Core protocol

From intentto authority

Every action passes through a deterministic authorization flow before execution.

Intent
Evaluation
Decision
Receipt
Execution

No bypasses. No silent approvals.

Execution flow

AI asks. TrigGuard decides.

The protocol that stands between AI intent and reality. Every irreversible action passes through authorization, no shortcuts.

Showing the flow, not describing it.

AI agent

AI intent

Execution request

Action submitted to the gate

TrigGuard evaluation

Policy matched against context

Policy decision

Permit Continues to receipt
Deny Execution blocked
Escalate Awaiting approval
Silence No authority issued

Permit path only

Signed receipt

Cryptographic evidence of the decision

Execution

Irreversible action proceeds

Authority outcomes

Four deterministic decisions

Every evaluation resolves to exactly one outcome. Only PERMIT proceeds to execution.

Permit

Action authorized. Execution may proceed with signed receipt.

Deny

Action blocked. Explicit rejection with reason and evidence.

Escalate

Human approval required before execution can proceed.

Silence

No authorization issued. Execution remains blocked.

Trust model

Why the flow is trustworthy

Built for systems where ambiguity is unacceptable and evidence must survive audit.

Deterministic

Same input. Same policy. Same decision, every time.

Fail closed

No authority. No execution. Unreachable gate means blocked action.

Cryptographic proof

Every decision generates a signed evidence artifact.

Offline verification

Receipts verified independently via published keys.

Evidence

Every decision creates evidence

Signed receipt✓ Verified

action: deploy.production
decision: DENY
reason: approval_missing
actor: deploy-agent
receipt: tg_82fj31
signature: ed25519 · verified
keys: /.well-known/trigguard-keys.json

Authorization is not a log line. Each decision produces cryptographically signed proof, audit-ready and independently verifiable.

Decision

PERMIT, DENY, ESCALATE, or SILENCE, explicit and deterministic.

Receipt

Issuer-signed artifact bound to the request and outcome.

Verification

Offline validation against published public keys.

Audit trail

Evidence survives beyond vendor UI and log pipelines.

Real-world impact

What this stops

Irreversible actions blocked before they reach production systems.

Database deletionDENYBulk delete prevented before commit

Production deploymentDENYRelease blocked, approval missing

Mass payment executionDENY£5M wire transfer prevented

Sensitive data exportDENYPHI export blocked at boundary

Infrastructure changesDENYGrid override prevented before OT commit

The authority layer

AI generates intent.
TrigGuard determines whether intent becomes reality.

The protocol specification for AI authority, deterministic, fail-closed, and receipted.

Open Console View Architecture Become Design Partner