{"id":45792270,"url":"https://github.com/dativo-io/talon","last_synced_at":"2026-04-01T17:34:43.865Z","repository":{"id":338688909,"uuid":"1158615079","full_name":"dativo-io/talon","owner":"dativo-io","description":"Policy-enforced AI proxy. Policy-enforced AI: PII scan, tool block, cost limits, signed evidence. One URL change. 🇪🇺  compliance by default.","archived":false,"fork":false,"pushed_at":"2026-03-27T22:00:56.000Z","size":2803,"stargazers_count":7,"open_issues_count":23,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-28T00:04:07.061Z","etag":null,"topics":["ai","ai-agents","ai-tools","copaw","finops","gitops","governance","openclaw"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dativo-io.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-15T16:58:32.000Z","updated_at":"2026-03-27T22:01:00.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dativo-io/talon","commit_stats":null,"previous_names":["dativo-io/talon"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/dativo-io/talon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dativo-io%2Ftalon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dativo-io%2Ftalon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dativo-io%2Ftalon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dativo-io%2Ftalon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dativo-io","download_url":"https://codeload.github.com/dativo-io/talon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dativo-io%2Ftalon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agents","ai-tools","copaw","finops","gitops","governance","openclaw"],"created_at":"2026-02-26T12:09:16.487Z","updated_at":"2026-04-01T17:34:43.850Z","avatar_url":"https://github.com/dativo-io.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dativo Talon\n\n```\n$ talon audit list\nID          TIME                 CALLER        PII              COST(€)  MODEL         DECISION\nevt_a1b2c3  2026-03-15T10:23:45  support-bot   email(1)         0.003    gpt-4o-mini   allowed\nevt_d4e5f6  2026-03-15T10:24:12  hr-assistant  iban(2)          0.000    gpt-4o        blocked:pii\nevt_x9y0z1  2026-03-15T10:24:45  eng-tools     none             0.000    —             blocked:tool\nevt_g7h8i9  2026-03-15T10:25:01  eng-tools     none             0.012    claude-3.5    allowed\nevt_j0k1l2  2026-03-15T10:25:30  support-bot   email(1),phone   0.004    gpt-4o-mini   allowed:redacted\n```\n\nOne URL change. PII scan, tool block, tamper-proof record. No code rewrites.\n\nTalon is a single Go binary in front of OpenAI, Anthropic, and Bedrock. Point your app at `localhost:8080/v1/proxy/openai` instead of `api.openai.com` — same API, same response. Every call is policy-checked, PII-scanned, cost-tracked, and logged. Works with Slack bots, OpenClaw, CoPaw, and other OpenAI-compatible clients. Built for EU teams that need strong governance signals (GDPR, NIS2, DORA, EU AI Act); Apache 2.0.\n\n---\n\n\n\n[![CI](https://github.com/dativo-io/talon/actions/workflows/ci.yml/badge.svg)](https://github.com/dativo-io/talon/actions/workflows/ci.yml)\n[![CodeQL](https://github.com/dativo-io/talon/actions/workflows/codeql.yml/badge.svg)](https://github.com/dativo-io/talon/actions/workflows/codeql.yml)\n[![Release](https://github.com/dativo-io/talon/actions/workflows/release.yml/badge.svg)](https://github.com/dativo-io/talon/actions/workflows/release.yml)\n[![Latest Release](https://img.shields.io/github/v/release/dativo-io/talon)](https://github.com/dativo-io/talon/releases/latest)\n[![Go Report Card](https://goreportcard.com/badge/github.com/dativo-io/talon)](https://goreportcard.com/report/github.com/dativo-io/talon)\n[![License](https://img.shields.io/github/license/dativo-io/talon)](LICENSE)\n\n### Install Options (pick one)\n\n- **Go (fastest):** `go install github.com/dativo-io/talon/cmd/talon@latest`\n- **Release binary (checksummed):** [GitHub Releases](https://github.com/dativo-io/talon/releases/latest) + `checksums.txt`\n- **Container image:** `ghcr.io/dativo-io/talon:latest` (also `:vX.Y.Z`, `:X.Y`)\n- **Install script (checksum verification included):** `curl -sSL https://install.gettalon.dev | sh`\n\nNote: GitHub may still show `Packages 0` in the sidebar. Use the release artifacts and GHCR image coordinates above as the source of truth.