Your system submits intent to TrigGuard. Policy is evaluated deterministically. Downstream execution runs only on explicit PERMIT—otherwise blocked.
- Caller submits surface, action, context, and idempotency_key to POST /execute.
- TrigGuard evaluates policy in the authoritative layer.
- Irreversible work proceeds only if decision is PERMIT; DENY refuses; SILENCE means no authorization was issued—without authorization, execution cannot proceed.
Request
curl https://api.trigguardai.com/execute \
-H "Authorization: Bearer TG_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"surface": "payments.charge",
"action": "transfer_funds",
"context": { "amount": 5000, "currency": "USD" },
"idempotency_key": "tx_9921"
}'Decision
{
"decision": "PERMIT",
"receipt": {
"idempotency_key": "tx_9921",
"decision": "PERMIT",
"timestamp": "2026-03-16T21:05:00Z"
}
}3. Execute the action
If and only if decision is PERMIT, run the real action. Any other outcome: do not commit.
if decision == "PERMIT":
run_payment()
That's it.
If you received PERMIT and a receipt, your first path is now gated: policy must allow before execution proceeds.