UAPK Gateway
The agent firewall + black box recorder for high‑stakes AI.
Deploy autonomous AI agents with hard guardrails, human approvals, and tamper‑evident audit logs — on one VM, self‑hosted.
Start Pilot Program | Self-Host (Open Source) | View on GitHub
Agents don't "do" things directly. They propose actions. UAPK Gateway enforces policy, permissions, budgets, risk hooks, and produces evidence‑grade interaction records for auditors, regulators, and courts.
Why this exists
Agentic AI is moving from "chat" to "action":
- Sending emails and messages
- Writing into CRMs and case systems
- Onboarding customers (KYC)
- Underwriting and claims triage
- Proposing trades / executing workflows
The moment agents touch money, legal outcomes, privileged systems, or regulated data, organizations hit the same wall:
"Who authorized this?"
Attribution and accountability for agent decisions
"Can we stop it at runtime?"
Real-time intervention and kill switches
"Can we prove what happened?"
Evidence-grade audit trails for legal proceedings
"How do we deploy safely?"
Compliance without blocking innovation
UAPK Gateway is a control plane for agent actions — designed for legal, finance, and compliance environments.
The Solution
UAPK Gateway is a single deployable service (FastAPI + Postgres) that sits between agents and the outside world.
Key design principle: the gateway is the non-bypassable enforcement point. In production, tools run with credentials controlled by the gateway — not by the agent.
What You Get
Policy Enforcement
ALLOW / DENY / ESCALATE decisions based on manifests, budgets, and risk hooks
Capability Tokens
Scoped delegation with time limits, action allowlists, and cryptographic signatures
Budgets & Rate Caps
Per-day, per-entity limits to prevent runaway costs and abuse
Human Approvals
Escalate high-risk actions to operators via web UI or API
Tamper-Evident Logs
Hash-chained, signed interaction records with verification scripts
Compliance Exports
Audit bundles for regulators, auditors, and legal proceedings
Connector Framework
Webhooks, HTTP, and custom tools with strict allowlists
Production-Ready
Docker Compose deployment on one VM, self-hosted, no vendor lock-in
Who It's For
Teams shipping "agentic" workflows
- Law firms and litigation boutiques (IP enforcement, claims, settlements)
- Banks, fintechs, and insurers (KYC/onboarding, underwriting, internal copilots)
- Compliance and risk teams trying to approve agent deployments
- AI product teams who need a governance story to close enterprise deals
If you're in any of these situations, you're the target
"Our agent can do X, but compliance won't sign off."
"We need approvals for certain actions."
"We need audit trails that survive scrutiny."
"We want to deploy agents, but safely and repeatably."
Quick Start
- Self-Host (Open Source)
- Commercial Pilot
# Clone and start
git clone https://github.com/UAPK/gateway.git
cd gateway
make dev
# Set up database
make migrate
make bootstrap
# Open dashboard
open http://localhost:8000
See the Quickstart Guide for complete instructions.
License: Apache-2.0 (fully open source)
Get expert help to deploy UAPK Gateway for one high-value workflow in 2-4 weeks.
Includes:
- Production-ready manifest + guardrails
- Self-hosted gateway on your infrastructure
- Approvals flow + evidence-grade logs
- Compliance export bundle
- Operator training
Pricing: $15,000 - $25,000 (fixed fee)
Why UAPK Won't Be Obsolete
UAPK Gateway is model‑agnostic and vendor‑agnostic:
- It governs actions at the boundary to real systems
- It integrates with your existing IAM, secrets, logging, and approvals
- It produces organization‑owned evidence (not vendor-retention logs)
Model vendors can improve tracing and tool primitives — but regulated orgs still need:
- Non-bypassable enforcement at your boundary
- Consistent cross-model governance standards
- Audit and retention under your own policies
See Future-Proof Architecture for details.
The "47ers" Library
Pre-built templates ready to deploy as micro-services:
- Legal: Settlement gate, takedown gate
- Compliance: KYC onboarding gate, vendor due diligence gate
- Finance: Trading execution gate
- General: Outbound email guard
See the 47ers Library for all templates.
Core Concepts
| Concept | Description |
|---|---|
| UAPK Manifest | JSON document defining an agent's identity, capabilities, and policies |
| Capability Token | Signed tokens that delegate scoped authority with limits |
| Policy Decision | ALLOW, DENY, or ESCALATE based on policy evaluation |
| Approval Workflow | Human review process for escalated actions |
| Interaction Record | Tamper-evident audit log with hash chaining + signatures |
Architecture
| Component | Technology |
|---|---|
| Backend | Python 3.12 + FastAPI |
| Database | PostgreSQL 16 |
| UI | Jinja2 + HTMX (server-rendered) |
| Auth | JWT for humans, API keys for machines |
| Deployment | Docker Compose (dev & production) |
| Signatures | Ed25519 |
See Architecture Overview for details.
Status
Version 0.1.0 - Production-ready core infrastructure.
- Multi-tenant organizations and users
- UAPK manifest validation and storage
- Capability token issuance (Ed25519 JWT)
- Policy engine with ALLOW/DENY/ESCALATE
- Approval workflow with UI and API
- Tamper-evident audit logs with verification
- Operator dashboard
- Docker Compose deployment
- 47ers template library
See the Roadmap for planned features.
License & Support
- Open Source: Apache-2.0 — self-host for free
- Commercial Pilots: Fixed-fee engagements for fast deployment
- Enterprise Support: Custom connectors, SLA, compliance tuning
Contact: mail@uapk.info
Quick Links:
Quickstart | Enterprise | Concepts | API Reference | Security