LlamaGuard (and similar input/output classifiers) answer "is this text in a disallowed category?" They are part of a strong model safety program. They do not, by themselves, answer "may this specific HTTP call move money or mutate production?"
TrigGuard sits on the execution path: policy version, surface id, and request context are evaluated; only PERMIT authorizes the downstream client. Decisions are recorded in Ed25519-signed receipts you verify offline.
Use both where appropriate: classifiers for generation policy; TrigGuard for irreversible actuation.
Compare: guardrails vs execution authorization (general)
Blog: runtime authorization vs guardrails