UTG GaaS 2026.4

The Programmable Financial Protocol

Universal Transaction Gateway (UTG) is high-fidelity financial infrastructure that allows AI agents to interact with the real world securely, legally, and reliably without custodial risk.

Start Onboarding Wizard View the Case Study

Agent Request via OpenClaw

"Action": "defi_eth.request_eth_transfer_reliable"
"Arguments": {
  "to_address": "0xAb580...",
  "amount_eth": 0.05
}

// ⬇️ GATEWAY RESPONSE
"Status": 401: PENDING_HUMAN_SIGNATURE
"Message": "Halted. Strict HITL Enforced. Ask user for their 6-digit PIN on Telegram."

0. The 100% Free Cloudflare Setup

Don't pay for expensive DigitalOcean servers. Because your domain is on Cloudflare, you can host the gateway infrastructure for $0/month.

1. Cloudflare Pages (The Website)

Go to your Cloudflare Dashboard -> Pages. Import this repository and set the Root Directory to docs_site. Point your custom domain (utg.useaima.com) to it.

2. Your Laptop (The Server)

The gateway requires Python and Playwright. Run the server directly on your laptop using utg-server.

3. Cloudflare Tunnels (The Bridge)

Use cloudflared tunnel --url http://localhost:8080 to expose your laptop securely to the world (e.g., api.utg.useaima.com) without opening router ports.

1. Installation

Ensure you have Python 3.10+ installed. Use the tabs below for your platform's specific commands.

PowerShell

# Install the Gateway as a global tool
pip install .

# If Scripts folder isn't on PATH, use:
python -m pip install .

Terminal (Homebrew)

# Install via Pip (Recommended)
pip3 install .

# Ensure Playwright dependencies are met
npx playwright install firefox

Bash

# Install UTG
pip install .

# Setup Playwright Binaries
npx playwright install-deps
npx playwright install firefox

2. The Onboarding Wizard

No coding required! Run our interactive setup to generate your secure Identity Keys and configuration.

Terminal

utg-onboard

NOTE: If the command isn't found, use python src/gateway/utils/onboarding_wizard.py

Connecting to OpenClaw

Our completely revamped onboarding wizard automatically pushes the configuration to your OpenClaw JSON. But if you wish to see how it works under the hood (via WSL Bridge), here is the schema:

~/.openclaw/openclaw.json

"mcp": {
  "servers": {
    "utg-gateway": {
      "command": "/mnt/c/.../python.exe",
      "args": ["/mnt/c/.../src/gateway/server.py"]
    }
  }
}

🌍 Real World Case Study: Automated Investment Bot

Imagine a full-stack financial application built to automate user budgets and investments.

The Problem

If the application connects a user to a standard AI agent to "auto-invest" their capital, giving the AI raw access to private keys or commercial bank logins natively is catastrophically dangerous.

The UTG Gateway Solution

By placing UTG GaaS in the middle, any financial application becomes an Agentic Commerce superpower safely:

1. The AI decides: The OpenClaw agent analyzes the target database and decides, "The user has $50 extra this month, let's execute an investment in ETH."
2. The AI commands: The agent calls the MCP tool request_eth_transfer_reliable.
3. The Gateway HALTS (Safety Sandwich): The Gateway physically cuts the execution. It messages the user directly on Telegram/Slack: "Your automated assistant wants to invest $50. Reply with your 6-digit PIN to approve."
4. Non-Custodial Execution: The user replies "123456". The agent relays this to the Gateway via submit_signature_share. The Gateway verifies the PIN cryptographically and processes the transaction itself using its secured local vault.

⚖️ Legal, Privacy, and Compliance

Enterprise protocols require enterprise governance. The UTG Gateway natively complies with strict regulatory frameworks.

EU GDPR Compliance (Data Residency)

All transactional data, logs, and cryptographic traces are stored locally in the Agent Vault (SQLite). No data is sent to external or custodial servers, guaranteeing perfect adherence to EU data residency laws.

US E-SIGN ACT (Non-Repudiation)

Every executed transaction generates a cryptographic, immutable PDF receipt using Ed25519 signatures. During onboarding, users explicitly type `AGREE` to legally bind their gateway passcode to their identity under the E-SIGN Act.

Terms of Service Policy

1. Non-Custodial Liability: The protocol and the authors have no access to the `ETHEREUM_PRIVATE_KEY` stored on the user's localhost. Users assume full liability for the security of their local environment.

2. AI Indemnification: AI models (OpenRouter, Ollama) are non-deterministic. The protocol mitigates risk via the "Strict HITL Safety Sandwich", but the ultimate fiduciary duty rests with the human supplying the 6-digit signature PIN.

3. Anti-Spoofing: M-Pesa 3.0 integrations require valid Safaricom cryptographic handshake verification. Exploitation of the webhook tunnels violating local financial laws results in automatic reporting.