Auth0 Agent Toolkit
an agent that runs your tenant — you sign off on every write
This agent operates a live Auth0 tenant through composite, goal-completing tools — and it cannot write anything until you approve the exact plan on your phone. Every action lands in a tamper-evident receipt chain, attributed to you.
Okta / Auth0 folks: use your @okta.com or @auth0.com email. No password — we email you a one-time code. The agent acts under your identity and every write pauses for a push to your phone; first login walks you through Auth0 Guardian setup (~1 min, have the Guardian app handy).
Sign in / sign up →import { convertToModelMessages, stepCountIs, streamText } from 'ai';import { model } from '@/lib/model';import { getSession } from '@/lib/session';import { getAuth0 } from '@/lib/toolkit';export const maxDuration = 800;export async function POST(req: Request) {const user = await getSession();if (!user) return Response.json({ error: 'sign_in_required' }, { status: 401 });const { messages } = await req.json();// Auth0 Agent Toolkit — identity, approvals, receipts in two callsconst auth0 = await getAuth0();const tools = auth0.tools({ user, writes: true });// stock Vercel AI SDK from here downconst result = streamText({model,system: auth0.systemPrompt(),messages: await convertToModelMessages(messages),tools,stopWhen: stepCountIs(8),});return result.toUIMessageStreamResponse();}
plan — the agent shows its work as a diff before acting · approve — a Guardian push goes to the approver’s phone · execute — scoped tokens, receipts for everything. Watch it live in the trail, or read the code.