TrigGuard Developer Playground

Proxies to your gateway /v1/* routes — no SDK or policy logic duplicated here. Set Authorization: Bearer … below or configure TRIGGUARD_PLAYGROUND_SERVICE_TOKEN on the server.

POST /playground/authorize → gateway /v1/authorize

Bearer token (optional if server token set) Request JSON

Surface quick-fill

POST /playground/execute → gateway /v1/execute

Same envelope as authorize; upstream applies reference-monitor semantics for execute. The server requires TRIGGUARD_PLAYGROUND_SERVICE_TOKEN and validates your browser token against TRIGGUARD_PLAYGROUND_EXECUTE_CALLER_TOKEN for this route; the browser token is not forwarded to /v1/execute. For local dev without tokens, set TRIGGUARD_PLAYGROUND_ALLOW_EXECUTE_WITHOUT_TOKEN=1 (never in production).

Request JSON

Verify receipt or execution token

POST /playground/verify → gateway /v1/verify (receipt JSON or execution_token).

Receipt or verify payload JSON

Canonical demos (repo examples)

Loads sample bodies from /playground/demo/* mapped to examples/stripe-payment, examples/data-export-gate, and examples/github-deploy-gate. Run still calls your live gateway.