← All work
Agentic 2026

IntentGuard

Your words define the boundary. The agent cannot cross it.

The problem

AI agents routinely run with far more OAuth permission than their job needs — a scheduling bot with calendar-write can delete every meeting; a marketing assistant with full Gmail access can read the CEO’s inbox.

How it works

IntentGuard parses every natural-language command with an LLM into a structured intent — operation type, target service, required OAuth scopes, and whether step-up auth is needed. “Check my unread emails” → read-only, auto-approved; “send an email to alice@…” → flagged as a write, held until you give explicit step-up authorization. Auth0 Token Vault holds and refreshes the tokens so the app never sees a refresh token.

Key features

  • Intent-to-scope mapping decided in real time from what you say
  • Auth0 Token Vault — the app never touches refresh tokens; short-lived scoped tokens only
  • Step-up authorization gate for every write operation
  • One intent model across a web dashboard and a Telegram bot
  • Full audit trail: every action, scopes used, and approval status

Architecture

User (Telegram or web) → Next.js backend → LLM intent parser → Auth0 Token Vault (passwordless auth, scoped tokens, step-up for writes) → Google APIs. Reads execute immediately; writes wait for dashboard approval.

Stack

Next.js Auth0 for AI Agents LLM intent parser Telegram Bot API Google APIs

Context

Built for an Auth0 for AI Agents hackathon (Token Vault).