\n\nArtifact verification quick check:\n\n```bash\n# verify release assets exist\nLATEST=$(gh release view --json tagName -q .tagName)\ngh release view \"$LATEST\" --json assets -q '.assets[].name'\n\n# verify GHCR image is published\ndocker pull ghcr.io/dativo-io/talon:latest\n```\n\n### 60-Second Demo (no API key needed)\n\n```bash\ngit clone https://github.com/dativo-io/talon \u0026\u0026 cd talon\ncd examples/docker-compose \u0026\u0026 docker compose up\n\n# In another terminal — send a request with PII:\ncurl -X POST http://localhost:8080/v1/proxy/openai/v1/chat/completions \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"model\":\"gpt-4o-mini\",\"messages\":[{\"role\":\"user\",\"content\":\"My email is jan@example.com and my IBAN is DE89370400440532013000. Help me reset my password.\"}]}'\n\n# See the record (PII detected, cost, decision):\ndocker compose exec talon /usr/local/bin/talon audit list\n```\n\nThe mock provider handles the LLM call. Evidence appears immediately — PII detected, cost logged, HMAC-signed record. [What exactly does Talon do to your request?](docs/explanation/what-talon-does-to-your-request.md)\n\n### Proof In 30 Seconds\n\n```bash\ncd examples/docker-compose\ndocker compose up -d\ncurl -X POST http://localhost:8080/v1/proxy/openai/v1/chat/completions \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"model\":\"gpt-4o-mini\",\"messages\":[{\"role\":\"user\",\"content\":\"my email is jan@example.com and iban DE89370400440532013000\"}]}'\ndocker compose exec talon /usr/local/bin/talon audit list --limit 1\ndocker compose exec talon /usr/local/bin/talon audit show \u003cevidence-id\u003e\n```\n\nExpected outcome:\n- request is accepted or policy-blocked based on your config\n- evidence row includes PII types + decision\n- `talon audit verify \u003cevidence-id\u003e` returns valid signature\n\nVisual capture workflow (for release notes/social posts):\n\n```bash\n# generate deterministic sample records for screenshots/GIF capture\nbash scripts/demo-recorder.sh\n```\n\n\n\n---\n\n## What it stops\n\n- **Your agent called `bulk_delete_users`.** A PII-only proxy (e.g. CloakLLM, or a DIY FastAPI proxy) never sees tool names — the LLM talks directly to your backend. Talon sits in front of the LLM and the tool layer: MCP `tools/call` and gateway requests are policy-checked before execution. Forbidden tools are blocked; every call is logged. You get a record nobody can quietly edit.\n- **A prompt contained an IBAN and the model replied with it.** Logging after the fact does not stop the leak. Talon scans input (and optionally response) before the call completes; you can block, redact, or restrict to EU-only models when PII is detected. Budget is evaluated before the call, not after — unlike LiteLLM-style post-spend alerts.\n- **You have no proof of what ran.** Spreadsheets and ad-hoc logs are easy to alter. Talon writes an HMAC-signed evidence record per request to SQLite; verify with `talon audit verify`. Export to CSV for your compliance officer.\n- **Third-party AI (Zendesk, Intercom) is a black box.** You are liable even if they say they are compliant. Route them through Talon's MCP proxy: you get the same PII scan, tool filter, and tamper-proof record without the vendor rewriting their stack.\n\nSee also: [Why not just a PII proxy?](docs/explanation/why-not-a-pii-proxy.md)\n\n## Three Ways to Adopt Talon\n\n### 1. Already Using Third-Party AI Vendors? (MCP Proxy)\n\n**Scenario:** You pay Many €/month for Zendesk AI Agent, Intercom, or HubSpot AI. It works great, but you can't prove GDPR compliance.\n\n**Solution:** Route vendor through Talon's MCP proxy (30 minutes setup).\n\n```yaml\n# Point vendor to Talon, gain full visibility\nagent:\n  name: \"zendesk-vendor-proxy\"\n  type: \"mcp_proxy\"\n\nproxy:\n  upstream: \"https://zendesk-ai-agent.com\"\n\npii_handling:\n  redaction_rules:\n    - field: \"customer_email\"\n      method: \"hash\"\n    - field: \"customer_phone\"\n      method: \"mask_middle\"\n\ncompliance:\n  frameworks: [\"gdpr\", \"nis2\"]\n  audit_retention: 365\n```\n\n**Result:**\n\n- ✅ Vendor keeps working (transparent proxy)\n- ✅ You have a tamper-proof record (GDPR Article 30 exports)\n- ✅ PII redacted before vendor access\n- ✅ Can block forbidden operations\n\n**See:** [VENDOR_INTEGRATION_GUIDE.md](docs/VENDOR_INTEGRATION_GUIDE.md)\n\n---\n\n### 2. Already Have Custom AI Automation? (Wrap with Talon)\n\n**Scenario:** You built a Slack bot 6 months ago. Works great, but compliance officer needs verifiable records.\n\n**Solution:** Add 5 lines of code to route through Talon (4 hours setup).\n\n```python\n# BEFORE (ungoverned)\nresponse = openai.ChatCompletion.create(\n    model=\"gpt-4\",\n    messages=[{\"role\": \"user\", \"content\": query}]\n)\n\n# AFTER (governed) - 5 lines changed\nresponse = requests.post(\"http://localhost:8081/v1/chat/completions\", json={\n    \"agent_id\": \"slack-support-bot\",\n    \"model\": \"gpt-4\",\n    \"messages\": [{\"role\": \"user\", \"content\": query}]\n})\n```\n\n**Result:**\n\n- ✅ Bot keeps working (same UX)\n- ✅ Stronger GDPR + NIS2 control coverage with auditable records\n- ✅ No rewrite needed\n- ✅ Audit-ready in 1 day\n\n**See:** [ADOPTION_SCENARIOS.md](docs/ADOPTION_SCENARIOS.md)\n\n---\n\n### 3. Building New AI Agents? (Native Talon)\n\n**Scenario:** Greenfield project, want governance controls from Day 1.