UAPK Gateway is an AI agent governance middleware product that provides policy enforcement, human approval workflows, and tamper-evident audit logging for AI agents operating in legal and regulated environments. It is designed for corporate legal departments and law firms deploying AI tools across workflows such as matter intake, contract review, knowledge management, and client communications.

Key features and functions include:

Policy Enforcement Engine Every action proposed by an AI agent — including sending communications, writing to document stores, updating matter records, invoking external APIs, or transferring data — passes through the Gateway's policy engine before execution. The engine evaluates each action against configurable organizational manifests and issues an ALLOW, DENY, or ESCALATE decision. Policy can be configured per organization, per matter, per data class, and per agent.

Tamper-Evident Audit Logging All agent decisions and their associated inputs are recorded in a hash-chained, Ed25519-signed audit log. Records are structured to meet evidentiary standards for regulatory review, internal audit, and court submission. Audit logs support indefinite retention and can be exported in compliance-grade formats.

Human Approval Workflows Actions flagged as high-risk are escalated to a human operator for review prior to execution via a web interface and API. A full audit trail of each escalation decision is maintained alongside the underlying action record.

Prompt Injection and Security Controls The Gateway functions as an action-boundary firewall, labeling untrusted content, validating destinations against policy, and preventing approval token exfiltration. The architecture is designed to fail closed against prompt injection, server-side request forgery (SSRF), and tool-hijack attempts.

Pre-Built Governance Templates (47ers Library) UAPK Gateway includes a library of pre-configured governance templates covering common regulated legal workflows, including IP settlement negotiation, DMCA takedown management, vendor due diligence, and outbound email controls. Templates include predefined policy manifests, approval thresholds, and audit rules.

Workflow Orchestrator Integrations The Gateway integrates with automation platforms including Make.com, Zapier, n8n, and Langflow, allowing organizations to apply governance controls to AI actions within existing workflow infrastructure. A Python SDK and REST API support direct integration with bespoke environments.

Flexible Deployment The Gateway core is released under the Apache 2.0 license and is deployable via Docker in self-hosted environments, supporting data residency and confidentiality requirements. The product is model-agnostic and compatible with AI systems from multiple providers. Commercial engagements are structured as fixed-fee pilots or blueprint packages delivered through Lawkraft.