Governance policy shouldn’t be a monolithic configuration file that someone edits by hand and hopes for the best. It should be composable, versioned, and cryptographically bound to every decision it influences. Dealgo achieves this through Governance Capsules.
What Is a Capsule?
A capsule is a self-contained JSON policy bundle that defines all governance parameters for the evaluation pipeline. It specifies thresholds for each pipeline stage, escalation triggers, chain risk settings, authentication requirements, cooldown periods, and tenant isolation rules.
Here’s a simplified capsule structure:
{
"governance": {
"scoring": {
"driftKeywords": ["credential", "password", "secret"]
},
"verdict": { "riskThreshold": "HIGH" },
"escalation": {
"triggers": ["CRITICAL", "HIGH_MONEY_TRANSFER"],
"requiredForHighRisk": true
},
"thresholds": {
"approveMin": 50,
"delayMin": 30
}
},
"auth": { "minAuthMode": "ed25519" },
"cooldown": {
"baseMs": 30000,
"maxMs": 600000
}
}Every capsule is immutable once activated. You don’t edit a capsule — you create a new version. The old version remains in the audit trail, cryptographically linked to every decision it governed.
Policy Hashing: Binding Decisions to Policy
When a capsule is activated, Dealgo computes its SHA-256 hash from the canonical JSON representation (keys sorted, deterministic serialization). This policy hash is recorded alongside every governance decision in the audit chain.
This binding is critical. When an auditor reviews a decision from three months ago, they can verify exactly which policy was in effect. The same capsule always produces the same hash. A single parameter change produces a completely different hash. There’s no ambiguity about what rules governed a particular decision.
Three Built-In Capsules
Dealgo ships with three capsules that cover common governance postures:
- default — Balanced thresholds for general-purpose agents. Advisory chain risk analysis, standard reflection requirements. Good for most production workloads.
- soc2-strict — Maximum strictness. Forces sandbox-tier evaluation rates (100% of requests evaluated). Mandatory for the Sandbox governance tier and compliance-critical deployments.
- hipaa-clinical — Highest assurance configuration designed for healthcare data access. Extended cooldowns, strict authentication, enhanced data classification sensitivity.
Tighten-Only Validation
Capsules follow a strict tighten-only rule: a capsule can make governance stricter, but it can never weaken it. When you activate a new capsule, the system validates that no threshold has been lowered below system floors, no escalation trigger has been removed without replacement, and no security boundary has been relaxed.
System floors are non-negotiable minimums hardcoded into the kernel:
SYSTEM_FLOORS = {
thresholds: { approve: 50, delay: 30 },
cooldown: { baseMinMs: 30_000, maxCapMs: 600_000 }
}No capsule — not even one crafted by an administrator — can set the approval threshold below 50 or the delay threshold below 30. Any attempt is rejected with a THRESHOLD INTEGRITY VIOLATION and logged to the audit chain.
Strictest-Wins Merge Semantics
When multiple capsules apply to the same decision (for example, a workspace capsule and a global capsule), Dealgo merges them using strictest-wins semantics. For every parameter, the system takes the more restrictive value:
- Higher approval thresholds win
- More escalation triggers win (union, not intersection)
- Shorter cooldowns lose to longer cooldowns
- Stricter authentication modes win
This means you can layer capsules without fear of accidental weakening. A team can define workspace-level policy, and the platform can enforce global floors, and the strictest combination always applies.
Capsules and the Audit Chain
Every governance decision records both a decision hash (SHA-256 of the verdict substance) and a policy hash (SHA-256 of the active capsule). Together, these create a cryptographic proof that ties what happened to why it happened under which rules.
The audit chain is an HMAC-SHA256 linked sequence of records. Each record’s signature becomes the next record’s previousHash, creating a tamper-evident chain. If any record is modified after the fact — even a single character — the chain breaks and verification fails.
When you export an evidence pack for compliance review, it contains the full audit chain (NDJSON format), all decision receipts, the active policy, RATP scenario results, and a standalone verifier script. An auditor can run the verifier offline with zero dependencies to independently confirm chain integrity.
Composability in Practice
Consider a real deployment scenario: you have a team running three agents — one for data analysis, one for customer communications, and one for financial operations. Rather than writing one massive policy document, you compose capsules:
- The platform enforces the
defaultcapsule globally - The financial operations agent gets the
soc2-strictcapsule layered on top - The data analysis agent starts in Sandbox tier (automatic
soc2-strict) - The communications agent, proven over weeks, operates at Certified tier with the workspace capsule
Each agent gets governance proportional to its trust level and operational domain. The policy is auditable, composable, and cryptographically verifiable. And no configuration anywhere in the stack can weaken it below system floors.
Why Immutability Matters
Mutable policy is a compliance liability. If you can edit a policy retroactively, how does an auditor know what rules were in effect three months ago? Dealgo eliminates this ambiguity. Capsules are versioned, hashed, and linked to decisions. The audit trail is the source of truth, and it’s cryptographically sealed.
This is governance infrastructure, not governance theater. Every parameter is explicit, every change is recorded, and every decision is reproducible. When the regulator asks “what policy governed this agent on February 15th?”, the answer is a hash — and the hash is verifiable.