forcing a human approval for sensitive actions like deleting a branch or merging to the main production line, we create a safety net that does not exist in standard OAuth flows. This means I can trust an agent to do 90 percent of the grunt work while knowing I am the only one who can pull the trigger on a major change. This project is not just about keeping keys safe; it is about keeping AI accountable.
Log in or sign up for Devpost to join the conversation.