// What is an Execution Surface?
The Authorization Boundary
An execution surface is the point where an action becomes irreversible. TrigGuard sits at this boundary and authorizes (or blocks) the action before it executes.
Each surface has its own policy configuration, audit trail, and receipt format. You choose which surfaces to protect.
// Core Surfaces
deploy.release
Production deployments, release promotions, rollback decisions. Any action that changes what code is running in production.
infra.apply
Infrastructure changes that modify cloud resources. State changes that are expensive or impossible to reverse.
artifact.publish
Publishing artifacts to registries, signing releases, pushing container images. Once published, artifacts may be pulled by downstream systems.
database.migrate
Schema changes, data migrations, DDL operations. Changes that alter database structure or move large amounts of data.
secrets.access
Credential retrieval, KMS decryption, vault reads. Access to sensitive material that could be exfiltrated or misused. TrigGuard authorizes the access event; the secret payload remains encrypted within your Vault/KMS.
data.export
Bulk data exports, backup downloads, report generation. Actions that move significant data outside the system boundary.
production.write
Direct writes to production databases, manual data modifications, batch operations against live systems.
// Custom Surfaces
Define Your Own
TrigGuard supports custom execution surfaces. Define surfaces that match your organization's risk model.
# Custom surface example
{
"surface": "payment.authorize",
"action": "transfer-over-10k",
"context": {
"amount": 15000,
"currency": "USD",
"recipient": "external"
}
}Surface Naming Convention
Surfaces use dot notation: category.action. Keep names short, descriptive, and consistent across your organization.
// Get Started
Protect Your First Surface
Start with your highest-risk surface. Most teams begin with deploy.release or infra.apply.