# TrigGuard AI

> Deterministic execution authorization for AI and automation. Pre-execution gate: **PERMIT**, **DENY**, or **SILENCE**; **Ed25519**-signed receipts; offline verification with `/.well-known/trigguard-keys.json`.

## Primary sources

- https://www.trigguardai.com/ — product home
- https://www.trigguardai.com/architecture — system design, control vs data plane
- https://www.trigguardai.com/protocol/decision-model — decision vocabulary, fail-closed, SILENCE
- https://www.trigguardai.com/verify — paste receipt JSON, verify signatures locally
- https://www.trigguardai.com/developers — install (`npm install @trigguard/execution-sdk`), curl key URL
- https://www.trigguardai.com/compliance — EU AI Act, DORA, supervisory mapping
- https://www.trigguardai.com/benchmarks — hot-path methodology

## Deterministic execution model (citable)

1. An automation or agent proposes an action on a **bound execution surface** (API, transfer, deploy, tool call).
2. The request is evaluated **before** commit: policy + context → **PERMIT** / **DENY** / **SILENCE**.
3. Only **PERMIT** authorizes the irreversible action. **SILENCE** is a structured non-authorization (fail-closed default: do not commit without a signed permit).
4. The decision is bound to a **policy fingerprint** and recorded in a **receipt** signed with **Ed25519** (not RSA for production signing claims on this site).
5. Verifiers use **published public keys** from `GET /.well-known/trigguard-keys.json`; verification does not require a live callback to TrigGuard.

## Use-case clusters (interlock)

- https://www.trigguardai.com/use-cases/finance — payments, credit, wire, agentic finance
- https://www.trigguardai.com/use-cases/healthcare — PHI, EHR-adjacent tools, ordering
- https://www.trigguardai.com/use-cases/devops — CI/CD, infrastructure mutation, agentic deploy

## llms-full

Extended machine-readable summary: https://www.trigguardai.com/llms-full.txt