Talon is a single Go binary that acts as a transparent proxy in front of OpenAI, Anthropic, and Bedrock. Point your existing apps at localhost:8080/v1/proxy/openai instead of api.openai.com — same API, same response, but now every call is policy-checked, PII-scanned, cost-tracked, and audit-logged. Works with Slack bots, OpenClaw, CoPaw, anything OpenAI-compatible.
Built for EU companies facing GDPR, NIS2, DORA, and the EU AI Act (August 2026 deadline), but the governance features are useful anywhere. Apache 2.0.
$ talon audit list
ID TIME CALLER PII COST(€) MODEL DECISION
evt_a1b2c3 2026-03-15T10:23:45 slack-bot email(1) 0.003 gpt-4o-mini allowed
evt_d4e5f6 2026-03-15T10:24:12 hr-assistant iban(2) 0.008 gpt-4o blocked:pii
evt_g7h8i9 2026-03-15T10:25:01 eng-tools none 0.012 claude-3.5 allowed
evt_j0k1l2 2026-03-15T10:25:30 support-bot email(1),phone 0.004 gpt-4o-mini allowed:redacted
Intercept every AI API call across your company. PII scanning, cost tracking per team, tamper-proof audit trail. One URL change, no code rewrites.
git clone https://github.com/dativo-io/talon && cd talon
cd examples/docker-compose && docker compose up
# In another terminal — send a request with PII:
curl -X POST http://localhost:8080/v1/proxy/openai/v1/chat/completions \
-H "Content-Type: application/json" \
-d '{"model":"gpt-4o-mini","messages":[{"role":"user","content":"My email is jan@example.com and my IBAN is DE89370400440532013000. Help me reset my password."}]}'
# Check the audit trail:
docker compose exec talon /usr/local/bin/talon audit listThe mock provider handles the LLM call. Evidence appears immediately — PII detected, cost logged, HMAC-signed record created. What exactly does Talon do to your request?
- Every AI call through one gateway. Route all your apps — Slack bots, internal tools, vendor integrations — through Talon. One place to see costs, PII exposure, and policy violations across every team.
- No code changes required. Set one environment variable (
OPENAI_BASE_URL) and your existing code works through Talon. Shadow mode logs everything without blocking anything. - Tamper-proof audit trail. Every request generates an HMAC-signed evidence record in SQLite. Export to CSV for your compliance officer. Verify integrity with
talon audit verify. - EU AI Act enforcement starts August 2026. Talon implements Articles 9 (risk management), 13 (transparency), and 14 (human oversight) as code.
- Single binary, zero infrastructure. No Docker, no Postgres, no Redis to start. Embedded OPA for policies, SQLite for storage, OpenTelemetry for observability.
- Third-party vendors are black boxes. You're liable even if they claim compliance. Talon gives you independent audit trails via MCP proxy.
Scenario: You pay Many €/month for Zendesk AI Agent, Intercom, or HubSpot AI. It works great, but you can't prove GDPR compliance.
Solution: Route vendor through Talon's MCP proxy (30 minutes setup).
# Point vendor to Talon, gain full visibility
agent:
name: "zendesk-vendor-proxy"
type: "mcp_proxy"
proxy:
upstream: "https://zendesk-ai-agent.com"
pii_handling:
redaction_rules:
- field: "customer_email"
method: "hash"
- field: "customer_phone"
method: "mask_middle"
compliance:
frameworks: ["gdpr", "nis2"]
audit_retention: 365Result:
- ✅ Vendor keeps working (transparent proxy)
- ✅ You have audit trail (GDPR Article 30 exports)
- ✅ PII redacted before vendor access
- ✅ Can block forbidden operations
See: VENDOR_INTEGRATION_GUIDE.md
Scenario: You built a Slack bot 6 months ago. Works great, but compliance officer needs audit trails.
Solution: Add 5 lines of code to route through Talon (4 hours setup).
# BEFORE (ungoverned)
response = openai.ChatCompletion.create(
model="gpt-4",
messages=[{"role": "user", "content": query}]
)
# AFTER (governed) - 5 lines changed
response = requests.post("http://localhost:8081/v1/chat/completions", json={
"agent_id": "slack-support-bot",
"model": "gpt-4",
"messages": [{"role": "user", "content": query}]
})Result:
- ✅ Bot keeps working (same UX)
- ✅ Now GDPR + NIS2 compliant
- ✅ No rewrite needed
- ✅ Audit-ready in 1 day
Scenario: Greenfield project, want to build compliant from Day 1.
Solution: Use Talon from the start (2 minutes to first agent).
# Install
go install github.com/dativo-io/talon/cmd/talon@latest
# macOS: if you see "unsupported tapi file type" or clang linker error, use:
# CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest
# or: curl -sSL https://install.gettalon.dev | sh
# Initialize (interactive wizard in a terminal; use --scaffold for quick defaults)
mkdir my-agents && cd my-agents
talon init
# Configure secrets (or use env: export OPENAI_API_KEY=sk-proj-...)
talon secrets set openai-api-key "sk-proj-..."
