DSG

DSG ONE

ProofGate Control Plane

Control Template Library

Reusable AI action governance controls

DSG ONE control templates help compliance teams and consultants operationalize deterministic gates, evidence requirements, approval rules, customer key custody, deploy gating, and signed evidence workflows.

Total controls

10

Implemented

9

Planned

1

Action map

Each card below is actionable. Use the buttons to open the related queue, evidence page, deploy gate, monitor flow, or raw JSON template export.

Organization and actor identity required

implemented

Require organization, actor, and actor role before an AI-proposed action can be evaluated.

Category

identity

Recommended mode

any

Default risk

medium

Approval required

no

Required evidence

orgIdactorIdactorRole

Tool registration required

implemented

Require the target tool/action to be registered before execution or audit commit.

Category

runtime

Recommended mode

gateway

Default risk

medium

Approval required

no

Required evidence

toolNameactionconnectorRecord

Requested action must match registered action

implemented

Block mismatched tool/action requests before execution.

Category

runtime

Recommended mode

any

Default risk

medium

Approval required

no

Required evidence

toolNameactionactionMatchesTool

High-risk action approval required

implemented

Route high-risk or approval-required actions to review before execution.

Category

approval

Recommended mode

monitor

Default risk

high

Approval required

yes

Required evidence

riskrequiresApprovaldecision

Evidence writable before allow

implemented

Fail closed if audit evidence cannot be written before an allow decision is returned.

Category

evidence

Recommended mode

monitor

Default risk

high

Approval required

no

Required evidence

auditTokenrequestHashdecisionHash

Request and result hash proof

implemented

Produce requestHash before execution and recordHash after execution or audit commit.

Category

evidence

Recommended mode

any

Default risk

medium

Approval required

no

Required evidence

requestHashrecordHash

Customer key custody preserved

implemented

Use Monitor Mode when the customer must keep API keys and execution inside its own runtime.

Category

runtime

Recommended mode

monitor

Default risk

high

Approval required

no

Required evidence

auditTokencustomerRuntimeResultrecordHash

CI/CD deploy gate

implemented

Gate production deployment readiness and protected-route behavior in GitHub Actions.

Category

deployment

Recommended mode

deploy_gate

Default risk

high

Approval required

no

Required evidence

verdictreadinessStatusevidenceHash

Signed evidence bundle

implemented

Export a portable evidence bundle with bundleHash, eventHashes, and signature metadata.

Category

evidence

Recommended mode

any

Default risk

medium

Approval required

no

Required evidence

bundleHasheventHashessignature

PDF evidence report

planned

Generate a human-readable evidence report for consultants, reviewers, and buyers.

Category

evidence

Recommended mode

any

Default risk

medium

Approval required

no

Required evidence

reportPdfbundleHash

Boundary

DSG ONE control templates support governance workflow adoption. They are not certification claims by themselves and do not guarantee compliance without proper implementation, review, and operating controls.