Why Governance Must Be Deterministic

Most AI safety systems have a hidden flaw: they rely on randomness. Random sampling rates, probabilistic risk scores, non-reproducible evaluation paths. This works fine in a demo. It falls apart in a courtroom.

The Auditability Problem

When a regulator asks “why was this action approved?”, you need to give a deterministic answer. Not “because it had a 73% chance of being safe” — but “because these exact inputs, evaluated against this exact policy, always produce this exact verdict.”

If your governance system uses Math.random() anywhere in the evaluation pipeline, you’ve introduced a fundamental problem: the same agent, making the same request, under the same policy, might get a different result on re-evaluation. That’s not governance — that’s a coin flip with extra steps.

Dealgo’s Deterministic Pipeline

Every governance decision in Dealgo passes through a deterministic pipeline, each stage producing deterministic outputs from deterministic inputs:

Stage 1: Classification

The classification engine transforms raw agent intent into a structured context frame. It classifies the action type, risk tier, reversibility, and scope using deterministic pattern matching — no model inference, no probability. An intent like “Transfer $75,000 to vendor-OFFSHORE-8872” always maps to FINANCIAL_TRANSFER / HIGH / IRREVERSIBLE / EXTERNAL.

Stage 2: Scoring

The DSI scoring engine evaluates the classified intent and produces a 0–100 governance score across four components: structural compliance, scope fidelity, confidence clarity, and escalation awareness. The scoring formula is fixed and deterministic — same inputs, same score. 85+ is LOW risk, 60–85 is MEDIUM, below 60 is HIGH.

Stage 3: Verdict

Threshold-based gating produces a deterministic verdict. Approval requires a minimum score of 50/100. Delay (escalation) triggers at 30/100. These thresholds are system floors — no capsule or runtime configuration can lower them. Per-action filtering catches actions that should be blocked regardless of risk score (like known attack patterns).

Stage 4: Audit

Every decision is hash-chained into a tamper-proof audit record. SSI-conformant. Cryptographically verifiable. When Freeze Mode is active, all operations are denied regardless of score — no exceptions. Escalated actions require explicit founder approval before proceeding.

Hard Gates: Before the Pipeline Even Runs

Before an intent enters the five-stage pipeline, it passes through deterministic guardrails that produce immediate verdicts:

• Guardrail A — Freeze mode active → absolute DENY, no exceptions, no pipeline evaluation
• Guardrail B — Escalation bypass attempts (intents containing “disable governance”, “override founder”, etc.) → immediate DENY
• Guardrail C — Data exfiltration patterns (destination signal + sensitive data signal) → ESCALATE_FOUNDER
• Guardrail D — External URL + bulk transfer language → ESCALATE_FOUNDER

These guardrails use keyword matching against curated signal lists. The signals are explicit and documented: destination signals include “send”, “upload”, “transmit”, “webhook”, “export to”; data signals include “credential”, “token”, “secret”, “private key”, “pii”. No ML classifier, no false-positive variance. A match is a match.

Deterministic Sampling at Scale

At higher trust tiers (Certified and Autonomous), Dealgo samples only a fraction of requests for full evaluation. But the sampling itself must be deterministic. The algorithm:

1. Compute SHA-256(agentId:requestHash:dayBucket) where dayBucket is YYYY-MM-DD in UTC
2. Extract the first 8 hex characters and parse as an integer (0–4,294,967,295)
3. Map to the 0–99 range
4. Compare against the tier’s fullEvalRate threshold

The same agent making the same request on the same day always gets the same sampling decision. Day-bucket rotation provides coverage variation without introducing randomness. An auditor can independently reproduce the sampling decision with the same inputs.

What This Means for Compliance

Deterministic governance transforms AI compliance from a probabilistic assurance (“we evaluate most requests”) to a provable guarantee (“given these inputs and this policy, the verdict is always X”). This matters for:

• SOC 2 Type II — Auditors can verify that the governance pipeline produces consistent results
• HIPAA — Every access decision is reproducible and documented
• GDPR — Right to explanation is satisfied by deterministic decision trails
• SOX — Financial decision governance is provably consistent

The governance kernel doesn’t use heuristics. It uses hash functions, threshold comparisons, and pattern matching. Every decision is a function of its inputs — pure, reproducible, auditable.