DSG

DSG ONE

ProofGate Control Plane

REST API — no SDK required

Integrate DSG ONE in 5 minutes

Three API calls. No installation. Works with any language, any AI framework. Your agent declares its intent — DSG ONE gates every action with a cryptographic stamp.

Base URLhttps://tdealer01-crypto-dsg-control-plane.vercel.app/api/try/gateNo auth required for trial
Examples in:
01

Declare your session

Tell DSG ONE which actions your agent is allowed to perform — before it runs.

Every agent session starts with a declaration. This is your contract: the gate will only allow actions that match what you declared here.

cURL
curl -X POST https://tdealer01-crypto-dsg-control-plane.vercel.app/api/try/gate \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "my-agent-run-001",
    "declared_actions": [
      "read database",
      "send email",
      "update user record"
    ],
    "ttl_minutes": 30
  }'
Response
{
  "ok": true,
  "decision": "ALLOW",
  "session_id": "my-agent-run-001",
  "declaration_stamp": "DSG-A4B2C1D3",
  "declared_actions": ["read database", "send email", "update user record"],
  "ttl_minutes": 30,
  "expires_at": "2026-05-18T05:02:00.000Z",
  "agent_guidance": {
    "message": "Session declared. Gate is active for 30 minutes."
  }
}
02

Gate every action

Before your agent executes anything, ask the gate. Gets a cryptographic stamp if allowed.

Send the action string to the gate before your agent runs it. If the action matches your declaration, you get an ALLOW stamp. If not — or if it matches a permanently blocked pattern — you get BLOCK with full guidance.

cURL
curl -X POST https://tdealer01-crypto-dsg-control-plane.vercel.app/api/try/gate \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "my-agent-run-001",
    "action": "send email to user@example.com"
  }'
Response
{
  "decision": "ALLOW",
  "stamp": "DSG-X9K3M7P2",
  "action": "send email to user@example.com",
  "session_state": {
    "session_id": "my-agent-run-001",
    "declared_actions": ["read database", "send email", "update user record"],
    "stamps_issued": 1,
    "blocked_count": 0,
    "ttl_remaining_min": 29
  }
}
03

Handle ALLOW and BLOCK

ALLOW comes with a cryptographic stamp. BLOCK comes with full agent guidance.

When an action is blocked, the gate returns the reason, what alternatives are available, and a suggested prompt so your LLM can self-correct — without human intervention.

cURL
# Try a blocked action:
curl -X POST https://tdealer01-crypto-dsg-control-plane.vercel.app/api/try/gate \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "my-agent-run-001",
    "action": "delete all user records"
  }'
Response
{
  "decision": "BLOCK",
  "reason": "Pattern "delete\\s+all" is permanently blocked regardless of declaration",
  "blocked_action": "delete all user records",
  "session_state": {
    "session_id": "my-agent-run-001",
    "declared_actions": ["read database", "send email", "update user record"],
    "stamps_issued": 1,
    "blocked_count": 1,
    "ttl_remaining_min": 28
  },
  "agent_guidance": {
    "can_proceed_with": ["read database", "send email", "update user record"],
    "suggested_llm_prompt": "Your action \"delete all user records\" was blocked by DSG Gate. You can still perform: read database, send email, update user record. Choose an alternative or stop."
  }
}

What the stamp proves

Every ALLOW response includes a cryptographic stamp. This is your audit evidence.

🔒

Tamper-proof

The stamp is generated server-side and tied to your session ID and action. It cannot be forged or replayed.

📋

EU AI Act Art. 12

Every gated action is logged with timestamp and decision. Satisfies record-keeping requirements for high-risk AI.

🤖

Self-healing agents

BLOCK responses include a suggested prompt so your LLM can decide next steps without human intervention.

Full working example

Copy-paste this to run a complete agent session with declare → gate → execute.

agent_example.py
import requests

BASE = "https://tdealer01-crypto-dsg-control-plane.vercel.app/api/try/gate"

def declare(session_id: str, actions: list[str], ttl: int = 60) -> dict:
    return requests.post(BASE, json={
        "session_id": session_id,
        "declared_actions": actions,
        "ttl_minutes": ttl,
    }).json()

def gate(session_id: str, action: str) -> dict:
    return requests.post(BASE, json={
        "session_id": session_id,
        "action": action,
    }).json()

# 1. Declare at the start of your agent run
session = declare(
    session_id="invoice-processor-run-42",
    actions=["read invoice", "validate amount", "send payment confirmation"],
)
assert session["decision"] == "ALLOW", "Session declaration failed"

# 2. Gate every action before executing
actions_to_run = [
    "read invoice from database",
    "validate amount against threshold",
    "send payment confirmation email",
    "delete all invoices",  # this will be blocked
]

stamps = []
for action in actions_to_run:
    result = gate("invoice-processor-run-42", action)
    if result["decision"] == "ALLOW":
        stamp = result["stamp"]
        stamps.append(stamp)
        # Execute with cryptographic proof
        run_action(action, audit_stamp=stamp)
    else:
        # Log and skip — do not execute
        print(f"BLOCKED: {action}")
        print(f"Reason: {result['reason']}")
        break

print(f"Completed {len(stamps)} actions with audit stamps: {stamps}")

Trial limits

  • · 60 requests / minute
  • · Sessions expire after TTL (default 60 min)
  • · No API key required for trial
  • · Production accounts: unlimited with API key

Permanently blocked actions

  • delete all / drop table / truncate
  • bypass policy / override gate
  • rm -rf / format disk
  • exfiltrate / steal data

Ready to protect production?

Get an API key, connect your agent, and generate your first compliance-ready audit trail.

No credit card · 5-minute setup · REST API — no SDK