\n\n**Solution:** Use Talon from the start (2 minutes to first agent).\n\n```bash\n# Install\ngo install github.com/dativo-io/talon/cmd/talon@latest\n# macOS: if you see \"unsupported tapi file type\" or clang linker error, use:\n#   CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest\n# or: curl -sSL https://install.gettalon.dev | sh\n\n# Initialize (interactive wizard in a terminal; use --scaffold for quick defaults)\nmkdir my-agents \u0026\u0026 cd my-agents\ntalon init\n\n# Configure secrets (or use env: export OPENAI_API_KEY=sk-proj-...)\ntalon secrets set openai-api-key \"sk-proj-...\"\n\n# Run first governed agent\ntalon run \"Summarize EU AI regulation trends\"\n```\n\n**Result:**\n\n- ✅ Compliant from Day 1\n- ✅ No custom policy code\n- ✅ Policy-as-code in YAML\n- ✅ Audit trail automatic\n\n**See:** [QUICKSTART.md](docs/QUICKSTART.md)\n\n---\n\n## Install\n\nTalon requires **Go 1.22+** and **CGO** (for SQLite). Standard options:\n\n**From source (any branch, recommended for development):**\n\n```bash\ngit clone https://github.com/dativo-io/talon.git\ncd talon\ngit checkout main   # or feat/your-branch\nmake build          # → bin/talon\n# or: make install  # → $GOPATH/bin/talon\n```\n\nOn **macOS**, `make build` / `make install` use the system Clang by default so CGO linking works. If you use `go build` or `go install` directly and see `unsupported tapi file type '!tapi-tbd'`, set the compiler: `CC=/usr/bin/clang CGO_ENABLED=1 go build -o bin/talon ./cmd/talon/`.\n\n**From a released version (stable):**\n\n```bash\ngo install github.com/dativo-io/talon/cmd/talon@latest\n# or a specific tag: ...@v1.0.0\n```\n\n**macOS:** If `go install` fails with `unsupported tapi file type '!tapi-tbd'` (Homebrew LLVM vs Apple SDK), use system Clang: `CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest`. Or clone the repo and run `make install` (Makefile forces system Clang).\n\n**Note:** You cannot install a branch with `go install ...@branch-name`; Go expects a module version (tag or pseudo-version). To run a branch, clone the repo and use `make build` or `make install` from that branch.\n\n---\n\n## Quick Start (2 minutes)\n\n```bash\n# Install (see Install section above), then:\nmkdir my-agents \u0026\u0026 cd my-agents\ntalon init          # Interactive wizard (in a terminal); or: talon init --scaffold for quick defaults\n\n# Set your LLM provider key (or use vault: talon secrets set openai-api-key \"sk-...\")\nexport OPENAI_API_KEY=sk-your-key\n# Or: talon secrets set openai-api-key \"sk-...\"\n# Also supports: ANTHROPIC_API_KEY, AWS_REGION (for Bedrock), Ollama (local, no key needed)\n\n# Run your first governed agent\ntalon run \"Summarize the key trends in European AI regulation\"\n```\n\nYou'll see:\n\n```\n✓ Policy check: ALLOWED\n\n[Agent response appears here]\n\n✓ Evidence stored: req_xxxxxxxx\n✓ Cost: €0.0018 | Duration: 1250ms\n```\n\nTry a policy block — set `daily: 0.001` in your `agent.talon.yaml`, run again, and watch the policy engine deny the request:\n\n```\n✗ Policy check: DENIED\n  Reason: budget_exceeded\n```\n\nInspect and verify the evidence:\n\n```bash\ntalon audit list --limit 10                    # List recent evidence\ntalon audit show \u003cevidence-id\u003e                 # Full record (classification, PII, HMAC status)\ntalon audit verify \u003cevidence-id\u003e               # Verify signature + compact summary\ntalon audit export --format csv --from ... --to ...  # Export for compliance (includes pii_detected, tiers)\n```\n\n(Evidence IDs are shown in run output, e.g. `req_xxxxxxxx`.)\n\nDeterministic explanation contract (MVP):\n- Every evidence record includes `explanations[]` with stable fields: `code`, `decision`, `stage`, `reason`, `trigger`, `fix`, `policy_ref`, `version_identity`.\n- List/index surfaces expose `primary_explanation_code` and `primary_explanation_reason`.\n- `version_identity` is dual-factor: declared policy version + canonical policy hash.