From DSG Governance Control Plane
Governance control plane that gates AI agent actions with deterministic safety checks (Z3/SMT), replayable audit trails, compliance evidence packs, and a browser-first executor. Use when you need explainable planning, permission verdicts, and cryptographic proof before executing a plan.
How this skill is triggered — by the user, by Claude, or both
Slash command
/dsg-governance:dsg-action-layer-gedThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
DSG ONE / ProofGate Control Plane is **not** an AI Agent framework.
DSG ONE / ProofGate Control Plane is not an AI Agent framework. It is an AI Governance Control Plane — the layer that decides what Agents are allowed to do, captures cryptographic proof of every decision, and makes those decisions replayable months later.
"Cloudflare = Control Plane of the Internet. Datadog = Control Plane of Observability. DSG = Control Plane of AI Governance."
| User intent | Use this skill |
|---|---|
| "Gate this action before running it" | ✅ Yes — call gate-evaluate first |
| "Why did the AI decide X six months ago?" | ✅ Yes — use replay governance |
| "Get a compliance evidence pack for our audit" | ✅ Yes — use compliance evidence |
| "Execute this plan with a credential and conformance check" | ✅ Yes — Hermes executor |
| "What governance posture should this AI agent run with?" | ✅ Yes — runtime governance |
| "Build a generic AI feature with no governance requirement" | ❌ Out of scope |
Read the relevant reference file before answering or implementing any governance question.
| Capability | When to use | Reference |
|---|---|---|
| Deterministic Safety Gate | Before any agent action — get PASS/BLOCK/REVIEW + proof hash | <references/gate-evaluate.md> |
| Replayable Governance | Audit question: "Why did AI decide X at time T?" | <references/replay-governance.md> |
| Compliance Evidence Pack | Preparing for SOC2 / ISO27001 / EU AI Act / NIST audit | <references/compliance-evidence.md> |
| Runtime Governance | Lifecycle: Before / During / After agent execution | <references/runtime-governance.md> |
| Hermes Controlled Executor | Full Plan → Conformance Check → Credential Grant → Execute → Evidence | <references/hermes-executor.md> |
When a user asks about an AI agent action:
1. PLAN → What is the goal? What is the risk level?
2. GATE → Call POST /api/dsg/v1/gates/evaluate
→ Get gateStatus: PASS | BLOCK | REVIEW
→ Get proofHash (cryptographic evidence)
3. DECIDE → PASS → proceed to execution
REVIEW → show user the plan, require approval
BLOCK → halt, return reason + proof
4. EXECUTE → If PASS or approved REVIEW:
→ Hermes controlled executor (if credential needed)
→ Or direct execution with audit logging
5. COMMIT → POST /api/spine/execute to commit evidence
→ Runtime evidence stored in Supabase
6. REPLAY → Any future audit can replay from stored proof + policy version
| gateStatus | riskLevel | Action |
|---|---|---|
PASS | any | Proceed. Log proofHash. |
REVIEW | low–medium | Show plan to user. Require explicit approval. |
BLOCK | any | Halt. Return reason. Never proceed. |
UNSUPPORTED | low | Map to REVIEW — request human check |
UNSUPPORTED | medium–critical | Map to BLOCK — refuse execution |
UNSUPPORTED is never PASS.
riskLevel: medium or higher.UNSUPPORTED is safe — it maps to REVIEW or BLOCK, never PASS.https://tdealer01-crypto-dsg-control-plane.vercel.app
Set DSG_CONTROL_PLANE_URL to override for local or staging.
All gate/proof/compliance endpoints require:
Authorization: Bearer <DSG_API_KEY>
Obtain API key from the DSG dashboard → API Keys.
Free tier: 50 evaluations/month. Upgrade at /pricing#dsg-gate.
npx claudepluginhub tdealer01-crypto/tdealer01-crypto-dsg-control-plane --plugin dsg-governanceProvides governance patterns for AI agent systems including policy-based access control, intent classification, trust scoring, audit trails, and rate limiting.
Teaches the DashClaw governance protocol for AI agents: risk assessment, guard decision handling (allow/warn/block/require_approval), action recording, approval waiting, and session lifecycle. Loads org policies and capabilities from MCP at session start.
Orchestrates DSG multi-source governance work: UI trust upgrades, action-layer permission gates, deterministic execution, marketplace/enterprise cutover, architecture pages, and production GO/NO-GO validation.