DEVELOPER ONBOARDING

Execution starts with your organization.

Deterministic authorization before irreversible execution. Signup is required: create an org, receive a tg_live_* key, then run authenticated executes on the production rail.

Production execution rail active
Authenticated enforcement required
Replay verification available
Signed receipt lineage enabled

1,000 executes/month on the free developer plan. Per-org metering - not anonymous access.

Create organization
Receive API key
Run execute
Receive signed receipt
Preserve replay lineage

Create developer organization Request enterprise access View integration docs

Production gateway: https://api.trigguardai.com/execute · JSON in, JSON out · Fail-closed on missing auth or quota

Onboarding flow

Create organization

Signup creates org identity. Free developer plan attached. Governance history is tied to your org.

Issue API key

Control plane issues tg_live_* once. Store as TRIGGUARD_API_KEY in CI secrets - identity-bound execution.

Run execute

Authenticated POST /execute on the production rail. Responses return PERMIT, DENY, or SILENCE - plain policy outcomes, not a silent allow.

Receive signed receipt

decision, execution_id, receiptHash, and authoritySignature anchor replay and operator history under your org.

Why organization identity is required

Without attributable organization identity:

ReplayLineage breaks - no stable per-org replay path
ReceiptsOwnership breaks - artifacts cannot bind to your authority
LineageExecution history fragments across anonymous calls
AuditAttribution weakens for operators and compliance
QuotaEnforcement becomes unreliable without org scope

Production execute request

Authorization: Bearer with your org key from runtime or CI.

curl -sS -X POST "https://api.trigguardai.com/execute" \
  -H "Authorization: Bearer $TRIGGUARD_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "surface": "deploy.release",
    "actorId": "ci-smoke",
    "context": { "ref": "main", "workflow": "smoke" }
  }'

The gateway evaluates the request and returns a signed artifact: decision, execution_id, receiptHash, and authoritySignature. This is the operational proof - not decorative JSON.

Signed execution artifact

Production POST /execute response - returned by the gateway, not generated here.

{
  "decision": "DENY",
  "execution_id": "exec_7F3A91",
  "reasonCode": "TG_POLICY_REQUIRES_APPROVAL",
  "receiptHash": "sha256:9d7a1f2e8b4c6d0e1a3f5b7c9d2e4f6a8b0c2d4e6f8a0b2c4d6e8f0a2b4c6",
  "authoritySignature": "ed25519:MEUCIQDk8f2Hn3KpL9vR4wX1yZ6bN0mQ7tU5sA2cF8hJ3kL9wXi"
}

decisionPolicy outcome: PERMIT, DENY, or SILENCE
execution_idStable anchor for receipt lineage and operator timeline
receiptHashCryptographic digest of the signed evaluation record
authoritySignatureAuthority proof for offline replay verification

DENY is a valid outcome. The request was evaluated, logged, signed, and replayable. Policy blocked the action - the authorization rail worked.

execution_id anchors:

receipt lineage
replay verification
operator timeline

Your organization now has signed operational lineage.

Signed lineage attaches to your org - execution is attributable, replayable, and auditable.

Platform surfaces

Where each layer lives. Public trust here; operations on authenticated production hosts.

Public Public site

trigguardai.com

Trust, onboarding, integration guidance.

No org identity required.
Authenticated Control plane

console.trigguardai.com

Org identity, keys, quota, billing, policy configuration.

Organization required.
Production Execution gateway

api.trigguardai.com/execute

Live policy evaluation and signed receipts.

tg_live_* bearer required.
Public Receipt / replay layer

/docs/verification · /verify

Verification guides and receipt inspection.

Exploratory verify; org-bound history in operator.
Authenticated · Production Operator timeline

operator.trigguardai.com

Execution history, replay lineage, audit trail.

Organization-scoped operator surface.

Authenticated operational surfaces

After signup, operations live on production hosts - not on this page.

Authenticated · Production

Operator timeline

Per-org execute lineage.

operator.trigguardai.com/operator/executions

Authenticated

API keys

Issue and rotate tg_live_* credentials.

operator.trigguardai.com/operator/keys

Public

Receipt verification

Public verification guide.

/docs/verification

Public

Replay verification

Receipt explorer by execution_id.

/verify

Authenticated · Production

Execution history

Org-scoped execute log.

operator.trigguardai.com/operator/executions

Organization identity is created
tg_live_* API key is issued
Usage quota attaches to the org
Execution history attaches to the org
Signed receipts attach to the org
Replay verification becomes available
Operator tooling becomes available

Create developer organization Open control plane Sign in

Deterministic enforcement
Signed receipts
Replay verification
Per-org lineage
Policy evaluation
Fail-closed semantics

Free tier metering and quota

1,000 executes / month on the free developer plan. Quota exhaustion returns 429 TG_PLAN_LIMIT_EXCEEDED - not a silent deny. Stripe upgrade for higher caps - same org, same keys.

Replay and receipt nuances

Archive full JSON with CI runs. Verification uses the keys epoch active at signing. See receipt schema and verification guide.

CI integration example

# GitHub Actions (secrets: TRIGGUARD_API_KEY, TRIGGUARD_GATEWAY_URL)
export TRIGGUARD_GATEWAY_URL=https://api.trigguardai.com
export TRIGGUARD_API_KEY=tg_live_…
node examples/enterprise-cicd-release/authorize-release.mjs

GitHub Actions integration for deploy.release workflows.