TrigGuard
TRIGGUARD DECISION_MODEL
Request a demo

Decision vs enforcement

Receipts express decisions. Runtimes express enforcement. One-line rule: Decisions DENY. Systems BLOCK.

Canonical enums

Decision (receipt-safe): PERMIT | DENY | SILENCE

Enforcement (runtime-safe): EXECUTED | BLOCKED

Evaluation state: COMPLETE | INDETERMINATESILENCE implies INDETERMINATE.

Receipt status: SIGNED | UNSIGNED | INVALID

SILENCE

SILENCE means no authorization was issued. Without authorization, execution cannot proceed. Enforcement in a conformant integration is BLOCKED (fail-closed).

Contract invariants

  • A. A receipt decision MUST be PERMIT, DENY, or SILENCE.
  • B. BLOCKED MUST NOT appear as a receipt decision.
  • C. Any decision other than PERMIT MUST yield enforcement = BLOCKED in a conformant integration (non-conformant callers are control failures).
  • D. SILENCE is decision-layer indeterminacy, not an enforcement label.
  • E. Every DENY and SILENCE MUST carry a mandatory reason_code (deterministic taxonomy).

Correct pairing

{
  "decision": "DENY",
  "enforcement": "BLOCKED"
}

Mapping: PERMITEXECUTED or BLOCKED (only if downstream fails or operator aborts). DENYBLOCKED. SILENCEBLOCKED.

Public wording

Use PERMIT / DENY / SILENCE in protocol, receipts, and auditor-facing specs. Use EXECUTED / BLOCKED in dashboards, traces, and operator records. Do not collapse decision and enforcement into one axis (e.g. PERMIT / DENY / SILENCE for decisions; EXECUTED / BLOCKED for enforcement).

Minimal examples

// Decision response

{
  "request_id": "req_01JXYZ",
  "decision": "DENY",
  "evaluation_state": "COMPLETE",
  "reason_code": "TG_DENY_SURFACE_FORBIDDEN",
  "reason_summary": "Requested surface is not permitted under active policy.",
  "receipt_id": "rcpt_01JXYZ",
  "receipt_status": "SIGNED",
  "decided_at": "2026-03-20T13:58:00Z"
}

// Enforcement event

{
  "event_id": "evt_01JXYZ",
  "request_id": "req_01JXYZ",
  "receipt_id": "rcpt_01JXYZ",
  "decision": "DENY",
  "enforcement": "BLOCKED",
  "enforced_by": "trigguard-gateway",
  "execution_surface": "payments.execute",
  "occurred_at": "2026-03-20T13:58:01Z"
}

← Back to Protocol   Documentation hub

Authoritative source for implementers is also maintained in the repository as docs/protocol/DECISION_AND_ENFORCEMENT_MODEL.md.