The Veto Agent (Focus: Token Vault & Asynchronous Authorization)
The Veto Agent (Focus: Token Vault & Asynchronous Authorization)
Challenge
The Veto Agent (Focus: Token Vault & Asynchronous Authorization)
The Challenge: Create an AI agent that is integrated with a user’s third-party service (e.g., Google Calendar, Slack, GitHub) to perform automated tasks. However, any high-impact action must be approved by the user outside of the chat session.
- Goal: Use Token Vault to securely manage the access tokens for the third-party service. Implement Asynchronous Authorization (CIBA) to pause the agent’s flow and send a push notification/email for user approval before executing a critical task (e.g., “AI Agent wants to delete all unread emails” or “AI Agent wants to schedule a meeting with the CEO”).
- Success Criteria: The agent successfully fetches data from the third-party service, but a specific, sensitive command triggers an out-of-band request for user consent, halting execution until approval is received.
Resources:
- Auth0 for AI Agents Documentation
- Assistant0: An AI Personal Assistant Secured with Auth0
- Auth-ing your GenAI
- Auth0 FGA for RAG
How to submit:
Share a link of your code repository!