🚀 Live Deployment: auth0-token-vault-guardian.vercel.app 📺 Video Demo: https://youtu.be/G2fHgBBSMoI
An institutional-grade autonomous executing agent built on Next.js and LangGraph.js. This project features explicit Human-in-the-Loop architectural control secured tightly by the Auth0 Token Vault.
sequenceDiagram
participant NextJS as Next.js Dashboard
participant LG as LangGraph Node Engine
participant Auth0 as Auth0 Token Vault
participant User as Human Operator (Mobile)
participant Web3 as Viem Base Sepolia
NextJS->>LG: POST /api/agent/trigger { intent: "Rebalance" }
LG->>LG: evaluate_risk()
LG->>Auth0: requestAsynchronousVaultConsent(execute_transfer_tool)
Note over LG,Auth0: Thread physically pauses (polling)
Auth0-->>User: Push Notification (CIBA)
User->>Auth0: Grants Permission
Auth0-->>LG: Scope Token Acquired
LG-->>NextJS: Graph State = INTERRUPT_PAUSED (Awaiting UI Confirmation)
NextJS->>LG: POST /api/agent/resume
LG->>Web3: signTradeIntent(EIP-712 payload)
Web3-->>NextJS: Cryptographic Signature Return
This architecture natively implements institutional-grade multi-party computation.
We explicitly enforce two distinct Human-in-the-Loop constraints before the viem cryptography mathematically signs the final transaction:
- The hardware Ping (Auth0 CIBA): An executive/risk officer receives an out-of-band mobile push request demanding they unlock the execution vault.
- The Terminal UI (LangGraph Pause): Once the Vault unlocks, the LangGraph thread physically halts again (
interruptBefore: ["SignIntent"]), requiring the active Terminal operator to actively press "Sign & Broadcast Intent".
This guarantees that a compromised terminal cannot bypass the executive phone, and a compromised phone cannot invisibly trigger a signature without terminal initiation.
Here is how we set up the Auth0 Dashboard to handle the authorization:
- API Setup: Created a custom API (
https://api.risk-router-demo.com) and added theexecute_transferscope. - M2M Application: Created a Machine-to-Machine application in Auth0 to represent our Next.js agent.
- CIBA Grant Type: Enabled the Backchannel Authentication (
urn:openid:params:grant-type:ciba) grant in the application's advanced settings so it can send out-of-band push requests. - API Authorization: Authorized the application to connect to the custom API and assigned it the
execute_transferscope. - Guardian Push MFA: Enabled Auth0 Guardian Push Notifications in the security settings to ensure the CIBA request successfully pings the user's physical device (e.g., a mobile phone or smartwatch).
To prove that the LangGraph workflow mathematically blocks the agent from forging a Web3 payload without the CIBA Token Vault scope, you can run the unmocked E2E test script natively:
=======================================================
🤖 [TEST SUITE] Auth0 Token Vault End-to-End Execution
=======================================================
🚀 [Phase 1] Initiating headless LangGraph agent...
📉 [Phase 1] Evaluating Agent Intent for a High-Value Web3 Transfer...
🔒 [AUTH0] Triggering Token Vault. AWAITING MOBILE PUSH APPROVAL...
👉 ACTION REQUIRED: Please check your Auth0 Guardian app right now!
📊 [AGENT] Analyzing transaction intent...
🔒 [AGENT] Initiating Auth0 Token Vault execution wrap...
🔒 [AUTH0] Token Vault Consent Push Notification sent to user's device.
... (Thread formally suspends until human presses 'Approve' on iOS/Android) ...
✅ [AUTH0] Token Vault Consent explicitly approved. Resuming execution.
✅ [Phase 1] Auth0 Token Vault Consent Explicitly Acquired!
✅ [Phase 1] Graph securely intercepted at SignIntent execution boundary.
🚀 [Phase 2] Resuming LangGraph Thread for Viem Execution...
🚀 [AGENT] Connecting to Web3 to sign Authorized Intent...
=======================================================
🎉 [SUCCESS] Native Web3 Payload Generated Successfully!
=======================================================
- Security Model: The agent does not use static API keys. All execution runs through the Auth0 Asynchronous Authorization (CIBA) flow.
- User Control: The dashboard features a dedicated consent panel so users can visually monitor exactly when the agent is paused and requesting permission.
- Technical Execution: Built in TypeScript using the official
@auth0/ai-langchainSDK. - Design: A clean, institutional-style dashboard built with Tailwind CSS and lucide-react.
- Potential Impact: Demonstrates how to prevent autonomous agents from making unauthorized high-value transactions on-chain.
- Insight Value: Shows a practical pattern for using LangGraph to physically halt an execution thread while waiting for an external Auth0 identity ping.
Word count: 247 words
The proliferation of autonomous AI agents executing severe Web3 code poses a devastating security threat. Today, most "agents" simply operate on a raw Cron job with a hardcoded .env private key, flying blindly into financial ruin if the reasoning engine hallucinates.
To stop this organically, we decoupled the execution privileges of our AI using the Auth0 Token Vault. The shift from static API keys to a dynamic, CIBA-driven LangGraph workflow completely rearchitects the security perimeter.
Instead of trusting the LLM indiscriminately, our Node process uses LangGraph.js to monitor the executing intent. When an anomaly triggers an actionable state (like transferring high-value liquidity), the agent hits an explicit .compile({ interruptBefore: ["SignIntent"] }) state transition block. The agent's thread literally pauses in memory, initiating a payload through the @auth0/ai-langchain SDK.
The human operator receives a CIBA push notification directly to their device with a strict parameter: "DeFi Vault: Authorize high-value agent transaction.". Only if explicitly approved does the LangGraph node receive the ephemeral, vaulted token necessary to invoke the viem cryptography and sign the target EIP-712 payload.
This architecture fundamentally proves that using the Auth0 Token Vault, autonomous algorithms can be legally and mathematically constrained to "Authorized to Act".
npm install
npm run dev