\n\n## HTTP API Server\n\nRun the full REST API, MCP server, and embedded dashboard:\n\n```bash\n# Set admin key (for admin + dashboard/metrics endpoints)\nexport TALON_ADMIN_KEY=\"replace-with-strong-admin-key\"\n\n# Start server (dashboard at / and /dashboard)\ntalon serve --port 8080\n\n# With MCP proxy for vendor compliance (e.g. Zendesk AI)\ntalon serve --port 8080 --proxy-config examples/vendor-proxy/zendesk-proxy.talon.yaml\n\n# With LLM API gateway (proxy mode: route OpenAI/Anthropic/Ollama traffic through Talon)\ntalon serve --port 8080 --gateway --gateway-config examples/gateway/talon.config.gateway.yaml\n```\n\nEndpoints include: `GET /v1/health`, `GET /v1/status`, `POST /v1/agents/run`, `POST /v1/chat/completions` (OpenAI-compatible), `GET /v1/evidence`, `GET /v1/costs`, `GET /v1/plans/pending` (plan review), `POST /mcp` (native MCP), `POST /mcp/proxy` (when proxy is configured), `**POST /v1/proxy/{provider}/v1/chat/completions**` (LLM API gateway when `--gateway` is set; caller auth via `Authorization: Bearer \u003ctenant-key\u003e`), and operational control plane endpoints: `GET /v1/runs`, `POST /v1/runs/{id}/kill`, `POST /v1/runs/{id}/pause`, `POST /v1/runs/{id}/resume`, `GET /v1/overrides`, `POST /v1/overrides/{tenant_id}/lockdown`, `GET /v1/tool-approvals`, `POST /v1/tool-approvals/{id}/decide`. Tenant-scoped API routes use `Authorization: Bearer \u003ctenant-key\u003e`. Admin-only routes (including all `/v1/runs`, `/v1/overrides`, and `/v1/tool-approvals` endpoints) use `X-Talon-Admin-Key: \u003ckey\u003e` (or bearer fallback).\n\nFor browser navigation to dashboards, include the admin key in the URL once:\n\n- `http://localhost:8080/dashboard?talon_admin_key=YOUR_TALON_ADMIN_KEY`\n- `http://localhost:8080/gateway/dashboard?talon_admin_key=YOUR_TALON_ADMIN_KEY`\n\nDashboard links preserve this key automatically for subsequent navigation.\n\n**See:** [QUICKSTART.md](docs/QUICKSTART.md) for serve and dashboard usage.\n\n## Vendor Integration (MCP Proxy)\n\nRoute third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon for independent audit and PII redaction:\n\n1. Create a proxy config (see `examples/vendor-proxy/zendesk-proxy.talon.yaml`).\n2. Start Talon with `--proxy-config`:\n  ```bash\n   talon serve --port 8080 --proxy-config path/to/proxy.talon.yaml\n  ```\n3. Point the vendor at `https://your-talon-host/mcp/proxy`.\n\nTalon intercepts MCP traffic, enforces policy, redacts PII, and records evidence. Modes: **intercept** (block forbidden), **passthrough** (log only), **shadow** (audit without blocking).\n\n**See:** [VENDOR_INTEGRATION_GUIDE.md](docs/VENDOR_INTEGRATION_GUIDE.md) and [ARCHITECTURE_MCP_PROXY.md](docs/ARCHITECTURE_MCP_PROXY.md).\n\n## LLM API Gateway (Proxy Mode)\n\nRoute raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon so desktop apps, Slack bots, and scripts get the same controls without code changes:\n\n1. Create a gateway config (see `examples/gateway/talon.config.gateway.yaml`) with providers, caller tenant keys, and optional policy overrides (allowed models, cost limits).\n2. Start Talon with `--gateway` and `--gateway-config`:\n  ```bash\n   talon serve --port 8080 --gateway --gateway-config path/to/gateway.yaml\n  ```\n3. Point your app at `https://your-talon-host/v1/proxy/ollama/v1/chat/completions` (or `openai`, `anthropic`) and send `Authorization: Bearer \u003ccaller-key\u003e`.\n\nTalon identifies the caller, enforces per-caller model and cost policy, records evidence, and forwards to the configured upstream. Costs appear in `GET /v1/costs` for the caller's tenant.\n\n**See:** [OpenClaw integration](docs/guides/openclaw-integration.md), [CoPaw integration](docs/guides/copaw-integration.md), [Slack bot integration](docs/guides/slack-bot-integration.md), [Desktop apps](docs/guides/desktop-app-governance.md).\n\n## Features\n\n**Policy-as-Code** — Define agent policy in `agent.talon.yaml` files. Cost limits, data classification, model routing, tool access, time restrictions — all declarative, version-controlled, auditable.\n\n**MCP-Native** — Talon speaks Model Context Protocol. Connect any MCP-compatible agent or tool. Every MCP tool call passes through the policy engine. Works as transparent proxy for third-party vendors.\n\n**Vendor Integration** — Route third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon's MCP proxy. Gain tamper-proof records, PII redaction, and policy enforcement without vendor rewrites. This supports audit readiness even with black-box SaaS.\n\n**LLM API Gateway** — Route raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon at `/v1/proxy/`*. Desktop apps, Slack bots, and scripts use caller API keys; Talon enforces per-caller model and cost policy and records evidence. Same controls as native agents, zero app code changes beyond base URL.\n\n**Audited Secrets Vault** — API keys encrypted at rest (AES-256-GCM). Per-agent ACLs. Every secret retrieval logged. Upgrade path to Infisical for rotation and SAML.