Neuro-Fin Agent (NFA) platform

This is a submission for the Auth0 for AI Agents Challenge

What I Built
I built the Neuro-Fin Agent (NFA) platform, a multi-agent system designed to provide executive function support for financial management, securely authenticated by Auth0.

The NFA tackles the problem of impulsive spending, especially through Buy Now, Pay Later (BNPL) services, which critically impacts users facing challenges like ADHD or high Burnout (a key finding from my prior research).

The core of the application is a secure UI where two specialized AI Agents operate:

Impulsivity Detection Agent (IDA): A simulated agent that constantly flags transactions exhibiting high-risk patterns.

Behavioral Nudge Agent (BNA): When a risk is flagged, this agent delivers a personalized psychological intervention (nudge), such as a "Wait 24 Hours" contract pop-up, designed to introduce friction and prevent impulsive actions.

The platform's frontend focuses on demonstrating the secure login, the risk dashboard, and the critical BNA intervention flow.

Demo

https://codepen.io/nad-Yunny/pen/GgoyrOv

Key Interaction Flow Demonstrated on CodePen:

Secure Login Simulation: A button demonstrating the initiation of the Auth0 Universal Login flow.

Dashboard View: The main UI showing the user's "Impulsivity Risk Score" (set to HIGH by the IDA agent).

BNA Intervention (Critical Demo Point): A button/simulated action triggers a full-screen "STOP & THINK" modal, representing the BNA agent successfully intercepting a high-risk BNPL action based on a valid Auth0 token for that user.

How I Used Auth0 for AI Agents
I leveraged Auth0 to solve the critical identity and security issues involved in managing sensitive financial and behavioral data, crucial for the trust required for an AI Financial Guardian.

1. User Authentication and Identity (Securing the Human)

Universal Login: Implemented the standard Auth0 Universal Login flow for the human user, ensuring a secure, standards-compliant entry point.

Role-Based Access Control (RBAC): Although the full backend isn't in CodePen, the UI design clearly reflects two roles: the Financial_Owner and a Trusted_Guardian (a family member/therapist). This RBAC logic, managed by Auth0, is vital for allowing secure monitoring access without compromising the owner's primary control.

1. Securing Agent Access (Machine-to-Machine)

Simulated M2M Flow: The Impulsivity Detection Agent (IDA) is a non-human service that needs to communicate securely with the application's API (to log spending data) and with the BNA agent.

Agent Identity: The architecture requires the IDA to use Auth0's Client Credentials Flow (Machine-to-Machine) to obtain an access token. This token grants the IDA a secure, verifiable identity, ensuring our backend API only accepts data from the authorized AI agent, not a rogue third party. The CodePen's interaction logic depends on the successful completion of this Auth0 process (simulated) to execute the BNA nudge.

Lessons Learned and Takeaways
Challenges

The primary challenge in conceptualizing this project was marrying the real-time nature of impulsivity detection with the overhead of secure authentication. I had to design the architecture to ensure that the AI Agent's token validation and subsequent action (the BNA intervention) were near-instantaneous. A fractional delay can mean the difference between preventing an impulse purchase and merely reporting it afterward.

Key Learnings

AI Agents Require First-Class Identity: The most significant takeaway is that AI agents are autonomous users, and they must be treated as such. Auth0's Machine-to-Machine flow is the ideal solution because it provides a dedicated, auditable identity for the IDA, which is crucial when dealing with sensitive financial data.

Security Enables Innovation: By abstracting the complex authentication and authorization rules to Auth0, I could focus the core logic of the application on the Behavioral Nudge Agent (BNA), proving that robust security is the enabler of innovative, high-trust AI applications, not a roadblock.

Advice for Other Developers

If your AI agent performs critical, irreversible actions (like sending funds, or in this case, stopping a transaction), do not rely on static API keys. Implement Asynchronous Authorization (a core Auth0 feature) to introduce a human-in-the-loop step for truly sensitive actions. Always treat your agents' secrets and access scopes as seriously as your users' passwords.