Skip to content

Niteesh57/GuardAgent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
backend
backend
 
 
frontend
frontend
 
 
.dockerignore
.dockerignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
project_overview.md
project_overview.md
 
 
supervisord.conf
supervisord.conf
 
 

Repository files navigation

🛡️ Guard Agent: The Secure AI Automation Framework

Auth0 Authorized to Act

Important

Core Requirement: This project requires an Auth0 Account with the Auth0 for AI Agents Token Vault enabled. This is the central security mechanism for zero-secret storage and selective scope authorization.

Built for the Auth0 for AI Agents: Authorized to Act Hackathon, Guard Agent is a high-security, autonomous research and automation platform. It leverages the Auth0 for AI Agents Token Vault to bridge the gap between powerful LLM agents and secure enterprise/personal data.

🏗️ The 3-Agent Security Pipeline (LangGraph)

Guard Agent operates on a stateful, multi-agent graph architecture that enforces human-in-the-loop consent at every sensitive step.

Agent Role Responsibility
1. IntentNode Planner Analyzes requests, researches topics (via Firecrawl), and determines tool-calling strategy.
2. ContractNode Safety Officer Generates human-readable Action Contracts and provides granular resource selection.
3. ExecutorNode Secure Worker Executes actions ONLY after verified consent, retrieving secrets from Auth0 Token Vault.

📐 Architecture & Communication Flow

sequenceDiagram
    participant User as User (Browser)
    participant Agent as Guard Agent (Backend)
    participant Auth0 as Auth0 Token Vault
    participant API as Third-Party API (Google Docs/Drive)

    User->>Agent: "User Request (Research and save to Doc)"
    
    rect rgb(30, 30, 30)
        Note over Agent: IntentNode (Planning)
        Agent->>Agent: Internal Research
    end

    rect rgb(50, 30, 30)
        Note over Agent: ContractNode (Safety/Consent)
        Agent->>Auth0: Fetch Resource Metadata
        Auth0-->>Agent: Drive File Metadata
        Agent-->>User: "Return Action Contract + File Selection UI"
    end

    Note over User, Agent: Execution Paused: Waiting for User Consent

    User->>Agent: "Approve Contract (Files Selected: A, B)"

    rect rgb(30, 50, 30)
        Note over Agent: ExecutorNode (Secure Action)
        Agent->>Auth0: Request Scoped Access Token
        Auth0-->>Agent: OAuth Token
        Agent->>API: "Execute Action (Document Created)"
        API-->>Agent: Result
    end

    Agent-->>User: "Task Complete (Summarized output)"
Loading

📋 The Anatomy of an Action Contract

The Action Contract is the cornerstone of our trust model. It is generated dynamically and includes:

  • Human-Readable Intent: Clear goals (e.g., "Create a formatted Project Proposal").
  • Step-by-Step Execution Plan: Detailed breakdown of actions.
  • Risk Level Assessment: Categorizes actions (Low, Medium, High).
  • Data Boundaries: Explicitly lists Data Used and Data NOT Used.
  • Selective Resource Picker: Dynamic selection of exactly which files the agent can access.

🛡️ Security Architecture (Auth0 Integration)

1. Auth0 Token Vault: "Zero Secrets in the Browser"

We utilize the Auth0 Token Vault to eliminate local credential storage.

  • Secret Management: Google OAuth tokens are stored exclusively in Auth0's encrypted backend vault.
  • Short-Lived Access: The backend retrieves tokens only for the duration of an approved action.

2. Selective Scope Authorization (SSA)

SSA allows the user to grant access to exactly the resources needed for a specific task, ensuring the principle of least privilege.

🧪 Technology Stack

  • Orchestration: LangChain & LangGraph (Python).
  • Inference: Groq (Llama 3 @ 70B) for ultra-low latency planning.
  • Identity: Auth0 (OIDC) + Auth0 Token Vault (Secret Management).
  • Frontend: Next.js (Tailwind + Framer Motion).
  • Research: Firecrawl & Jina.

🚀 Getting Started

Prerequisites

  • Node.js: v20+
  • Python: v3.11+
  • Auth0 Account: With Auth0 for AI Agents enabled and a configured Token Vault.

Installation & Local Development

  1. Clone the repository:

    git clone https://github.com/Niteesh57/GuardAgent.git
cd GuardAgent

  2. Configure Environment Variables:

    • Backend: Create backend/.env from backend/.env.example. You'll need AUTH0_DOMAIN, AUTH0_MGMT_CLIENT_ID, AUTH0_MGMT_CLIENT_SECRET, and GROQ_API_KEY.
    • Frontend: Create frontend/.env.local from frontend/.env.local.example.

  3. Setup Backend (FastAPI):

    cd backend
python -m venv venv
# Windows:
.\venv\Scripts\activate
# Mac/Linux:
source venv/bin/activate
pip install -r requirements.txt
python -m uvicorn app.main:app --reload

  4. Setup Frontend (Next.js):

    cd ../frontend
npm install
npm run dev

🚢 Docker / Production Deployment

The project is containerized using a multi-stage Dockerfile that orchestrates both the Python backend and Next.js frontend using Supervisord.

To deploy (e.g., on Railway or Render):

  • Ensure all environment variables are set in your deployment dashboard.
  • The Dockerfile will automatically build the frontend and serve both services.

⚖️ License

This project is licensed under the MIT License.

🏆 Hackathon Submission Details

We are delivering a comprehensive security framework for AI Agents for the Auth0 Authorized to Act Hackathon:

  • Auth0 for AI Agents Token Vault Integration: Secure, off-browser secret management.
  • Selective Scope Authorization (SSA): Granular, file-level consent for agent actions.
  • Audit Logging: Immutable history of all agentic tasks.
  • Technology Stack: FastAPI (LangGraph), Groq (Llama 3 @ 70B), and Next.js.
  • 🎬 Video Demo: Watch on YouTube
  • 📁 Public Repository: GitHub (Niteesh57/GuardAgent)
  • 🔗 Production Link: Live Demo on Render

About

GuardAgent

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 1

Languages