Architecture
Yagami separates an application-facing data plane from local administration.
- A client authenticates to
/v1; the bearer key establishes its project. - Request context is normalized and caller sensitivity hints can raise, but never lower, the effective sensitivity.
- Local rules and the local classifier analyze the current request.
- The routing policy chooses a candidate backend.
- The versioned policy engine restricts the route, allowed backends, tools, transformation mode, and retention.
- Sensitive data is subject to the hard local-only invariant.
- The selected backend streams output through Yagami. Output policies can buffer, inspect, redact, or block generated identifiers before delivery.
- A policy passport and content-scrubbed preview are recorded; metrics and traces contain no prompt or response bodies.
- Content-free decision, privacy, replay, and approval events are appended to a project-scoped SHA-256/HMAC chain that can be verified or exported.
The gateway service is shared by Chat Completions, Responses API, MCP, and the
browser WebSocket chat. The browser remains a local administration/demo
surface, while /v1 is the externally supported application data plane.
SQLite is the single-node store. Hidden gateway decision sessions are separated from visible chat sessions through a channel field, so stateless API traffic does not pollute the conversation sidebar.