IntentGuard
Your words define the boundary. The agent cannot cross it.
The problem
AI agents routinely run with far more OAuth permission than their job needs — a scheduling bot with calendar-write can delete every meeting; a marketing assistant with full Gmail access can read the CEO’s inbox.
How it works
IntentGuard parses every natural-language command with an LLM into a structured intent — operation type, target service, required OAuth scopes, and whether step-up auth is needed. “Check my unread emails” → read-only, auto-approved; “send an email to alice@…” → flagged as a write, held until you give explicit step-up authorization. Auth0 Token Vault holds and refreshes the tokens so the app never sees a refresh token.
Key features
- Intent-to-scope mapping decided in real time from what you say
- Auth0 Token Vault — the app never touches refresh tokens; short-lived scoped tokens only
- Step-up authorization gate for every write operation
- One intent model across a web dashboard and a Telegram bot
- Full audit trail: every action, scopes used, and approval status
Architecture
User (Telegram or web) → Next.js backend → LLM intent parser → Auth0 Token Vault (passwordless auth, scoped tokens, step-up for writes) → Google APIs. Reads execute immediately; writes wait for dashboard approval.
Stack
Context
Built for an Auth0 for AI Agents hackathon (Token Vault).