TrigGuard
TRIGGUARD
Open Console

TrigGuard CLI

Install. Authorize. Verify.

Authority from your terminal.

@trigguard/cli v0.1.3 · authenticate via device flow, authorize an execution, and verify the Ed25519-signed receipt.

Install from npm Start integrating
zsh - @trigguard/cli 
$ npm install -g @trigguard/cli
added 1 package in 2s

$ tg login
Opening browser for device auth...
✓ Authenticated

$ tg authorize --surface deploy.release --actor demo
Decision: PERMIT
Receipt: signed
Execution: allowed

Quickstart

Under 2 minutes from install to verified receipt

One continuous path: install the CLI, authenticate, authorize a surface, verify the receipt offline.

  1. Install

    Global install. Requires Node.js 18+.

    install
    $ npm install -g @trigguard/cli

  2. Login

    Opens browser device auth at console.trigguardai.com. No manual API key paste.

    login
    $ tg login

  3. Authorize

    Returns a binding decision and Ed25519-signed receipt.

    authorize
    $ tg authorize \
  --surface deploy.release \
  --actor demo \
  --intent "test deployment"

  4. Verify

    Independent offline verification. Inspect receipts in the receipt explorer. Independent verification · Receipt schema

    verify
    $ tg verify --execution-id exec_xxxxx

Terminal demo

Full authorize and verify session

zsh - tg session 
$ tg authorize \
  --surface deploy.release \
  --actor demo \
  --intent "test deployment"

decision:     DENY
executionId:  exec_a1b2c3d4
receipt:      signed (Ed25519)
surface:      deploy.release

$ tg verify --execution-id exec_a1b2c3d4

verificationResult: passed
signature:          valid
offline:            true

Security

Security guarantees

Device Authentication

Browser-based login with secure device authorization flow.

Cryptographic Signatures

Ed25519 signed receipts verifiable offline.

Receipt Verification

Independent validation without dashboard dependency.

Fail-Closed Security

No receipt, no execution path.

Full security model →

Next steps

Continue building