The latest articles on DEV Community by Anish Shirodkar (@anishshirodkar). https://dev.to/anishshirodkar https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3920974%2Faa008f5d-bc52-4b0b-b3d1-f13046a2048f.jpeg https://dev.to/anishshirodkar en Anish Shirodkar Sat, 09 May 2026 02:54:19 +0000 https://dev.to/anishshirodkar/ai-agents-can-do-a-lot-but-should-they-2hfo https://dev.to/anishshirodkar/ai-agents-can-do-a-lot-but-should-they-2hfo <p>Most conversations about AI agents focus on what they can do. <br> Very few focus on what they should be allowed to do.</p> <p>That gap is what I kept thinking about when I built Vouch for <br> the Auth0 "Authorized to Act" hackathon.</p> <p>The Problem:</p> <p>AI agents are getting good at taking actions: booking meetings, <br> calling APIs, sending emails, managing files. But the current <br> delegation models are broken. You either leak credentials in <br> prompts, which is dangerous, or you hand the agent broad OAuth <br> access and hope it stays in its lane, which is just risky in a <br> different way.</p> <p>There is no clean way to say: this agent can do X on service A, <br> for user B, until this session ends. Nothing more. That missing <br> primitive is the whole problem.</p> <p>How Vouch Works:</p> <p>Vouch sits between the agent and the services it wants to interact <br> with. Instead of giving the agent raw credentials, you define a <br> permission scope for each action. The agent operates within that <br> scope and nothing outside it.</p> <p>The credential delegation runs through Auth0 Token Vault. When a <br> user authorizes an action, Vouch generates a scoped token tied to <br> that specific permission. The agent uses the token to act. It <br> never sees the underlying credentials. When the session ends, <br> access is revoked.</p> <p>The agent brain is Llama 3.3 70B running through Groq's API. <br> Backend is Node.js and Express, frontend is React and Vite. <br> Built the whole thing in 48 hours.</p> <p>The Hard Part:</p> <p>The auth flow was not the challenge. The permission schema was.</p> <p>Too broad and the whole point falls apart. Too narrow and the <br> agent becomes useless. I went through three complete redesigns <br> before landing on something that felt both flexible and actually <br> enforceable. That balance took most of the 48 hours.</p> <p>The Takeaway:</p> <p>Capability gets all the attention. Constraint gets almost none. <br> As agents get more capable, the trust problem gets harder, not <br> easier. An agent that can browse the web, write code, and send <br> emails on your behalf needs a much more sophisticated permission <br> model than anything running in production today.</p> <p>Scoped delegation with session-bound tokens is not the final <br> answer. But I think it is the right direction.</p> <p>Live: <a href="//vouch-q017.onrender.com">vouch-q017.onrender.com</a><br> GitHub: <a href="//github.com/Anish0104/vouch">github.com/Anish0104/vouch</a></p> <p>If you are building in the agentic space, how are you handling <br> permissioning? Would love to hear how others are defining trust <br> in their stack.</p> <h1> AgenticAI #MachineLearning #Auth0 #LLMs #BuildInPublic </h1> ai webdev programming javascript