A secure middleware that intercepts AI agent tool calls to manage risks.
ATLAS Governance Gateway (Phase 2)
A Secure Middleware for AI Agents, powered by FastMCP, Inngest, and Modal.
The ATLAS Governance Gateway is a centralized hub that intercepts AI Agent tool calls, evaluates potential risks using a generic LLM/SLM (hosted on Modal.com), and manages "Human-in-the-Loop" (HITL) escalations via durable Inngest workflows.
Logic Attribution: The governance logic and dataset design are attributed to Anna Ko anna_ko@berkeley.edu (UC Berkeley). This implementation strictly follows the "approve -> auto_approve" deterministic flow for low-risk actions per project v3.0 findings.
๐ Key Features
- Durable Governance: Uses Inngest to manage long-running human review workflows that survive server restarts.
- FastMCP + FastAPI: Exposes Model Context Protocol (MCP) tools via a robust generic web server.
- Risk Evaluation: Real-time checking against EU AI Act standards via
atlas-welfare-v1on Modal. - Compliance: Enforces Article 14 by pausing high-risk actions until human approval is received.
- Secure Deployment: Dockerized environment with secure credential management.
๐ ๏ธ Architecture
sequenceDiagram
participant Agent as AI Agent (MCP Client)
participant GW as Governance Gateway (FastAPI)
participant Modal as Atlas Brain (Modal Evaluation)
participant Inngest as Inngest Workflow
participant Human as Sarah (Human-in-the-Loop)
Agent->>GW: Call Tool (e.g. request_payment_extension)
GW->>Inngest: Trigger Governance Event
GW-->>Agent: Returns "PENDING REVIEW"
Inngest->>Modal: Evaluate Risk (EU AI Act)
Modal-->>Inngest: Risk Score (0-100)
alt Risk Score < 70
Inngest->>Inngest: Auto-Approve Action
else Risk Score >= 70
Inngest->>Inngest: PAUSE & Wait for Human
Human->>GW: POST /webhook/approval (APPROVED)
GW->>Inngest: Send Approval Event
Inngest->>Inngest: Resume & Finalize
end
The system consists of three main components:
Gateway (
gateway.py): A FastAPI application that serves as the entry point.- MCP Server: Mounted at
/mcp/sseto serve Agent tools (check_status,request_extension, etc.). - Inngest Endpoint: Served at
/api/inngestto handle workflow triggers and step execution. - Webhook: Listens at
/webhook/approvalfor external human approval signals.
- MCP Server: Mounted at
Workflows (
workflows.py): Defines the durable business logic.handle_governance: The core workflow that:- Calls Modal to assess risk.
- Auto-approves usage if Risk Score < 70.
- Pauses and waits for
atlas/sarah.decisionevent if Risk Score >= 70.
Agent Integration:
- Any MCP-compliant agent (Claude Desktop, cursor, or custom scripts) can connect to the Gateway.
๐ฆ Installation & Setup
Prerequisites
- Docker Desktop installed and running.
- (Optional)
python 3.10+if running locally without Docker.
Quick Start (Docker)
We provide a setup.sh script to automate the configuration and deployment.
Run the Setup Script:
./setup.shConfiguration: The script will prompt you for:
- Modal Function Name: (Default:
nislam-mics/ATLAS-NIST-Measure) - AI Backend: Choose OpenAI or Local LLM (Ollama).
- Inngest Keys: Event Key and Signing Key (Required for Production).
- Modal Credentials: Token ID and Secret.
Note: The script creates a
.envfile automatically. DO NOT commit this file.- Modal Function Name: (Default:
Usage: The script will build the Docker image
atlas-gatewayand run it on port8000.
๐ Endpoints
Once running, the Gateway exposes the following endpoints on http://localhost:8000:
| Endpoint | Method | Description |
|---|---|---|
/ |
GET | Health check and status. |
/mcp/sse |
GET | MCP Endpoint. Connect your AI Agent here. |
/mcp/messages |
POST | MCP Protocol messages (handled by FastMCP). |
/api/inngest |
POST | Inngest Webhook. Connects to Inngest Cloud. |
/webhook/approval |
POST | Human Approval Webhook. Simulate approval signals. |
๐งช Testing the Governance Flow
1. Manual Verification
Check if the gateway is running:
curl http://localhost:8000/
# Expected: {"status": "ATLAS Governance Gateway Running", ...}
2. End-to-End Simulation
We included a script test_handshake.py that simulates the entire flow without needing an external Agent.
Ensure the Gateway is running (via Docker or locally).
Run the test script:
python test_handshake.pyFlow:
- Script simulates an Agent calling
request_payment_extension(High Risk). - Gateway returns
PENDING REVIEW. - Inngest triggers a workflow run (check Inngest Dashboard).
- Script simulates an Agent calling
Tools (2)
check_statusChecks the health and status of the governance gateway.request_extensionRequests a payment extension, triggering the governance risk evaluation workflow.Environment Variables
MODAL_TOKEN_IDrequiredAuthentication token ID for Modal servicesMODAL_TOKEN_SECRETrequiredAuthentication secret for Modal servicesINNGEST_EVENT_KEYrequiredEvent key for Inngest workflow managementINNGEST_SIGNING_KEYrequiredSigning key for Inngest workflow managementConfiguration
{"mcpServers": {"atlas-gateway": {"command": "docker", "args": ["run", "-i", "--rm", "atlas-gateway"]}}}