Initial release: UnitOne AgentGateway

UnitOne's wrapper around the AgentGateway project, providing:

- WASM-based Python security guards for MCP protocol
- Server Spoofing & Whitelisting Guard implementation
- Terraform infrastructure for Azure deployment
- Multi-scope configuration support
- MIT License

The agentgateway submodule contains the WASM guard runtime framework.

Author: surinderunitone

.dockerignore

@@ -0,0 +1,92 @@
+# Rust build artifacts
+agentgateway/target/
+**/target/
+# Exception: Allow pre-built binary for Docker image
+!agentgateway/target/release/agentgateway
+
+# Git directories
+.git/
+**/.git/
+
+# IDE directories
+.vscode/
+.idea/
+**/.vscode/
+**/.idea/
+
+# Temporary files
+*.tmp
+*.log
+**/*.tmp
+**/*.log
+
+# Node modules
+node_modules/
+**/node_modules/
+
+# Next.js build artifacts
+.next/
+**/.next/
+out/
+**/out/
+# Exception: Allow UI build output for Docker image
+!agentgateway/ui/out/
+
+# Test artifacts
+test-results/
+coverage/
+
+# Documentation and README files (not needed in builds)
+*.md
+docs/
+documentation/
+
+# CI/CD configurations
+.github/
+.gitlab-ci.yml
+azure-pipelines.yml
+.circleci/
+
+# Scripts (deploy scripts not needed in image)
+scripts/
+*.sh
+# Exception: Allow entrypoint script for Docker image
+!entrypoint.sh
+
+# Examples and test code
+examples/
+**/examples/
+tests/
+**/tests/
+
+# Environment files
+.env
+.env.*
+*.env
+
+# macOS files
+.DS_Store
+
+# Build logs
+*.log
+**/*.log
+/tmp/
+
+# Lock files (except Cargo.lock which is needed)
+!Cargo.lock
+!agentgateway/Cargo.lock
+package-lock.json
+
+# Terraform
+terraform/
+*.tf
+*.tfvars
+
+# Docker files (not needed inside container)
+Dockerfile*
+.dockerignore
+
+# Git files
+.gitignore
+.gitattributes
+.gitmodules

.github/REBUILD_TRIGGER.txt

@@ -0,0 +1 @@
+# Trigger rebuild with health probe fix

.github/workflows/azure-deploy.yml

@@ -0,0 +1,162 @@
+# UnitOne AgentGateway - Azure Deployment Workflow
+#
+# This workflow:
+# 1. Runs local tests on push/PR (no Azure required)
+# 2. Builds and deploys to Azure Container Apps (requires secrets)
+#
+# Required GitHub Secrets (for deployment):
+# - AZURE_CREDENTIALS: Azure service principal credentials (JSON)
+# - ACR_NAME: Your Azure Container Registry name (e.g., myacr)
+# - RESOURCE_GROUP: Your Azure resource group name
+# - CONTAINER_APP_NAME: Your Container App name
+
+name: CI/CD
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment to deploy to'
+        required: true
+        default: 'dev'
+        type: choice
+        options:
+          - dev
+          - staging
+          - prod
+
+jobs:
+  # Basic validation - always runs, no secrets needed
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository with submodules
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+
+      - name: Validate Dockerfile
+        run: |
+          echo "Checking Dockerfile.acr exists..."
+          test -f Dockerfile.acr
+          echo "✓ Dockerfile.acr found"
+
+      - name: Validate config files
+        run: |
+          echo "Checking config files..."
+          test -f azure-config.yaml
+          echo "✓ azure-config.yaml found"
+          test -f terraform/main.tf
+          echo "✓ terraform/main.tf found"
+
+      - name: Check submodule
+        run: |
+          echo "Checking agentgateway submodule..."
+          test -f agentgateway/Cargo.toml
+          echo "✓ Submodule initialized correctly"
+
+  # Azure deployment - only runs if secrets are configured
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    needs: [validate]
+    # Only run on push to main or workflow_dispatch, and only if secrets exist
+    if: |
+      (github.event_name == 'push' && github.ref == 'refs/heads/main') ||
+      github.event_name == 'workflow_dispatch'
+
+    steps:
+      - name: Check if Azure secrets are configured
+        id: check-secrets
+        run: |
+          if [ -n "${{ secrets.AZURE_CREDENTIALS }}" ] && [ -n "${{ secrets.ACR_NAME }}" ]; then
+            echo "has_secrets=true" >> $GITHUB_OUTPUT
+          else
+            echo "has_secrets=false" >> $GITHUB_OUTPUT
+            echo "⚠️ Azure secrets not configured - skipping deployment"
+            echo "To enable deployment, configure these repository secrets:"
+            echo "  - AZURE_CREDENTIALS"
+            echo "  - ACR_NAME"
+            echo "  - RESOURCE_GROUP"
+            echo "  - CONTAINER_APP_NAME"
+          fi
+
+      - name: Checkout repository with submodules
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+          fetch-depth: 0
+
+      - name: Determine environment and tag
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        id: config
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            ENV="${{ inputs.environment }}"
+          else
+            ENV="dev"
+          fi
+
+          TAG="${{ github.sha }}"
+          SHORT_SHA=$(echo ${TAG} | cut -c1-7)
+
+          echo "environment=${ENV}" >> $GITHUB_OUTPUT
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
+          echo "short_sha=${SHORT_SHA}" >> $GITHUB_OUTPUT
+
+      - name: Azure Login
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        uses: azure/login@v1
+        with:
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Build and push Docker image to ACR
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        run: |
+          az acr build \
+            --registry ${{ secrets.ACR_NAME }} \
+            --image unitone-agentgateway:${{ steps.config.outputs.short_sha }} \
+            --image unitone-agentgateway:latest \
+            --file Dockerfile.acr \
+            --platform linux/amd64 \
+            .
+
+      - name: Deploy to Azure Container App
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        run: |
+          az containerapp update \
+            --name ${{ secrets.CONTAINER_APP_NAME }} \
+            --resource-group ${{ secrets.RESOURCE_GROUP }} \
+            --image ${{ secrets.ACR_NAME }}.azurecr.io/unitone-agentgateway:${{ steps.config.outputs.short_sha }}
+
+      - name: Verify deployment
+        if: steps.check-secrets.outputs.has_secrets == 'true'
+        run: |
+          sleep 30
+
+          STATUS=$(az containerapp show \
+            --name ${{ secrets.CONTAINER_APP_NAME }} \
+            --resource-group ${{ secrets.RESOURCE_GROUP }} \
+            --query properties.runningStatus \
+            -o tsv)
+
+          if [ "$STATUS" != "Running" ]; then
+            echo "Deployment failed: status is $STATUS"
+            exit 1
+          fi
+
+          URL=$(az containerapp show \
+            --name ${{ secrets.CONTAINER_APP_NAME }} \
+            --resource-group ${{ secrets.RESOURCE_GROUP }} \
+            --query properties.configuration.ingress.fqdn \
+            -o tsv)
+
+          echo "Deployment successful!"
+          echo "UI URL: https://${URL}/ui"
+          echo "MCP Endpoint: https://${URL}/mcp"