TrigGuard
TRIGGUARD
Open Console

DEVELOPER ONBOARDING

Execution starts with your organization.

Deterministic authorization before irreversible execution. Signup is required: create an org, receive a tg_live_* key, then run authenticated executes on the production rail.

  • Production execution rail active
  • Authenticated enforcement required
  • Replay verification available
  • Signed receipt lineage enabled

1,000 executes/month on the free developer plan. Per-org metering - not anonymous access.

Create developer organization Request enterprise access View integration docs

Production gateway: https://api.trigguardai.com/execute · JSON in, JSON out · Fail-closed on missing auth or quota

Onboarding flow

  1. Create organization

    Signup creates org identity. Free developer plan attached. Governance history is tied to your org.

  2. Issue API key

    Control plane issues tg_live_* once. Store as TRIGGUARD_API_KEY in CI secrets - identity-bound execution.

  3. Run execute

    Authenticated POST /execute on the production rail. Responses return PERMIT, DENY, or SILENCE - plain policy outcomes, not a silent allow.

  4. Receive signed receipt

    decision, execution_id, receiptHash, and authoritySignature anchor replay and operator history under your org.

Why organization identity is required

Without attributable organization identity:

  • ReplayLineage breaks - no stable per-org replay path
  • ReceiptsOwnership breaks - artifacts cannot bind to your authority
  • LineageExecution history fragments across anonymous calls
  • AuditAttribution weakens for operators and compliance
  • QuotaEnforcement becomes unreliable without org scope

Production execute request

Authorization: Bearer with your org key from runtime or CI.

deploy.release 
curl -sS -X POST "https://api.trigguardai.com/execute" \
  -H "Authorization: Bearer $TRIGGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "surface": "deploy.release",
    "actorId": "ci-smoke",
    "context": { "ref": "main", "workflow": "smoke" }
  }'

The gateway evaluates the request and returns a signed artifact: decision, execution_id, receiptHash, and authoritySignature. This is the operational proof - not decorative JSON.

Signed execution artifact

Production POST /execute response - returned by the gateway, not generated here.

decision: DENY HTTP 200 · evaluated, logged, signed 
{
  "decision": "DENY",
  "execution_id": "exec_7F3A91",
  "reasonCode": "TG_POLICY_REQUIRES_APPROVAL",
  "receiptHash": "sha256:9d7a1f2e8b4c6d0e1a3f5b7c9d2e4f6a8b0c2d4e6f8a0b2c4d6e8f0a2b4c6",
  "authoritySignature": "ed25519:MEUCIQDk8f2Hn3KpL9vR4wX1yZ6bN0mQ7tU5sA2cF8hJ3kL9wXi"
}
  • decisionPolicy outcome: PERMIT, DENY, or SILENCE
  • execution_idStable anchor for receipt lineage and operator timeline
  • receiptHashCryptographic digest of the signed evaluation record
  • authoritySignatureAuthority proof for offline replay verification

DENY is a valid outcome. The request was evaluated, logged, signed, and replayable. Policy blocked the action - the authorization rail worked.

execution_id anchors:

  • receipt lineage
  • replay verification
  • operator timeline

Your organization now has signed operational lineage.

Signed lineage attaches to your org - execution is attributable, replayable, and auditable.

Platform surfaces

Where each layer lives. Public trust here; operations on authenticated production hosts.

Public

Public site

trigguardai.com

Trust, onboarding, integration guidance. No org identity required.

Authenticated

Control plane

console.trigguardai.com

Org identity, keys, quota, billing, policy configuration.

Production

Execution gateway

api.trigguardai.com/execute

Live policy evaluation and signed receipts. tg_live_* bearer required.

Public

Receipt / replay

/docs/verification · /verify

Verification guides and receipt inspection.

Authenticated · Production

Operator timeline

operator.trigguardai.com

Execution history, replay lineage, audit trail.

Authenticated operational surfaces

After signup, operations live on production hosts - not on this page.

Authenticated · Production

Operator timeline

Per-org execute lineage.

operator.trigguardai.com/operator/executions

Authenticated

API keys

Issue and rotate tg_live_* credentials.

operator.trigguardai.com/operator/keys

Authenticated · Production

Execution history

Org-scoped execute log.

operator.trigguardai.com/operator/executions

After signup

  • Organization identity is created
  • tg_live_* API key is issued
  • Usage quota attaches to the org
  • Execution history attaches to the org
  • Signed receipts attach to the org
  • Replay verification becomes available
  • Operator tooling becomes available
Create developer organization Open control plane Sign in
  • Deterministic enforcement
  • Signed receipts
  • Replay verification
  • Per-org lineage
  • Policy evaluation
  • Fail-closed semantics
Free tier metering and quota

1,000 executes / month on the free developer plan. Quota exhaustion returns 429 TG_PLAN_LIMIT_EXCEEDED - not a silent deny. Stripe upgrade for higher caps - same org, same keys.

Replay and receipt nuances

Archive full JSON with CI runs. Verification uses the keys epoch active at signing. See receipt schema and verification guide.

CI integration example 
# GitHub Actions (secrets: TRIGGUARD_API_KEY, TRIGGUARD_GATEWAY_URL)
export TRIGGUARD_GATEWAY_URL=https://api.trigguardai.com
export TRIGGUARD_API_KEY=tg_live_…
node examples/enterprise-cicd-release/authorize-release.mjs

GitHub Actions integration for deploy.release workflows.