$ talon audit list
ID TIME CALLER PII COST(β¬) MODEL DECISION
evt_a1b2c3 2026-03-15T10:23:45 support-bot email(1) 0.003 gpt-4o-mini allowed
evt_d4e5f6 2026-03-15T10:24:12 hr-assistant iban(2) 0.000 gpt-4o blocked:pii
evt_x9y0z1 2026-03-15T10:24:45 eng-tools none 0.000 β blocked:tool
evt_g7h8i9 2026-03-15T10:25:01 eng-tools none 0.012 claude-3.5 allowed
evt_j0k1l2 2026-03-15T10:25:30 support-bot email(1),phone 0.004 gpt-4o-mini allowed:redacted
One URL change. PII scan, tool block, tamper-proof record. No code rewrites.
Talon is a single Go binary in front of OpenAI, Anthropic, and Bedrock. Point your app at localhost:8080/v1/proxy/openai instead of api.openai.com β same API, same response. Every call is policy-checked, PII-scanned, cost-tracked, and logged. Works with Slack bots, OpenClaw, CoPaw, anything OpenAI-compatible. Built for EU companies (GDPR, NIS2, DORA, EU AI Act); Apache 2.0.
git clone https://github.com/dativo-io/talon && cd talon
cd examples/docker-compose && docker compose up
# In another terminal β send a request with PII:
curl -X POST http://localhost:8080/v1/proxy/openai/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"My email is jan@example.com and my IBAN is DE89370400440532013000. Help me reset my password."}]}'
# See the record (PII detected, cost, decision):
docker compose exec talon /usr/local/bin/talon audit listThe mock provider handles the LLM call. Evidence appears immediately β PII detected, cost logged, HMAC-signed record. What exactly does Talon do to your request?
- Your agent called
bulk_delete_users. A PII-only proxy (e.g. CloakLLM, or a DIY FastAPI proxy) never sees tool names β the LLM talks directly to your backend. Talon sits in front of the LLM and the tool layer: MCPtools/calland gateway requests are policy-checked before execution. Forbidden tools are blocked; every call is logged. You get a record nobody can quietly edit. - A prompt contained an IBAN and the model replied with it. Logging after the fact does not stop the leak. Talon scans input (and optionally response) before the call completes; you can block, redact, or restrict to EU-only models when PII is detected. Budget is evaluated before the call, not after β unlike LiteLLM-style post-spend alerts.
- You have no proof of what ran. Spreadsheets and ad-hoc logs are easy to alter. Talon writes an HMAC-signed evidence record per request to SQLite; verify with
talon audit verify. Export to CSV for your compliance officer. - Third-party AI (Zendesk, Intercom) is a black box. You are liable even if they say they are compliant. Route them through Talon's MCP proxy: you get the same PII scan, tool filter, and tamper-proof record without the vendor rewriting their stack.
Scenario: You pay Many β¬/month for Zendesk AI Agent, Intercom, or HubSpot AI. It works great, but you can't prove GDPR compliance.
Solution: Route vendor through Talon's MCP proxy (30 minutes setup).
# Point vendor to Talon, gain full visibility
agent:
name: "zendesk-vendor-proxy"
type: "mcp_proxy"
proxy:
upstream: "https://zendesk-ai-agent.com"
pii_handling:
redaction_rules:
- field: "customer_email"
method: "hash"
- field: "customer_phone"
method: "mask_middle"
compliance:
frameworks: ["gdpr", "nis2"]
audit_retention: 365Result:
- β Vendor keeps working (transparent proxy)
- β You have a tamper-proof record (GDPR Article 30 exports)
- β PII redacted before vendor access
- β Can block forbidden operations
See: VENDOR_INTEGRATION_GUIDE.md
Scenario: You built a Slack bot 6 months ago. Works great, but compliance officer needs verifiable records.
Solution: Add 5 lines of code to route through Talon (4 hours setup).
# BEFORE (ungoverned)
response = openai.ChatCompletion.create(
model="gpt-4",
messages=[{"role": "user", "content": query}]
)
# AFTER (governed) - 5 lines changed
response = requests.post("http://localhost:8081/v1/chat/completions", json={
"agent_id": "slack-support-bot",
"model": "gpt-4",
"messages": [{"role": "user", "content": query}]
})Result:
- β Bot keeps working (same UX)
- β Now GDPR + NIS2 compliant
- β No rewrite needed
- β Audit-ready in 1 day
Scenario: Greenfield project, want to build compliant from Day 1.
Solution: Use Talon from the start (2 minutes to first agent).
