Risk Signal
Approvals are scattered
Finance decisions still happen across email, chat, spreadsheets, ERP notes, and shared folders. That makes policy enforcement inconsistent and hard to prove.
Deterministic Security Gateway · SMT-Verified · WORM Audit
DSG ONE is a runtime governance gateway driven by a Deterministic Security Gateway — policy invariants verified by SMT Solver, every action gated before execution, every decision recorded as a tamper-evident WORM hash chain. EU AI Act Art. 12/14 evidence pack included.
Try before login
Had AI break things before? See proof/demo and ask DSG first — public mode does not execute actions and you don't need to migrate any data.
Runtime Control Room
Submit a high-risk AI, workflow, finance, or deployment action.
DSG ONE resolves policy, entitlement, risk, and approval context.
The deterministic gate returns PASS, BLOCK, REVIEW, or UNSUPPORTED.
The system records proof/gate evidence for audit review.
Policy
Route by policy
Evidence
Evidence at decision time
Exceptions
Review with controls
Public DSG Assistant
Use the chat button at the bottom right or start from the demo page to check whether DSG fits your workflow before requesting access or migrating any data.
Risk Signal
Finance decisions still happen across email, chat, spreadsheets, ERP notes, and shared folders. That makes policy enforcement inconsistent and hard to prove.
Risk Signal
When audit asks who approved a payment, why it was approved, and what evidence was reviewed, teams often reconstruct the story after the fact.
Risk Signal
Urgent payments, missing documents, high-risk vendors, and threshold overrides need controlled escalation before money moves.
Launch Paths
Finance Governance is one governed workflow under DSG ONE. Start with a single invoice or payment path, prove control quality in a bounded pilot, then expand into the daily approval workspace with shared evidence and runtime checks.
🆕 New
ออก Proof Report ให้ลูกค้าก่อนส่งงาน — ยืนยันว่าโค้ด/AI agent ผ่านอะไรแล้ว สำหรับ agency, SaaS, dev team.
ดู Delivery Proof →Path
See the approval queue, case detail, exception posture, and evidence bundle path.
Open finance workspacePath
Start with one invoice or payment approval workflow and prove audit readiness before broad rollout.
Request accessHomepage proof rail
Sample action context demonstrating the policy engine decision path. Fields reflect the live production policy engine output format.
policyVersion 1.0 loaded and all 8 configured deterministic constraints evaluated as pass for this sample request.
Reason: No threshold, actor-role, or replay-protection violations were detected in the sample action context.
Rule references
Actor
AP Maker (sample)
role: finance_maker
Requested action
Submit invoice approval request
sample amount within configured threshold
Policy checks
Gate outcome
Policy version resolved
PASSpolicyVersion observed as 1.0.
Input hash recorded
PASSinputHash present in policy engine output.
Constraint set hash recorded
PASSconstraintSetHash present in policy engine output.
Proof hash recorded
PASSproofHash present in policy engine output.
Structured constraint results
PASSPer-constraint deterministic pass/fail structure present.
Replay nonce present
PASSreplayProtection.nonce present.
Idempotency key present
PASSreplayProtection.idempotencyKey present.
Request hash present
PASSreplayProtection.requestHash present.
Claim Boundary
Production runtime: live policy engine, CCVS v1.2 evidence chain (L1–L5), 2173 tests (229 files), mutation score 72.08%, EU AI Act Annex IV mapping at /api/compliance-evidence-pack/annex4, and compliance-status API at /api/ccvs/compliance-status. Not claimed: external Z3 per-request invocation, JWT/JWKS standalone auth completion, WORM-certified external storage, third-party certification, or ISO/NIST independent audit.