\n\n**Prompt Injection Prevention** — PDF/DOCX/HTML attachments are sandboxed automatically. Instruction-detection scanner flags injection attempts. Configurable: block, warn, or log.\n\n**Agent Memory** — Agents write learnings to an audited soul directory. Every memory write passes through a multi-layer pipeline (hardcoded forbidden categories, OPA policy, PII scan, conflict detection) and is HMAC-signed. Shadow mode lets operators observe memory behavior before enabling writes. Retention policies auto-purge expired entries. Prompt injection controls filter which memories enter LLM context. Rollback to any previous state if memory poisoning is detected. Unlike MemOS or mem0, Talon's memory is a compliance asset — not just a developer convenience.\n\n**Scheduled \u0026 Event-Driven** — Cron schedules and webhook triggers. Same policy enforcement whether an agent runs manually, on schedule, or from a GitHub webhook.\n\n**Shared Enterprise Context** — Read-only company knowledge mounts. All agents share the same org facts. Data classification tier propagates to model routing.\n\n**Multi-LLM** — OpenAI, Anthropic, AWS Bedrock (EU), Ollama (local). Tier-based routing: public data → cheap models, sensitive data → EU-only models.\n\n**Operational Control Plane** — Real-time visibility and intervention for running agents. List, pause, resume, and kill runs via admin API. Tenant lockdown halts all agent activity instantly. Runtime overrides disable tools or tighten cost caps without redeploying policy files. Pre-tool approval gates pause execution for human sign-off on sensitive operations. Structured failure taxonomy in evidence records (`cost_exceeded`, `operator_kill`, `policy_deny`, etc.) for incident analysis. See [Operational control plane reference](docs/reference/operational-control-plane.md).\n\n**OpenTelemetry-Native** — Traces, metrics, and logs export via OTel. GenAI semantic conventions for LLM observability. Upgrade path to Langfuse + LGTM stack.\n\n## How It Compares\n\n\n| Capability             | Talon                              | MemOS                                 | OpenClaw | LangChain | CrewAI  |\n| ---------------------- | ---------------------------------- | ------------------------------------- | -------- | --------- | ------- |\n| Policy enforcement     | Yes (OPA)                          | No                                    | No       | No        | No      |\n| Cost control           | Yes (per-request)                  | No                                    | No       | No        | No      |\n| PII detection          | Yes (EU patterns, configurable)    | No                                    | No       | No        | No      |\n| Signed evidence record | Yes (HMAC-signed)                  | No                                    | No       | No        | No      |\n| EU data stays in EU    | Yes (EU routing)                   | No                                    | No       | No        | No      |\n| MCP support            | Yes (native)                       | Yes                                   | Partial  | Partial   | No      |\n| **Vendor proxy**       | **Yes (MCP proxy)**                | **No**                                | **No**   | **No**    | **No**  |\n| **LLM API gateway**    | **Yes (/v1/proxy/)**               | **No**                                | **No**   | **No**    | **No**  |\n| Secrets vault          | Yes (audited)                      | No                                    | No       | No        | No      |\n| Prompt injection prev. | Yes (3-layer)                      | No                                    | No       | No        | No      |\n| Agent memory           | Yes (policy-controlled)            | Yes (advanced: KV-cache, graph, LoRA) | No       | No        | Partial |\n| **Memory controls**    | **Yes (PII scan, HMAC, rollback)** | **No**                                | **No**   | **No**    | **No**  |\n| **Operational control** | **Yes (kill/pause/lockdown/approve)** | **No**                             | **No**   | **No**    | **No**  |\n| Multi-tenant           | Yes                                | No                                    | No       | No        | No      |\n| Open source            | Apache 2.0                         | Apache 2.0                            | Yes      | Yes       | Yes     |\n| EU AI Act alignment    | Yes                                | No                                    | No       | No        | No      |\n\n\n**Key differentiator:** Talon is the only platform that adds compliance to existing third-party AI vendors without rewriting them. Your Zendesk AI Agent, Intercom bot, or custom Slack automation becomes audit-ready in hours.