Knowledge base
Browse by topic
Explore the knowledge hub
Knowledge base
Popular questions
Category
What is Execution Authorization?
The infrastructure category for controlling whether automated actions proceed before they happen. Unlike IAM (who) or observability (what happened), Execution Authorization governs what is allowed to happen next, with deterministic outcomes and cryptographic receipts.
How is it different from IAM?
IAM authenticates and authorizes users and roles. Execution Authorization evaluates actions at the moment of execution, deploy, transfer, delete, export, regardless of who triggered them. See policy engines comparison.
How is it different from observability?
Logs and SIEM detect events after execution. Execution Authorization controls before execution, no receipt, no action. Why logs cannot prevent actions.
Security & governance
Why fail-closed?
If the authority layer is unreachable or ambiguous, execution is blocked by default. Fail-closed design.
What counts as an execution surface?
Any path where automation triggers side effects: APIs, agent tools, payments, data export, infrastructure operations, and OT actions. Execution surfaces.
Can TrigGuard run air-gapped?
Yes. Enterprise and critical infrastructure programmes support isolated clusters and customer-controlled environments. Sovereign deployment.
Verification & integration
How are receipts verified?
Every decision produces an Ed25519-signed receipt. Verify offline against published keys. Independent verification.
How does TrigGuard integrate?
SDK intercepts actions, Gate evaluates policy, Verify issues receipts. Integrations · Quickstart.
Where is system status?
Operational health and updates at /status.