DEV Community: Harshit Singh Bhandari The latest articles on DEV Community by Harshit Singh Bhandari (@harshit_singhbhandari_25). https://dev.to/harshit_singhbhandari_25 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3809080%2F567c9865-56e5-4578-83f3-d71d18ba62bc.jpg DEV Community: Harshit Singh Bhandari https://dev.to/harshit_singhbhandari_25 en What if your AI agent could do anything... but only what you actually allow? Harshit Singh Bhandari Mon, 16 Mar 2026 19:29:20 +0000 https://dev.to/harshit_singhbhandari_25/what-if-your-ai-agent-could-do-anything-but-only-what-you-actually-allow-1nkg https://dev.to/harshit_singhbhandari_25/what-if-your-ai-agent-could-do-anything-but-only-what-you-actually-allow-1nkg <h1> What if your AI agent could do anything... but only what you actually allow? </h1> <h1> That's Aegis: the first agent with biometric-gated trust boundaries. </h1> <h1> GeminiLiveAgentChallenge </h1> <h2> The Problem Nobody Is Talking About </h2> <p>Everyone is racing to build autonomous agents that read email, manage calendars, push code, send messages.<br><br> But nobody is asking: <strong>what stops it from doing something you didn't want?</strong><br><br> Not hallucinations. Trust.</p> <p>Aegis solves this with a three-tier security model:</p> <p>🟢 GREEN — Read-only, silent<br><br> 🟡 YELLOW — Modifies state, verbal confirmation<br><br> 🔴 RED — Irreversible/sensitive, Face ID/Touch ID required </p> <p>Every action is classified by intent &amp; consequence — not tool names.</p> <h2> The Biometric Flow (the hardest &amp; most satisfying part) </h2> <p>RED action → Mac agent halts → GCP creates pending request → iPhone companion app receives it → Face ID fires via WebAuthn → success → agent proceeds.<br><br> Real-time cross-device flow: Mac → GCP → iPhone Face ID → Mac in seconds.<br><br> Your phone becomes the hardware lock on your AI.</p> <h2> The Classifier Insight </h2> <p>Tool names don't matter. Intent &amp; consequence do.<br><br> Same click tool: navigating a menu = GREEN. Sending an email = RED. Context decides.<br><br> When in doubt: escalate. False RED costs one tap. False GREEN could cost everything.</p> <h2> The Stack </h2> <ul> <li>Gemini Live API — real-time voice</li> <li>Gemini 2.5 Flash — classification &amp; planning</li> <li>Composio — tool execution</li> <li>WebAuthn — biometric auth on iPhone</li> <li>FastAPI + GCP Cloud Run — backend &amp; audit</li> <li>Firestore — real-time state</li> <li>React PWAs — Mac app, mobile, dashboard</li> </ul> <h2> Lightweight Auth (deadline pressure) </h2> <p>Full JWT was too risky in 8 days. Used bcrypt-hashed PIN registered to Firestore. Simple, secure, documented.</p> <p>Aegis proves boundaries are buildable.</p> <p>Try it now:<br> 🔗 Live: <a href="https://aegis.projectalpha.in" rel="noopener noreferrer">https://aegis.projectalpha.in</a><br> 📊 Dashboard: <a href="https://aegisdashboard.projectalpha.in" rel="noopener noreferrer">https://aegisdashboard.projectalpha.in</a><br> 📱 Mobile: <a href="https://aegismobile.projectalpha.in" rel="noopener noreferrer">https://aegismobile.projectalpha.in</a><br> 💻 Code: <a href="https://github.com/harshitsinghbhandari/gemini-live-hackathon" rel="noopener noreferrer">https://github.com/harshitsinghbhandari/gemini-live-hackathon</a></p> <p>Built solo in 15 days for #GeminiLiveAgentChallenge #GoogleAI #GeminiLive #BuildWithGemini</p> gemini geminiliveagentchallenge trust agents