Auth0 "Authorized to Act" Hackathon
AI actions.
Human control.
VaultBridge lets a local AI agent interact with GitHub — reading repos, proposing pull requests — without ever holding a credential. You approve every sensitive action.
1. AI sends intent
The local AI calls /api/intent with an action request — no tokens, no credentials.
2. Risk classification
VaultBridge classifies the action. Read operations proceed automatically. Write operations are queued for your review.
3. Human approves + MFA
You see exactly what the AI wants to do. Approve triggers step-up MFA via Auth0 before anything executes.
Security guarantees
- ✅ AI holds zero credentials — tokens live in Auth0 Token Vault only
- ✅ All GitHub calls are made server-side using tokens the AI never sees
- ✅ Write operations require MFA re-authentication via CIBA Guardian push
- ✅ Full audit log of every requested, approved, and denied action
- ✅ You can revoke GitHub access at any time from the dashboard
See the dashboard for a full breakdown of which Auth0 AI features this demo showcases — and which ones aren't possible with GitHub's OAuth model.