Skip to main content

The Agent Firewall for High-Stakes AI

Govern every AI action with policy enforcement, human approvals, and court-ready audit logs. Built for legal, finance, and compliance.

Self-Host FreeBook Pilot (€15K–€25K)

Self-Host Free is a Docker/CLI setup for technical teams. Enterprise pilots include expert deployment.

Self-hosted Apache 2.0 open source Production-ready in 2–4 weeks

Policy Enforcement

ALLOW, DENY, or ESCALATE decisions based on manifests, budgets, and risk hooks. Non-bypassable enforcement at the action boundary.

Learn more →

Human Approvals

High-risk actions escalate to operators for review. Web UI + API with 5-minute SLA. Full audit trail of every decision.

Learn more →

Tamper-Evident Logs

Hash-chained, Ed25519-signed interaction records. Cryptographically verifiable audit logs for regulators and courts.

Learn more →

Where do you start?

Three paths into UAPK — pick the one that matches where you are right now.

I'm technical

Set up the full policy engine, capability tokens, and audit logs on your own infrastructure.

FreeDocker / CLI setup
View Quickstart

I need governance design first

Design manifest architecture and policy map for your agent before writing a line of code.

€5K–€10K1–2 week engagement
Get in Touch
Most common
🚀

I need one workflow live fast

Expert-led deployment from kickoff to production for one high-value regulated workflow.

€15K–€25K2–4 week pilot
Book a Pilot

See It in Action

Every agent action flows through the gateway for policy enforcement and audit logging.

# Agent proposes action
curl -X POST /gateway/execute \
  -H "X-API-Key: $KEY" \
  -d '{
    "uapk_id": "settlement-bot",
    "action": {
      "type": "legal",
      "tool": "send_settlement_offer",
      "params": {"amount": 5000}
    }
  }'

# Gateway response
{
  "decision": "ALLOW",
  "executed": true,
  "interaction_id": "int-abc123"
}

What Just Happened?

  • Manifest check — Is settlement-bot registered?
  • Capability check — Can it send settlements?
  • Budget check — $5K under $50K threshold
  • Policy check — Passed all rules
  • Executed via connector
  • Logged with hash chain + Ed25519 signature
Reference deployment

IP settlement agent — from proposal to evidence

A law firm's settlement bot needs to negotiate IP disputes autonomously — but compliance requires human approval above €50K and a court-admissible audit trail for every action taken. This is what one gateway execution looks like end-to-end.

01
Action proposed

Settlement bot calls POST /gateway/execute with action type legal, tool send_settlement_offer, amount €5,000 toward counterparty in an IP dispute.

02
Policy engine runs

Gateway checks manifest identity, capability token, amount against the €50K threshold, jurisdiction allowlist, and daily budget. All pass. Decision: ALLOW.

03
Connector executes

HTTP connector sends the offer via the firm's outbound API. Response captured and attached to the interaction record.

04
Audit record written

Tamper-evident record created: request hash, result hash, Ed25519 gateway signature, and SHA-256 link to the previous record in the chain.

05
Evidence bundle ready

Compliance team exports the S3 Object Lock bundle. The chain integrity check passes. The record is court-admissible and regulator-ready.

Outcome: Compliance signed off in week one of the pilot. Audit records passed chain integrity verification. The evidence bundle met the standard required for court submission. Settlement offers above the €50K threshold trigger an escalation to a human approver before execution — the bot never touches those unilaterally.

Before vs After

Without UAPK

  • Compliance blocks every agent deployment
  • "Who authorized this?" — no attribution
  • "Can we prove it in court?" — no audit trail
  • "How do we stop it?" — no kill switch
  • Months of back-and-forth with legal/compliance
  • Vendor logs — 90-day retention, not court-admissible

With UAPK

  • Policy enforcement: ALLOW / DENY / ESCALATE
  • Attribution: Every action traced to agent + manifest
  • Court-ready logs: Hash-chained, Ed25519 signed
  • Human approvals: High-risk actions reviewed
  • Production in 2–4 weeks: Fixed-fee pilot
  • Your evidence: Self-hosted, indefinite retention

Who should buy this first?

UAPK is built for one specific problem: AI agents taking consequential, externally-visible actions in regulated environments.

