Security

Dealgo is governance infrastructure. Security is not a feature — it is the foundation. Every design decision prioritizes auditability, determinism, and non-bypassability.

Tamper-Evident Audit Chain

  • Every governance decision produces an HMAC-SHA256 hash
  • Each hash chains to the previous decision, forming a tamper-evident sequence
  • Chain integrity is verifiable at any time — a single altered record breaks the chain
  • Audit logs are exportable in CSV, JSONL, and structured evidence pack formats

Authentication & Agent Identity

  • API keys use SHA-256 hashing with timing-safe comparison (no plaintext storage)
  • Ed25519 cryptographic identity rail for agent non-repudiation (Phase C)
  • Challenge-response authentication with 30-second TTL nonces
  • Three auth modes: HMAC challenge, Ed25519 signing, or dual (both required)
  • Scoped API tokens with fine-grained permission control

Governance Invariants

  • Deterministic pipeline — same input always produces same verdict and hash
  • No randomness in governance decisions (spot-check sampling uses deterministic hashing)
  • Escalation authority cannot be disabled or bypassed by any agent
  • System threshold floors enforced on every path, regardless of capsule or tier
  • Capsules use tighten-only validation — no capsule can weaken policy below system floors
  • Strictest-wins merge semantics when multiple capsules apply

Access Control

  • Five-role RBAC hierarchy: agent, auditor, operator, admin, founder
  • Tenant isolation — agents bound to tenants, cross-tenant access denied
  • Workspace-scoped capsule resolution with governance attribution
  • Rate limiting via Upstash Redis (sliding window, per-key)
  • CORS origin whitelist enforcement

Infrastructure Security

  • TLS encryption on all API endpoints
  • JWT-based session management with 30-day expiry
  • Environment variables for all secrets — no hardcoded credentials
  • Sentry error tracking with server-side trace sampling
  • Atomic file writes for state persistence (no partial writes)

Responsible Disclosure

  • Report security vulnerabilities to security@dealgo.io
  • We commit to acknowledging reports within 48 hours
  • We will not take legal action against good-faith security researchers
  • Critical vulnerabilities are patched within 72 hours of confirmation

Report a Vulnerability

If you discover a security vulnerability, please email security@dealgo.io with details. Do not open a public issue.