\n\n## Architecture\n\n```\n   ┌──────────────┐          ┌──────────────┐          ┌──────────────┐\n   │              │          │              │          │              │\n   │  Agent/User  │──────────│    Talon     │──────────│  LLM/Tools   │\n   │              │          │   (Proxy)    │          │  (Vendors)   │\n   └──────────────┘          └──────────────┘          └──────────────┘\n                                    │\n                         ┌──────────┴──────────┐\n                         │                     │\n                         ▼                     ▼\n              ┌──────────────────┐  ┌──────────────────┐\n              │ Policy Engine    │  │  Evidence Store  │\n              │ (OPA + Rego)     │  │  (SQLite/PG)     │\n              └──────────────────┘  └──────────────────┘\n\nSingle Go Binary (no microservices, no Kubernetes)\n```\n\nDetailed view:\n\n```\n   ┌──────────────┐          ┌──────────────┐          ┌──────────────┐\n   │              │          │              │          │              │\n   ↓              ↓          ↓              ↓          ↓              ↓\n   ┌──────────────┐          ┌──────────────┐          ┌──────────────┐\n   │   Policy     │          │   MCP Server │          │   Secrets    │\n   │   Engine     │          │   + LLM      │          │   Vault      │\n   │   (OPA)      │          │   Router     │          │   (AES-GCM)  │\n   └──────────────┘          └──────────────┘          └──────────────┘\n          │                          │                          │\n          ─                          ─                          ─\n   ┌──────────────┐          ┌──────────────┐          ┌──────────────┐\n   │ Attachment   │          │  Evidence    │          │   Agent      │\n   │ Scanner      │          │  Store       │          │   Memory     │\n   │ (Injection   │          │  (SQLite +   │          │   (Soul Dir) │\n   │  Prevention) │          │   OTel + HMAC)│          │              │\n   └──────────────┘          └──────────────┘          └──────────────┘\n          │                          │\n          ─                          ─\n   ┌──────────────┐          ┌──────────────────────┐\n   │ agent.talon  │          │  LLM Providers       │\n   │  .yaml       │          │  OpenAI/Anthropic    │\n   │              │          │  Bedrock/Ollama      │\n   └──────────────┘          └──────────────────────┘\n```\n\n## CLI Commands\n\n```bash\n# Project setup\ntalon init                                   # Interactive wizard (TTY); creates agent + infra config\ntalon init --scaffold                        # Quick defaults without wizard (e.g. in CI/scripts)\ntalon init --pack openclaw                   # Starter pack (openclaw, fintech-eu, etc.)\ntalon init --list-providers                  # List LLM providers; --list-packs, --list-features\ntalon validate                               # Validate agent.talon.yaml\n\n# Agent execution\ntalon run \"query\"                            # Run agent with policy enforcement\ntalon run --dry-run \"query\"                  # Show policy decision without LLM call\ntalon run --attach report.pdf \"Summarize\"    # Process attachments (injection-scanned)\ntalon run --agent sales --tenant acme \"...\"  # Specify agent and tenant\ntalon run --policy custom.talon.yaml \"...\"   # Use explicit policy file\n\n# Audit trail\ntalon audit list                             # List evidence records\ntalon audit list --tenant acme --limit 50    # Filter by tenant with limit\ntalon audit show \u003cevidence-id\u003e               # Full record (Layer 3: classification, PII, HMAC)\ntalon audit verify \u003cevidence-id\u003e             # Verify HMAC-SHA256 + compact summary\ntalon audit export --format csv|json|ndjson|html [--from YYYY-MM-DD] [--to YYYY-MM-DD]  # HTML is self-contained\ntalon compliance report --framework gdpr --format html --output gdpr-report.html          # Article-level mapping report\n\n# Secrets vault\ntalon secrets set \u003cname\u003e \u003cvalue\u003e             # Store encrypted secret (AES-256-GCM)\ntalon secrets list                           # List secrets (metadata only, values hidden)\ntalon secrets audit                          # View secret access log\ntalon secrets rotate \u003cname\u003e                  # Re-encrypt with fresh nonce\n\n# Agent memory\ntalon memory list [--agent name]             # Browse memory index\ntalon memory show \u003centry-id\u003e                 # Full entry detail\ntalon memory search \"query\"                  # Full-text search\ntalon memory rollback \u003cmem_id\u003e --yes                     # Rollback to entry (soft-delete newer)\ntalon