DSG

DSG ONE

ProofGate Control Plane

Deterministic Security Gateway · SMT-Verified · WORM Audit

Govern AI actions before they reach production.

DSG ONE is a runtime governance gateway driven by a Deterministic Security Gateway — policy invariants verified by SMT Solver, every action gated before execution, every decision recorded as a tamper-evident WORM hash chain. EU AI Act Art. 12/14 evidence pack included.

Try before login

Had AI break things before? See proof/demo and ask DSG first — public mode does not execute actions and you don't need to migrate any data.

Deterministic Engine — Gap-free sequences · SHA-256 hash chains · Merkle tree proofs · SARIF export
WORM Audit Trail — Every decision immutable · Chain verification · Tamper detection · Enterprise compliance
EU AI Act Ready — Art. 12/14 evidence pack · ISO 42001 · CCVS v1.2 · 2173 tests · 72.08% mutation score

Runtime Control Room

Governed Action Stack

Ready
1

Submit a high-risk AI, workflow, finance, or deployment action.

2

DSG ONE resolves policy, entitlement, risk, and approval context.

3

The deterministic gate returns PASS, BLOCK, REVIEW, or UNSUPPORTED.

4

The system records proof/gate evidence for audit review.

Policy

Route by policy

Evidence

Evidence at decision time

Exceptions

Review with controls

Public DSG Assistant

Ask before logging in — no actions executed

Use the chat button at the bottom right or start from the demo page to check whether DSG fits your workflow before requesting access or migrating any data.

Risk Signal

Approvals are scattered

Finance decisions still happen across email, chat, spreadsheets, ERP notes, and shared folders. That makes policy enforcement inconsistent and hard to prove.

Risk Signal

Audit evidence is rebuilt by hand

When audit asks who approved a payment, why it was approved, and what evidence was reviewed, teams often reconstruct the story after the fact.

Risk Signal

Exceptions are risky and invisible

Urgent payments, missing documents, high-risk vendors, and threshold overrides need controlled escalation before money moves.

Launch Paths

Move from one governed workflow to a real operating surface.

Finance Governance is one governed workflow under DSG ONE. Start with a single invoice or payment path, prove control quality in a bounded pilot, then expand into the daily approval workspace with shared evidence and runtime checks.

🆕 New

AI Delivery Proof

ออก Proof Report ให้ลูกค้าก่อนส่งงาน — ยืนยันว่าโค้ด/AI agent ผ่านอะไรแล้ว สำหรับ agency, SaaS, dev team.

ดู Delivery Proof →

Path

Finance Governance Workspace

See the approval queue, case detail, exception posture, and evidence bundle path.

Open finance workspace

Path

Enterprise Pilot

Start with one invoice or payment approval workflow and prove audit readiness before broad rollout.

Request access

Homepage proof rail

Live deterministic gate evidence

Sample action context demonstrating the policy engine decision path. Fields reflect the live production policy engine output format.

PASSPassed because policyVersion 1.0 loaded and all 8 configured deterministic constraints evaluated as pass for this sample request.
Demo: Sample action context (homepage proof rail demo)

policyVersion 1.0 loaded and all 8 configured deterministic constraints evaluated as pass for this sample request.

Reason: No threshold, actor-role, or replay-protection violations were detected in the sample action context.

Rule references

  • policyVersion:1.0
  • solver:static_check@dsg-deterministic-ts-0.0.0
  • constraintsChecked:8

Action path graph

Demo data: Sample action context (homepage proof rail demo)

Actor

AP Maker (sample)

role: finance_maker

Requested action

Submit invoice approval request

sample amount within configured threshold

Policy checks

  • Policy version: 1.0 observed
  • Replay protection: nonce/idempotency/request hash present
  • Constraint engine: static_check deterministic evaluation

Gate outcome

PASSFinal decision: ALLOW in sample action context

Constraints checked

Demo data: Sample action context (homepage proof rail demo)
  • Policy version resolved

    PASS

    policyVersion observed as 1.0.

  • Input hash recorded

    PASS

    inputHash present in policy engine output.

  • Constraint set hash recorded

    PASS

    constraintSetHash present in policy engine output.

  • Proof hash recorded

    PASS

    proofHash present in policy engine output.

  • Structured constraint results

    PASS

    Per-constraint deterministic pass/fail structure present.

  • Replay nonce present

    PASS

    replayProtection.nonce present.

  • Idempotency key present

    PASS

    replayProtection.idempotencyKey present.

  • Request hash present

    PASS

    replayProtection.requestHash present.

Claim Boundary

Production runtime: live policy engine, CCVS v1.2 evidence chain (L1–L5), 2173 tests (229 files), mutation score 72.08%, EU AI Act Annex IV mapping at /api/compliance-evidence-pack/annex4, and compliance-status API at /api/ccvs/compliance-status. Not claimed: external Z3 per-request invocation, JWT/JWKS standalone auth completion, WORM-certified external storage, third-party certification, or ISO/NIST independent audit.