# Install
go install github.com/dativo-io/talon/cmd/talon@latest
# macOS: if you see "unsupported tapi file type" or clang linker error, use:
# CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest
# or: curl -sSL https://install.gettalon.dev | sh
# Initialize (interactive wizard in a terminal; use --scaffold for quick defaults)
mkdir my-agents && cd my-agents
talon init
# Configure secrets (or use env: export OPENAI_API_KEY=sk-proj-...)
talon secrets set openai-api-key "sk-proj-..."
# Run first governed agent
talon run "Summarize EU AI regulation trends"Result:
- β Compliant from Day 1
- β No custom policy code
- β Policy-as-code in YAML
- β Audit trail automatic
See: QUICKSTART.md
Talon requires Go 1.22+ and CGO (for SQLite). Standard options:
From source (any branch, recommended for development):
git clone https://github.com/dativo-io/talon.git
cd talon
git checkout main # or feat/your-branch
make build # β bin/talon
# or: make install # β $GOPATH/bin/talonOn macOS, make build / make install use the system Clang by default so CGO linking works. If you use go build or go install directly and see unsupported tapi file type '!tapi-tbd', set the compiler: CC=/usr/bin/clang CGO_ENABLED=1 go build -o bin/talon ./cmd/talon/.
From a released version (stable):
go install github.com/dativo-io/talon/cmd/talon@latest
# or a specific tag: ...@v1.0.0macOS: If go install fails with unsupported tapi file type '!tapi-tbd' (Homebrew LLVM vs Apple SDK), use system Clang: CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest. Or clone the repo and run make install (Makefile forces system Clang).
Note: You cannot install a branch with go install ...@branch-name; Go expects a module version (tag or pseudo-version). To run a branch, clone the repo and use make build or make install from that branch.
# Install (see Install section above), then:
mkdir my-agents && cd my-agents
talon init # Interactive wizard (in a terminal); or: talon init --scaffold for quick defaults
# Set your LLM provider key (or use vault: talon secrets set openai-api-key "sk-...")
export OPENAI_API_KEY=sk-your-key
# Or: talon secrets set openai-api-key "sk-..."
# Also supports: ANTHROPIC_API_KEY, AWS_REGION (for Bedrock), Ollama (local, no key needed)
# Run your first governed agent
talon run "Summarize the key trends in European AI regulation"You'll see:
β Policy check: ALLOWED
[Agent response appears here]
β Evidence stored: req_xxxxxxxx
β Cost: β¬0.0018 | Duration: 1250ms
Try a policy block β set daily: 0.001 in your agent.talon.yaml, run again, and watch the policy engine deny the request:
β Policy check: DENIED
Reason: budget_exceeded
Inspect and verify the evidence:
talon audit list --limit 10 # List recent evidence
talon audit show <evidence-id> # Full record (classification, PII, HMAC status)
talon audit verify <evidence-id> # Verify signature + compact summary
talon audit export --format csv --from ... --to ... # Export for compliance (includes pii_detected, tiers)(Evidence IDs are shown in run output, e.g. req_xxxxxxxx.)
Run the full REST API, MCP server, and embedded dashboard:
# Set admin key (for admin + dashboard/metrics endpoints)
export TALON_ADMIN_KEY="replace-with-strong-admin-key"
# Start server (dashboard at / and /dashboard)
talon serve --port 8080
# With MCP proxy for vendor compliance (e.g. Zendesk AI)
talon serve --port 8080 --proxy-config examples/vendor-proxy/zendesk-proxy.talon.yaml
# With LLM API gateway (proxy mode: route OpenAI/Anthropic/Ollama traffic through Talon)
talon serve --port 8080 --gateway --gateway-config examples/gateway/talon.config.gateway.yamlEndpoints include: GET /v1/health, GET /v1/status, POST /v1/agents/run, POST /v1/chat/completions (OpenAI-compatible), GET /v1/evidence, GET /v1/costs, GET /v1/plans/pending (plan review), POST /mcp (native MCP), POST /mcp/proxy (when proxy is configured), and **POST /v1/proxy/{provider}/v1/chat/completions** (LLM API gateway when --gateway is set; caller auth via Authorization: Bearer <tenant-key>). Tenant-scoped API routes use Authorization: Bearer <tenant-key>. Admin-only routes use X-Talon-Admin-Key: <key> (or bearer fallback).
For browser navigation to dashboards, include the admin key in the URL once:
http://localhost:8080/dashboard?talon_admin_key=YOUR_TALON_ADMIN_KEYhttp://localhost:8080/gateway/dashboard?talon_admin_key=YOUR_TALON_ADMIN_KEY
Dashboard links preserve this key automatically for subsequent navigation.
See: QUICKSTART.md for serve and dashboard usage.