memory health [--agent name]           # Trust distribution + conflicts\ntalon memory audit [--agent name]            # Evidence chain verification\n\n# Trigger server\ntalon serve [--port 8080]                    # Start HTTP server + cron scheduler\n\n# Plan review\ntalon plan pending [--tenant acme]           # List pending plans for review\ntalon plan approve \u003cplan-id\u003e [--tenant acme] # Approve pending plan\ntalon plan reject \u003cplan-id\u003e [--tenant acme]  # Reject pending plan\ntalon plan execute \u003cplan-id\u003e [--tenant acme] # Execute an approved plan in non-serve mode\ntalon approver add --name \"Jane Doe\" --role team_lead      # Generate approver bearer key\ntalon approver list                                          # List approver identities\ntalon monitor --tenant acme                                  # Drift signals (cost/denial/PII z-scores)\ntalon prompt history --tenant acme --agent support-bot       # Prompt versions (when audit.include_prompts=true)\ntalon agents score --tenant acme --agent support-bot         # Governance maturity score\ntalon costs --tenant acme --by-team                          # Team-level cost attribution\n\n# Sessions\ntalon session list --tenant acme             # List execution sessions\ntalon session show \u003csession-id\u003e              # Show session details\ntalon session trace \u003csession-id\u003e             # Show linked lifecycle evidence\n```\n\n### Optional request enrichment headers\n\nFor OpenAI-compatible and agent-run HTTP endpoints, Talon accepts optional governance headers:\n\n- `X-Talon-Reasoning`: agent-provided decision rationale (stored in signed evidence as `agent_reasoning`)\n- `X-Talon-Session-ID`: join an existing governed execution session (or Talon creates one)\n- `X-Talon-Agent-Signature` + `X-Talon-Agent-Timestamp`: optional per-agent HMAC request attestation\n\n## PII and pattern configuration\n\nPII detection uses **Presidio-compatible** recognizer definitions. Defaults are embedded (EU-focused: email, phone, IBAN, credit card, VAT, SSNs, IP, passport). You can extend or override them without recompiling:\n\n- **Global overrides:** Put a `patterns.yaml` file in `~/.talon/` or the project directory. Same YAML format as the built-in `patterns/pii_eu.yaml`. Later layers override earlier (embedded → global → per-agent).\n- **Per-agent:** In `agent.talon.yaml` under `policies.data_classification` set `enabled_entities` (whitelist), `disabled_entities` (blacklist), and/or `custom_recognizers` (extra patterns). See the commented block in `talon init --scaffold` or wizard-generated output.\n\nAttachment (prompt-injection) patterns are configured the same way; see `patterns/injection.yaml` for the default set.\n\n**Semantic enrichment (optional):** Redacted PII placeholders can include attributes (e.g. person gender, location scope) so downstream systems get structure without raw data. Enable in `policies.semantic_enrichment`; see [PII semantic enrichment](docs/reference/pii-semantic-enrichment.md).\n\n## Compliance Coverage\n\n\n| Framework | Status     | Key Talon Features                                                     |\n| --------- | ---------- | ---------------------------------------------------------------------- |\n| GDPR      | ✅ Core     | PII detection, data residency, right to erasure, tamper-proof record   |\n| ISO 27001 | ✅ Core     | Secrets management (A.8.24), logging (A.8.15), access control (A.5.15) |\n| NIS2      | ✅ Core     | Incident evidence, supply chain controls, risk management              |\n| DORA      | ⚡️ Partial | ICT incident logging, cost tracking, third-party risk                  |\n| EU AI Act | ✅ Core     | Risk classification, human oversight, transparency, documentation      |\n| SOC 2     | ⚡️ Partial | Trust services criteria via evidence + signed record                   |\n\n\nTalon supports these controls but does not, by itself, certify regulatory compliance. Final compliance depends on your full process, legal interpretation, and operating environment.\n\n**GDPR Article 30 Exports:** Generate processing records in one command. Shows what data was processed, by which agent, and when.\n\n**NIS2 Article 21 Evidence:** Signed incident/event logs with timestamps and policy decisions to support risk management and reporting workflows.\n\n**DORA ICT Risk Controls:** Cost governance, evidence retention, and third-party routing controls provide auditable input for operational resilience programs.\n\n**EU AI Act Articles 9, 13, 14:** Risk management policies, transparency logs, and human oversight gates as supporting controls.