Core Concepts
UAPK Gateway provides a policy enforcement layer between AI agents and the tools they use. This section explains the core concepts.
Architecture Overview
Request Flow
Every agent action request flows through the gateway:
Key Concepts
| Concept | Description | Learn More |
|---|---|---|
| UAPK Manifest | JSON document declaring agent identity, capabilities, and constraints | Manifest |
| Capability Token | Ed25519-signed JWT granting specific permissions | Capabilities |
| Policy Decision | ALLOW, DENY, or ESCALATE based on evaluation | Decisions |
| Approval Workflow | Human review for escalated actions | Approvals |
| Audit Log | Hash-chained, signed InteractionRecords | Logs |
Multi-Tenancy
UAPK Gateway supports multiple organizations with isolated data:
Each organization has:
- Independent manifests and agents
- Separate policies and approval workflows
- Isolated audit logs
- Distinct API keys and users
Security Model
UAPK Gateway implements defense-in-depth:
- Authentication: JWT tokens for users, API keys for agents
- Authorization: RBAC for operators, capability tokens for agents
- Policy Enforcement: Rules evaluated at runtime
- Audit Trail: Tamper-evident, cryptographically signed logs
- Key Management: Ed25519 keys for signing tokens and records
See Security for the full threat model.
Next Steps
UAPK Manifest
Learn how to declare agent identity and capabilities.
Capability Tokens
Understand fine-grained, time-limited permissions.
Policy Decisions
How the policy engine evaluates requests.
Approvals
Configure human-in-the-loop workflows.