Route third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon for independent audit and PII redaction:
- Create a proxy config (see
examples/vendor-proxy/zendesk-proxy.talon.yaml). - Start Talon with
--proxy-config:
talon serve --port 8080 --proxy-config path/to/proxy.talon.yaml- Point the vendor at
https://your-talon-host/mcp/proxy.
Talon intercepts MCP traffic, enforces policy, redacts PII, and records evidence. Modes: intercept (block forbidden), passthrough (log only), shadow (audit without blocking).
See: VENDOR_INTEGRATION_GUIDE.md and ARCHITECTURE_MCP_PROXY.md.
Route raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon so desktop apps, Slack bots, and scripts get the same controls without code changes:
- Create a gateway config (see
examples/gateway/talon.config.gateway.yaml) with providers, caller tenant keys, and optional policy overrides (allowed models, cost limits). - Start Talon with
--gatewayand--gateway-config:
talon serve --port 8080 --gateway --gateway-config path/to/gateway.yaml- Point your app at
https://your-talon-host/v1/proxy/ollama/v1/chat/completions(oropenai,anthropic) and sendAuthorization: Bearer <caller-key>.
Talon identifies the caller, enforces per-caller model and cost policy, records evidence, and forwards to the configured upstream. Costs appear in GET /v1/costs for the caller's tenant.
See: OpenClaw integration, CoPaw integration, Slack bot integration, Desktop apps.
Policy-as-Code β Define agent policy in agent.talon.yaml files. Cost limits, data classification, model routing, tool access, time restrictions β all declarative, version-controlled, auditable.
MCP-Native β Talon speaks Model Context Protocol. Connect any MCP-compatible agent or tool. Every MCP tool call passes through the policy engine. Works as transparent proxy for third-party vendors.
Vendor Integration β Route third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon's MCP proxy. Gain tamper-proof records, PII redaction, and policy enforcement without vendor rewrites. You stay compliant even with black-box SaaS.
LLM API Gateway β Route raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon at /v1/proxy/*. Desktop apps, Slack bots, and scripts use caller API keys; Talon enforces per-caller model and cost policy and records evidence. Same controls as native agents, zero app code changes beyond base URL.
Audited Secrets Vault β API keys encrypted at rest (AES-256-GCM). Per-agent ACLs. Every secret retrieval logged. Upgrade path to Infisical for rotation and SAML.
Prompt Injection Prevention β PDF/DOCX/HTML attachments are sandboxed automatically. Instruction-detection scanner flags injection attempts. Configurable: block, warn, or log.
Agent Memory β Agents write learnings to an audited soul directory. Every memory write passes through a multi-layer pipeline (hardcoded forbidden categories, OPA policy, PII scan, conflict detection) and is HMAC-signed. Shadow mode lets operators observe memory behavior before enabling writes. Retention policies auto-purge expired entries. Prompt injection controls filter which memories enter LLM context. Rollback to any previous state if memory poisoning is detected. Unlike MemOS or mem0, Talon's memory is a compliance asset β not just a developer convenience.
Scheduled & Event-Driven β Cron schedules and webhook triggers. Same policy enforcement whether an agent runs manually, on schedule, or from a GitHub webhook.
Shared Enterprise Context β Read-only company knowledge mounts. All agents share the same org facts. Data classification tier propagates to model routing.
Multi-LLM β OpenAI, Anthropic, AWS Bedrock (EU), Ollama (local). Tier-based routing: public data β cheap models, sensitive data β EU-only models.
OpenTelemetry-Native β Traces, metrics, and logs export via OTel. GenAI semantic conventions for LLM observability. Upgrade path to Langfuse + LGTM stack.
| Capability | Talon | MemOS | OpenClaw | LangChain | CrewAI |
|---|---|---|---|---|---|
| Policy enforcement | Yes (OPA) | No | No | No | No |
| Cost control | Yes (per-request) | No | No | No | No |
| PII detection | Yes (EU patterns, configurable) | No | No | No | No |
| Signed evidence record | Yes (HMAC-signed) | No | No | No | No |
| EU data stays in EU | Yes (EU routing) | No | No | No | No |
| MCP support | Yes (native) | Yes | Partial | Partial | No |
| Vendor proxy | Yes (MCP proxy) | No | No | No | No |
| LLM API gateway | Yes (/v1/proxy/) | No | No | No | No |
| Secrets vault | Yes (audited) | No | No | No | No |
| Prompt injection prev. | Yes (3-layer) | No | No | No | No |
| Agent memory | Yes (policy-controlled) | Yes (advanced: KV-cache, graph, LoRA) | No | No | Partial |
| Memory controls | Yes (PII scan, HMAC, rollback) | No | No | No | No |
| Multi-tenant | Yes | No | No | No | No |
| Open source | Apache 2.0 | Apache 2.0 | Yes | Yes | Yes |
| EU AI Act alignment | Yes | No | No | No | No |
Key differentiator: Talon is the only platform that adds compliance to existing third-party AI vendors without rewriting them. Your Zendesk AI Agent, Intercom bot, or custom Slack automation becomes audit-ready in hours.