\n\n## Real-World Adoption Paths\n\n### Spanish Telecom (150 employees)\n\n**Before:** Custom Slack bot for eSIM support. Works great, but no verifiable record.\n**After:** Added Talon in 4 hours (5 lines of code). Added auditable GDPR + NIS2 support controls.\n**ROI:** €15,000 saved (avoided rewrite) + eliminated fine risk.\n\n### German Healthcare (400 employees)\n\n**Before:** Zendesk AI Agent (€3,000/month). Black box, no visibility.\n**After:** Routed through Talon MCP proxy in 1 week. Full tamper-proof record.\n**ROI:** €100,000 saved (kept vendor) + stronger GDPR audit evidence.\n\n### French FinTech (80 employees)\n\n**Before:** Building custom AI support from scratch.\n**After:** Used Talon from Day 1. Compliant without custom policy code.\n**ROI:** €25,000 saved (didn't build compliance layer) + faster time to market.\n\n**See:** [ADOPTION_SCENARIOS.md](docs/ADOPTION_SCENARIOS.md) for detailed timelines.\n\n## Examples\n\nSee `examples/` for ready-to-use agent configurations:\n\n- `examples/sales-analyst/` — Financial data analysis with PII redaction\n- `examples/support-agent/` — Customer support with EU data routing\n- `examples/code-reviewer/` — Code review with tool access controls\n- `examples/vendor-proxy/` — Third-party vendor compliance wrapper\n\n## Upgrade Path\n\nTalon is designed for progressive complexity — start simple, add sophistication via configuration:\n\n\n| Component       | MVP (Free)     | Growth (Self-hosted)    | Enterprise                   |\n| --------------- | -------------- | ----------------------- | ---------------------------- |\n| Storage         | SQLite         | PostgreSQL              | PostgreSQL + S3 WORM         |\n| Secrets         | Embedded vault | Infisical (self-hosted) | Infisical Enterprise / Vault |\n| Observability   | OTel → stdout  | LGTM stack + Langfuse   | Datadog / Elastic            |\n| Agent isolation | Process        | Docker / gVisor         | Firecracker MicroVMs         |\n| Protocols       | MCP            | MCP + A2A               | MCP + A2A + custom           |\n| Auth            | API key        | OIDC                    | SAML / SSO                   |\n\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) and [AI_ASSISTANCE.md](AI_ASSISTANCE.md).\n\nQuick ways to help:\n\n- New contributors: [`good first issue`](https://github.com/dativo-io/talon/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22)\n- Larger tasks: [`help wanted`](https://github.com/dativo-io/talon/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22)\n- Start here issue: [Roadmap + how to contribute](https://github.com/dativo-io/talon/issues/54)\n- Roadmap context: [ROADMAP.md](ROADMAP.md)\n- Share a deployment story: [case study template](docs/ADOPTION_SCENARIOS.md#case-study-template-for-community-contributions)\n- Maintainer response target: first response within 72 hours (best effort)\n\n## Release Notes That Teach\n\nFor notable releases, we document:\n\n- problem solved,\n- who should care,\n- how to verify quickly,\n- upgrade impact,\n- one share artifact (screenshot/GIF/snippet) when relevant.\n\nSee [CHANGELOG.md](CHANGELOG.md) and [Releases](https://github.com/dativo-io/talon/releases).\n\n## License\n\nApache 2.0 — See [LICENSE](LICENSE)\n\n## Links\n\n- **Documentation:** [docs/](docs/)\n- **Quick Start:** [QUICKSTART.md](docs/QUICKSTART.md)\n- **Contributing:** [CONTRIBUTING.md](CONTRIBUTING.md)\n- **Code of Conduct:** [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)\n- **Security Policy:** [SECURITY.md](SECURITY.md)\n- **Persona Guides:** [PERSONA_GUIDES.md](docs/PERSONA_GUIDES.md) — How Compliance, CTO, SecOps, FinOps, and DevOps use Talon\n- **Memory Governance:** [MEMORY_GOVERNANCE.md](docs/MEMORY_GOVERNANCE.md)\n- **Vendor Integration:** [VENDOR_INTEGRATION_GUIDE.md](docs/VENDOR_INTEGRATION_GUIDE.md)\n- **Operational Control Plane:** [docs/reference/operational-control-plane.md](docs/reference/operational-control-plane.md) — Run management, overrides, tool approval API\n- **Adoption Paths:** [ADOPTION_SCENARIOS.md](docs/ADOPTION_SCENARIOS.md)\n- **Website:** [https://talon.dativo.io](https://talon.dativo.io)\n- **Issues:** [https://github.com/dativo-io/talon/issues](https://github.com/dativo-io/talon/issues)\n\n---\n\n**EU AI Act enforcement: August 2026. Do you have evidence and human-oversight controls for your AI operations?**\n\n**Already using AI vendors? Add policy enforcement and signed evidence in hours, not months.**","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdativo-io%2Ftalon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdativo-io%2Ftalon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdativo-io%2Ftalon/lists"}