Best first fit
  • Legal ops agents (settlement, due diligence, contract review)
  • KYC / AML onboarding workflows with sanctions screening
  • Internal agent approvals for regulated outbound actions
  • Finance agents writing payments, transfers, or trade orders
  • Any AI system where "what did it do and who approved it?" matters to auditors
Not ideal first fit
  • Casual chatbots or Q&A assistants with no external actions
  • Generic content generation or summarisation pipelines
  • Low-risk internal copilots with no regulatory exposure
  • Agents that only read data and never write or send anything

The "47ers" Library

Pre-built governance templates — drop-in manifests that wire up policy enforcement, approval thresholds, and audit rules for the most common regulated workflows. Deploy in minutes, not weeks.

Legal

Litigation & IP

  • IP Settlement Gate: Auto-negotiate up to $50K, escalate above
  • DMCA Takedown: 200 notices/day with compliance tracking
View templates →
Finance

Trading & KYC

  • Trading Gate: $10K auto-execute, $100K daily cap
  • KYC Onboarding: Risk-based routing + sanctions screening
View templates →
Compliance

Audit & Controls

  • Vendor Due Diligence: Automated risk assessment
  • Email Guard: Rate limits + recipient validation
View templates →

Works with Your Stack

Drop UAPK Gateway into whatever automation platform you already use.

The governance stack

Open source gives you the engine. Professional engagement adds expert implementation and legal review from a Rechtsanwalt with 12 years PQE.

Governance infrastructure

UAPK Gateway

Free · Open Source

Apache 2.0 policy enforcement and audit middleware. Self-host in 5 minutes. All core features free — policy engine, capability tokens, approvals, tamper-evident logs.

Get started →
AI consulting & implementation

Lawkraft

Pilot · Blueprint

Expert deployment for regulated environments. Custom AI systems, compliance documentation, and UAPK pilots. No hand-offs, no juniors — delivered by the same person who built the technology.

lawkraft.com →
Legal review & regulatory strategy

Hucke & Sanker

Enterprise · Ongoing

Boutique transnational law firm. AI Regulatory Strategy practice covering EU AI Act, GDPR for AI/ML, and capital markets compliance. Manifests reviewed as legal instruments by licensed counsel.

huckesanker.com →

Simple, Transparent Pricing

Start free and self-host, or engage for expert-led deployment in regulated environments.

Open Source
Free
Self-hosted

Full policy engine, approvals, and audit logs. Run it on your own infrastructure.

  • All core features
  • Apache 2.0 license
  • 47ers template library
  • Docker Compose deploy
  • Community support
Get Started Free
Blueprint Package
€5K–€10K
1–2 weeks

Governance design before you build — manifest architecture, policy map, and implementation roadmap.

  • Agent roles + action map
  • Policy manifest design
  • Approval threshold spec
  • Integration architecture
  • Implementation roadmap
Get in Touch
Most Popular
Agent Governance Pilot
€15K–€25K
2–4 weeks

Expert-led deployment for one high-value workflow — from kickoff to production.

  • Production-ready manifest
  • Self-hosted on your infra
  • Approval workflows live
  • Evidence-grade audit logs
  • 30-day post-pilot support
Book a Pilot
Enterprise Support
€3K–€10K
/month

Ongoing support for production deployments — custom connectors, SLA, compliance exports.

  • Custom connectors
  • S3 COMPLIANCE audit export
  • 4h SLA, 99.9% uptime
  • Version upgrades
  • Dedicated support channel
Contact Us

All commercial engagements deploy UAPK Gateway to your infrastructure — you own your data, evidence, and compliance posture.

Blueprint fee credited in full toward a Pilot if you engage within 90 days.

Not sure where to start? Book a free 45-min governance assessment →

Why UAPK Won't Be Obsolete

Model vendors will improve. Your governance requirements won't change.

01

Model-Agnostic by Design

UAPK governs actions at the boundary to real systems. It doesn't care which model you use — GPT-4, Claude, Llama, or Gemini.

02

Regulation Requires It

SOC2, GDPR, SEC audits require organization-owned evidence. "Check the OpenAI logs" doesn't work in court.

Ready to Deploy Agents Safely?

Expert help from David Sanker — Rechtsanwalt, BAFin-certified AI expert, and the engineer who built this for real-world compliance needs

Start a Conversation

Tell us about your use case and we'll design a governance plan.

Your information is secure. We'll never share it with third parties.

Or explore on your own:

Self-Host (Free) · View Pricing · View on GitHub