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β β β β β β
β Agent/User ββββββββββββ Talon ββββββββββββ LLM/Tools β
β β β (Proxy) β β (Vendors) β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β
ββββββββββββ΄βββββββββββ
β β
βΌ βΌ
ββββββββββββββββββββ ββββββββββββββββββββ
β Policy Engine β β Evidence Store β
β (OPA + Rego) β β (SQLite/PG) β
ββββββββββββββββββββ ββββββββββββββββββββ
Single Go Binary (no microservices, no Kubernetes)
Detailed view:
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β β β β β β
β β β β β β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β Policy β β MCP Server β β Secrets β
β Engine β β + LLM β β Vault β
β (OPA) β β Router β β (AES-GCM) β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β β β
β β β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β Attachment β β Evidence β β Agent β
β Scanner β β Store β β Memory β
β (Injection β β (SQLite + β β (Soul Dir) β
β Prevention) β β OTel + HMAC)β β β
ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ
β β
β β
ββββββββββββββββ ββββββββββββββββββββββββ
β agent.talon β β LLM Providers β
β .yaml β β OpenAI/Anthropic β
β β β Bedrock/Ollama β
ββββββββββββββββ ββββββββββββββββββββββββ
# Project setup
talon init # Interactive wizard (TTY); creates agent + infra config
talon init --scaffold # Quick defaults without wizard (e.g. in CI/scripts)
talon init --pack openclaw # Starter pack (openclaw, fintech-eu, etc.)
talon init --list-providers # List LLM providers; --list-packs, --list-features
talon validate # Validate agent.talon.yaml
# Agent execution
talon run "query" # Run agent with policy enforcement
talon run --dry-run "query" # Show policy decision without LLM call
talon run --attach report.pdf "Summarize" # Process attachments (injection-scanned)
talon run --agent sales --tenant acme "..." # Specify agent and tenant
talon run --policy custom.talon.yaml "..." # Use explicit policy file
# Audit trail
talon audit list # List evidence records
talon audit list --tenant acme --limit 50 # Filter by tenant with limit
talon audit show <evidence-id> # Full record (Layer 3: classification, PII, HMAC)
talon audit verify <evidence-id> # Verify HMAC-SHA256 + compact summary
talon audit export --format csv|json|ndjson|html [--from YYYY-MM-DD] [--to YYYY-MM-DD] # HTML is self-contained
talon compliance report --framework gdpr --format html --output gdpr-report.html # Article-level mapping report
# Secrets vault
talon secrets set <name> <value> # Store encrypted secret (AES-256-GCM)
talon secrets list # List secrets (metadata only, values hidden)
talon secrets audit # View secret access log
talon secrets rotate <name> # Re-encrypt with fresh nonce
# Agent memory
talon memory list [--agent name] # Browse memory index
talon memory show <entry-id> # Full entry detail
talon memory search "query" # Full-text search
talon memory rollback <mem_id> --yes # Rollback to entry (soft-delete newer)
talon memory health [--agent name] # Trust distribution + conflicts
talon memory audit [--agent name] # Evidence chain verification
# Trigger server
talon serve [--port 8080] # Start HTTP server + cron scheduler
# Plan review
talon plan pending [--tenant acme] # List pending plans for review
talon plan approve <plan-id> [--tenant acme] # Approve pending plan
talon plan reject <plan-id> [--tenant acme] # Reject pending plan
talon plan execute <plan-id> [--tenant acme] # Execute an approved plan in non-serve mode
talon approver add --name "Jane Doe" --role team_lead # Generate approver bearer key
talon approver list # List approver identities
talon monitor --tenant acme # Drift signals (cost/denial/PII z-scores)
talon prompt history --tenant acme --agent support-bot # Prompt versions (when audit.include_prompts=true)
talon agents score --tenant acme --agent support-bot # Governance maturity score
talon costs --tenant acme --by-team # Team-level cost attribution
# Sessions
talon session list --tenant acme # List execution sessions
talon session show <session-id> # Show session details
talon session trace <session-id> # Show linked lifecycle evidenceFor OpenAI-compatible and agent-run HTTP endpoints, Talon accepts optional governance headers:
X-Talon-Reasoning: agent-provided decision rationale (stored in signed evidence asagent_reasoning)X-Talon-Session-ID: join an existing governed execution session (or Talon creates one)X-Talon-Agent-Signature+X-Talon-Agent-Timestamp: optional per-agent HMAC request attestation
PII detection uses Presidio-compatible recognizer definitions. Defaults are embedded (EU-focused: email, phone, IBAN, credit card, VAT, SSNs, IP, passport). You can extend or override them without recompiling:
- Global overrides: Put a
patterns.yamlfile in~/.talon/or the project directory. Same YAML format as the built-inpatterns/pii_eu.yaml. Later layers override earlier (embedded β global β per-agent). - Per-agent: In
agent.talon.yamlunderpolicies.data_classificationsetenabled_entities(whitelist),disabled_entities(blacklist), and/orcustom_recognizers(extra patterns). See the commented block intalon init --scaffoldor wizard-generated output.
