Auth0 Agent Toolkit

an agent that runs your tenant — you sign off on every write

planapproveexecute

This agent operates a live Auth0 tenant through composite, goal-completing tools — and it cannot write anything until you approve the exact plan on your phone. Every action lands in a tamper-evident receipt chain, attributed to you.

Okta / Auth0 folks: use your @okta.com or @auth0.com email. No password — we email you a one-time code. The agent acts under your identity and every write pauses for a push to your phone; first login walks you through Auth0 Guardian setup (~1 min, have the Guardian app handy).

Sign in / sign up →
apps/demo/app/api/chat/route.tsthe whole backend — identity is two toolkit calls
import { convertToModelMessages, stepCountIs, streamText } from 'ai';
import { model } from '@/lib/model';
import { getSession } from '@/lib/session';
import { getAuth0 } from '@/lib/toolkit';
export const maxDuration = 800;
export async function POST(req: Request) {
const user = await getSession();
if (!user) return Response.json({ error: 'sign_in_required' }, { status: 401 });
const { messages } = await req.json();
// Auth0 Agent Toolkit — identity, approvals, receipts in two calls
const auth0 = await getAuth0();
const tools = auth0.tools({ user, writes: true });
// stock Vercel AI SDK from here down
const result = streamText({
model,
system: auth0.systemPrompt(),
messages: await convertToModelMessages(messages),
tools,
stopWhen: stepCountIs(8),
});
return result.toUIMessageStreamResponse();
}

plan — the agent shows its work as a diff before acting · approve — a Guardian push goes to the approver’s phone · execute — scoped tokens, receipts for everything. Watch it live in the trail, or read the code.