💡 Inspiration We are witnessing a revolution in software engineering. Autonomous coding agents like Cursor, Claude, and GitHub Copilot are writing code at unprecedented speeds. However, as enterprise developers, we noticed a massive bottleneck preventing their wide-scale adoption in corporate environments: Trust.
If you give an autonomous agent access to a codebase, it will happily write code, but it has no persistent memory of the company's "Code Soul" (architectural rules) or "Minefield History" (past mistakes). Furthermore, letting an agent push code directly to production without human oversight is a security nightmare. We realized that autonomous doesn't mean unsupervised.
This inspired us to build Universal Agent OS—a governance framework that enforces a Secure Software Development Lifecycle (SSDL) for AI coding agents. With our solution, even the most amateur developer can simply drop our AGENTS.md file into their repository, and their wild AI instantly transforms into a strictly governed, UiPath-compliant mentor.
⚙️ What it does Universal Agent OS treats AI coding agents like new employees who must follow strict company protocols before touching the keyboard. It wraps the agent's workflow inside a UiPath Maestro BPMN orchestration.
When a developer assigns a task in their IDE:
The Zero-Leak Lock: Before asking a single technical question or writing a line of code, the agent is forced by its rules to run a Python script (labs_smoke_test.py) in its own terminal to register the session with UiPath Orchestrator. Human-in-the-Loop (Action Center): The agent halts completely. The task is sent to UiPath Action Center. The agent refuses to proceed until a Lead Developer explicitly clicks Approve. Phase-0 Alignment & Phase-1 Planning: Once unlocked, the agent cannot just write code. It must conduct a "Phase-0" scoping interview (e.g., locking pricing models or tech-stack rules) and then generate strict markdown planning documents (AGENT_OS_PLAN_TEMPLATE.md). Collective Memory (Data Service): Every decision, session, and architectural rule is synced to UiPath Data Service, creating a permanent corporate memory. Future agents read this data to avoid repeating past mistakes. 🛠️ How we built it & Reality Disclosure We architected the solution around the UiPath Automation Cloud suite, utilizing it in a highly unconventional way—to govern AI itself:
UiPath Maestro (BPMN): Acted as the core orchestrator. We provided a portable phase0_alignment.bpmn process spec in our repo to prove the orchestration logic. UiPath Action Center: Served as the perfect Human-in-the-loop (HITL) gateway. We integrated this directly into the agent's IDE workflow. UiPath Data Service: Replaced transient agent memory with persistent cloud entities. We modeled live entities for CodeSoulRule and MinefieldHistory. Python Backend (Strict Real Mode): We built custom Python connectors. To prove enterprise readiness, our code features a "Strict Real Mode" that enforces UiPath OAuth variables and intentionally crashes rather than falling back to mock data if cloud credentials fail. The IDE is the Dashboard: Instead of building a fake simulation UI, we governed the agents directly inside their native habitat (VS Code / GitLab Web IDE terminal). 🤖 Built-With Coding Agents (Bonus Claim): We didn't just build a governance system for agents; we used agents to build it. We dogfooded our own philosophy by pair-programming this entire prototype using Google Gemini 3.1 Pro and GitLab Duo. We actively applied our SSDL rules to keep these agents in check during the hackathon. 🔥 Live Proof (Strict Real Mode): This is not a concept or a mock simulation. The latest demo runs in "Strict Real Mode" directly against the live UiPath Automation Cloud. Our Python connector creates a real Orchestrator job (ID: 691485842), a real Action Center Form Task (ID: 4173555), and inserts a real MinefieldHistory record into Data Service (Record: 5A67AC0F-6E6C-F111-8FCB-0022489A9A06). You can verify this raw execution evidence in our repository under docs/labs/strict_real_mode_output.txt.
⚠️ Challenges we ran into The biggest challenge was stopping LLMs from hallucinating API responses and skipping security gates. AI agents are notoriously eager to bypass instructions and just "write the code." We solved this by inventing the "Zero-Leak Lock". We forced the agent to use its own terminal execution tool to run our Python script, read the actual JSON output from UiPath, and physically wait for the Action Center approval before proceeding.
Bridging the gap between traditional DevOps environments (where rules are kept in .md files) and Cloud Orchestration was another hurdle. We built a Python parser that extracts rules from markdown and dynamically syncs them as JSON payloads to UiPath Data Service, keeping the physical repository and the Cloud 100% synchronized.
🏆 Accomplishments that we're proud of We are incredibly proud of proving that BPMN Orchestration can successfully govern non-deterministic AI. We are also proud of our "Collective Memory" concept. In standard workflows, if an agent makes a mistake, the human developer fixes it locally, but the next agent will make the exact same mistake tomorrow. With Universal Agent OS, when an agent's plan is rejected or modified, that lesson is pushed to the MinefieldHistory in Data Service. The next agent will see that mistake and avoid it globally. We effectively built a self-improving AI governance loop.
📚 What we learned We learned that the UiPath suite is not just for automating business tasks (like invoice processing or HR onboarding). Its core tools—especially Maestro, Action Center, and Data Service—are uniquely positioned to solve one of the biggest problems in modern Software Engineering: orchestrating and securing Large Language Models (LLMs).
🚀 What's next for Universal Agent OS Our next goal is to introduce Multi-Agent Orchestration. Imagine UiPath Maestro orchestrating a "Coder Agent," a "Reviewer Agent," and a "QA Agent" in a single BPMN pipeline, where they argue and refine code before it ever reaches the human in Action Center. We also plan to integrate an automated AI Risk Scoring step before human review, and eventually publish the Universal Agent OS integration connector to the UiPath Marketplace.
Log in or sign up for Devpost to join the conversation.