Attachment (prompt-injection) patterns are configured the same way; see patterns/injection.yaml for the default set.
Semantic enrichment (optional): Redacted PII placeholders can include attributes (e.g. person gender, location scope) so downstream systems get structure without raw data. Enable in policies.semantic_enrichment; see PII semantic enrichment.
| Framework | Status | Key Talon Features |
|---|---|---|
| GDPR | β Core | PII detection, data residency, right to erasure, tamper-proof record |
| ISO 27001 | β Core | Secrets management (A.8.24), logging (A.8.15), access control (A.5.15) |
| NIS2 | β Core | Incident evidence, supply chain controls, risk management |
| DORA | β‘οΈ Partial | ICT incident logging, cost tracking, third-party risk |
| EU AI Act | β Core | Risk classification, human oversight, transparency, documentation |
| SOC 2 | β‘οΈ Partial | Trust services criteria via evidence + signed record |
GDPR Article 30 Exports: Generate processing records in one command. Proves what data was processed, by which agent, when, and with what legal basis.
NIS2 Article 21 Evidence: Complete incident logs with timestamps, policy decisions, and signed records. Required for cyber incident reporting.
EU AI Act Articles 9, 13, 14: Risk management system (OPA policies), transparency logs (evidence store), human oversight (plan review UI).
Before: Custom Slack bot for eSIM support. Works great, but no verifiable record. After: Added Talon in 4 hours (5 lines of code). Now GDPR + NIS2 compliant. ROI: β¬15,000 saved (avoided rewrite) + eliminated fine risk.
Before: Zendesk AI Agent (β¬3,000/month). Black box, no visibility. After: Routed through Talon MCP proxy in 1 week. Full tamper-proof record. ROI: β¬100,000 saved (kept vendor) + GDPR compliance proven.
Before: Building custom AI support from scratch. After: Used Talon from Day 1. Compliant without custom policy code. ROI: β¬25,000 saved (didn't build compliance layer) + faster time to market.
See: ADOPTION_SCENARIOS.md for detailed timelines.
See examples/ for ready-to-use agent configurations:
examples/sales-analyst/β Financial data analysis with PII redactionexamples/support-agent/β Customer support with EU data routingexamples/code-reviewer/β Code review with tool access controlsexamples/vendor-proxy/β Third-party vendor compliance wrapper
Talon is designed for progressive complexity β start simple, add sophistication via configuration:
| Component | MVP (Free) | Growth (Self-hosted) | Enterprise |
|---|---|---|---|
| Storage | SQLite | PostgreSQL | PostgreSQL + S3 WORM |
| Secrets | Embedded vault | Infisical (self-hosted) | Infisical Enterprise / Vault |
| Observability | OTel β stdout | LGTM stack + Langfuse | Datadog / Elastic |
| Agent isolation | Process | Docker / gVisor | Firecracker MicroVMs |
| Protocols | MCP | MCP + A2A | MCP + A2A + custom |
| Auth | API key | OIDC | SAML / SSO |
See CONTRIBUTING.md for development workflow.
Apache 2.0 β See LICENSE
- Documentation: docs/
- Quick Start: QUICKSTART.md
- Persona Guides: PERSONA_GUIDES.md β How Compliance, CTO, SecOps, FinOps, and DevOps use Talon
- Memory Governance: MEMORY_GOVERNANCE.md
- Vendor Integration: VENDOR_INTEGRATION_GUIDE.md
- Adoption Paths: ADOPTION_SCENARIOS.md
- Website: https://talon.dativo.io
- Community: https://github.com/dativo-io/talon/discussions
EU AI Act enforcement: August 2026. Are your AI agents compliant?
Already using AI vendors? Make them compliant in hours, not months.