Zenith

Sovereign Multi-Agent Orchestrator

Comment

Inspiration

The inspiration for ZENITH LIVE came from a critical realization: AI can talk, but it often lacks the authority to act securely. We saw a massive gap in "Trust"—specifically, how agents handle sensitive credentials. We wanted to move beyond "text-in/text-out" silos and build a unified, governed agentic ecosystem where the LLM never "touches" the raw tokens. We envisioned a world where an agent is Authorized to Act only through a secure, delegated handshake.

Evolution

Zenith Live started its journey on February 17, 2026, originally conceived for the Gemini Live Agent Challenge. The initial goal was to build a multimodal "Live Studio." However, as the ecosystem grew, we hit a wall: Security. When the Auth0 "Authorized to Act" Hackathon launched on March 3, we saw the missing piece of our puzzle. We pivoted Zenith from a standalone multimodal agent into a Governed Intermediary Orchestrator. We spent the last few weeks re-engineering our core to integrate the Auth0 Token Vault and OpenFGA, transforming "Creative AI" into "Authorized AI."

What it does

ZENITH LIVE is a Governed Multimodal Agentic Orchestrator that bridges the gap between AI autonomy and enterprise-grade identity:

  • Sovereign Token Vault: Powered by Auth0 for AI Agents, Zenith manages sensitive OAuth flows (GitHub, Google) without exposing tokens to the LLM. It ensures that the agent acts as a true proxy, not a security risk.
  • Neural Studio & Link: A high-performance interface powered by Gemini 3.1 Pro for deep reasoning and Gemini 2.5 Flash for real-time interaction.
  • Fine-Grained Governance: Unlike standard agents, Zenith integrates OpenFGA. It ensures that high-stakes actions require a "Relationship-based Access Control" (ReBAC) check before any API call is made.
  • Multimodal Handshake: Orchestrates complex tasks by breaking down intent into strategy (Gemini), imagery (Imagen 3), and cinematic video (Veo).

How we built it

The project is engineered as a Zero-Trust Agentic Infrastructure:

  • Identity & Token Management: Deeply integrated Auth0 Token Vault. We offloaded the entire OAuth lifecycle to Auth0, using the vault to securely store, refresh, and retrieve scoped tokens for our sub-agents.
  • Authorization Layer: We implemented OpenFGA to model complex permissions. This ensures the agent only operates within its "Trust Circle," preventing "Agent Overreach" where an AI might accidentally access unauthorized user data.
  • Core Intelligence: Built using the Google Generative AI SDK, leveraging Sequential Multi-Agent patterns (Auditor & Reviser) to validate agent decisions before they hit the Token Vault.
  • Backend & Cloud: Hosted on Google Cloud Run with a verified custom domain (zenith.elpeef.com). We use Node.js 24 and GCP Secret Manager to protect our Auth0 integration secrets.

The Engineering Log

We maintained a rigorous Engineering Logbook (Phase 1 to 10) to document this transformation:

  • Feb 19 - Feb 24 (The Foundation): Built the multimodal core using Gemini 3.1 Pro and moved from Vercel to Google Cloud Run for hardened security and regional optimization (asia-southeast1).
  • Mar 4 - Mar 11 (The Auth0 Evolution): This was our most critical sprint. We integrated the Auth0 React SDK and the Token Vault. We moved all third-party handshakes (GitHub & Google Calendar) to Auth0, ensuring the LLM never sees raw credentials.
  • Mar 10 - Mar 15 (Neural Governance): We added OpenFGA to implement Relationship-Based Access Control (ReBAC), ensuring that every "Agentic Action" is verified against a fine-grained policy before execution.
  • Mar 26 - Present (Standardization & Transparency): Implemented OpenAPI (Swagger) documentation and landing page hardening to expose the Governance API endpoints, providing a clear map for the "Authorized to Act" handshake protocol. The endpoints can be found here.
Date Milestone Commit Highlight
Feb 21 Cloud Native Secure Gateway Pattern & GCP Deployment
Mar 4 Identity Layer Full Auth0 Integration & Library Updates
Mar 6 Agentic Handshake Connected GitHub & Google Calendar via Vault
Mar 11 Governance OpenFGA Implementation & Relationship Tuples
Mar 14 Stability Fallback Logic & Neural Vision Refinement
Mar 26 Transparency Swagger UI Deployment & Architecture Documentation

Challenges we ran into

The biggest hurdle was the "Identity-Latency Tradeoff." Implementing secure Token Vault handshakes and OpenFGA checks in the middle of an autonomous agent flow can be complex. We solved this by creating an Asynchronous Handshake Pattern: while the user provides consent via Auth0, the agent prepares the execution strategy, ensuring a seamless transition once the token is released from the vault.

Accomplishments that we're proud of

  • Token Vault Mastery: Successfully built a production-aware flow where user credentials for GitHub and Google are managed entirely by Auth0, kept far away from the "prompt-injection" risks of the LLM.
  • OpenFGA Integration: Implemented a fine-grained authorization model that governs which "Sub-Agents" can access which "Tokens," a must-have for multi-agent systems.
  • Multimodal Neural Link: Developed a system where the agent autonomously coordinates between Gemini, Imagen, and Veo models based on the user's verified Trust Level.
  • Verified Production Deployment: A fully automated pipeline on Google Cloud Run, proving that agentic security is ready for the enterprise.
  • Zero Token Exposure Guarantee: At no point does the LLM access raw OAuth tokens. All sensitive operations are executed via a secure proxy layer backed by Auth0 Token Vault.

Bonus Blog Post

To further the conversation on AI security and the "Identity as the New Perimeter" paradigm, I’ve published deep-dive articles on our integration of Auth0 Token Vault and Zenith’s architecture:

We are humbled that our implementation of OpenFGA and Auth0 Token Vault attracted the attention of key figures in the authorization space. Our deep-dive into Zenith's security architecture was liked and recognized on LinkedIn by Andres Aguiar, Director of Product solving Authorization at Auth0/Okta & openfga.dev.

What we learned

We learned that Identity is the new Perimeter for AI agents. Throughout this challenge, we realized that "Agentic Memory" isn't just about logs—it's about Permission History. We deepened our understanding of how Auth0 Token Vault removes the burden of credential management, allowing us to focus on building more capable, autonomous agents.

What's next for Zenith

  • Step-up Authentication: Integrating Auth0 MFA Step-up for high-value agentic actions (e.g., "Post to Production" or "Delete Repository").
  • Autonomous Distribution: Allowing the agent to post content to social platforms securely after a "Final Handshake" managed by the vault.
  • Multi-Agent Governance: Introducing environments where multiple Gemini instances collaborate, each with different permission levels governed by OpenFGA and scoped Auth0 tokens.

ZENITH LIVE proves that the future of AI is not just autonomous—it's accountable.

Share this project:

Updates

posted an update

Formal Validation & Academic Indexing

We are excited to share that Zenith has officially moved beyond a prototype. The architecture and core codebase are now preserved in the global open-access repository, Zenodo, and assigned a permanent DOI: 10.5281/zenodo.19467804, ensuring the orisinality and traceability of our Agentic Governance model.

What's new in this version?

  • ORCID Linkage: Officially connecting our lead developer's academic profile with this technical contribution.
  • Software Heritage Archive: A permanent snapshot of the code for long-term accessibility.
  • Open AIRE: It stored on European infrastructure for open scholarly communication

This indexing validates our "Sovereign AI" approach, ensuring that our security handshake mechanism is not just functional but also follows the highest standards of software documentation and research integrity.

Log in or sign up for Devpost to join the conversation.