# Run first governed agent
talon run "Summarize EU AI regulation trends"Result:
- ✅ Compliant from Day 1
- ✅ No custom governance code
- ✅ Policy-as-code in YAML
- ✅ Audit trail automatic
See: QUICKSTART.md
Talon requires Go 1.22+ and CGO (for SQLite). Standard options:
From source (any branch, recommended for development):
git clone https://github.com/dativo-io/talon.git
cd talon
git checkout main # or feat/your-branch
make build # → bin/talon
# or: make install # → $GOPATH/bin/talonOn macOS, make build / make install use the system Clang by default so CGO linking works. If you use go build or go install directly and see unsupported tapi file type '!tapi-tbd', set the compiler: CC=/usr/bin/clang CGO_ENABLED=1 go build -o bin/talon ./cmd/talon/.
From a released version (stable):
go install github.com/dativo-io/talon/cmd/talon@latest
# or a specific tag: ...@v1.0.0macOS: If go install fails with unsupported tapi file type '!tapi-tbd' (Homebrew LLVM vs Apple SDK), use system Clang: CC=/usr/bin/clang go install github.com/dativo-io/talon/cmd/talon@latest. Or clone the repo and run make install (Makefile forces system Clang).
Note: You cannot install a branch with go install ...@branch-name; Go expects a module version (tag or pseudo-version). To run a branch, clone the repo and use make build or make install from that branch.
# Install (see Install section above), then:
mkdir my-agents && cd my-agents
talon init # Interactive wizard (in a terminal); or: talon init --scaffold for quick defaults
# Set your LLM provider key (or use vault: talon secrets set openai-api-key "sk-...")
export OPENAI_API_KEY=sk-your-key
# Or: talon secrets set openai-api-key "sk-..."
# Also supports: ANTHROPIC_API_KEY, AWS_REGION (for Bedrock), Ollama (local, no key needed)
# Run your first governed agent
talon run "Summarize the key trends in European AI regulation"You'll see:
✓ Policy check: ALLOWED
[Agent response appears here]
✓ Evidence stored: req_xxxxxxxx
✓ Cost: €0.0018 | Duration: 1250ms
Try a policy block — set daily: 0.001 in your agent.talon.yaml, run again, and watch the policy engine deny the request:
✗ Policy check: DENIED
Reason: budget_exceeded
Inspect and verify the audit trail:
talon audit list --limit 10 # List recent evidence
talon audit show <evidence-id> # Full record (classification, PII, HMAC status)
talon audit verify <evidence-id> # Verify signature + compact summary
talon audit export --format csv --from ... --to ... # Export for compliance (includes pii_detected, tiers)(Evidence IDs are shown in run output, e.g. req_xxxxxxxx.)
Run the full REST API, MCP server, and embedded dashboard:
# Set API keys (comma-separated: key or key:tenant_id)
export TALON_API_KEYS="your-secret-key:default"
# Start server (dashboard at / and /dashboard)
talon serve --port 8080
# With MCP proxy for vendor compliance (e.g. Zendesk AI)
talon serve --port 8080 --proxy-config examples/vendor-proxy/zendesk-proxy.talon.yaml
# With LLM API gateway (proxy mode: route OpenAI/Anthropic/Ollama traffic through Talon)
talon serve --port 8080 --gateway --gateway-config examples/gateway/talon.config.gateway.yamlEndpoints include: GET /v1/health, GET /v1/status, POST /v1/agents/run, POST /v1/chat/completions (OpenAI-compatible), GET /v1/evidence, GET /v1/costs, GET /v1/plans/pending (plan review), POST /mcp (native MCP), POST /mcp/proxy (when proxy is configured), and POST /v1/proxy/{provider}/v1/chat/completions (LLM API gateway when --gateway is set; caller auth via Authorization: Bearer <gateway-caller-key>). Talon API routes use X-Talon-Key: <key> or Authorization: Bearer <key>.
See: QUICKSTART.md for serve and dashboard usage.
Route third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon for independent audit and PII redaction:
- Create a proxy config (see
examples/vendor-proxy/zendesk-proxy.talon.yaml). - Start Talon with
--proxy-config:talon serve --port 8080 --proxy-config path/to/proxy.talon.yaml
- Point the vendor at
https://your-talon-host/mcp/proxy.
Talon intercepts MCP traffic, enforces policy, redacts PII, and records evidence. Modes: intercept (block forbidden), passthrough (log only), shadow (audit without blocking).
See: VENDOR_INTEGRATION_GUIDE.md and ARCHITECTURE_MCP_PROXY.md.
Route raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon so desktop apps, Slack bots, and scripts get the same governance without code changes:
- Create a gateway config (see
examples/gateway/talon.config.gateway.yaml) with providers, caller API keys, and optional policy overrides (allowed models, cost limits). - Start Talon with
--gatewayand--gateway-config:talon serve --port 8080 --gateway --gateway-config path/to/gateway.yaml
- Point your app at
https://your-talon-host/v1/proxy/ollama/v1/chat/completions(oropenai,anthropic) and sendAuthorization: Bearer <caller-key>.
Talon identifies the caller, enforces per-caller model and cost policy, records evidence, and forwards to the configured upstream. Costs appear in GET /v1/costs for the caller's tenant.
See: OpenClaw integration, CoPaw integration, Slack bot integration, Desktop app governance.
Policy-as-Code — Define agent governance in agent.talon.yaml files. Cost limits, data classification, model routing, tool access, time restrictions — all declarative, version-controlled, auditable.
MCP-Native — Talon speaks Model Context Protocol. Connect any MCP-compatible agent or tool. Every MCP tool call passes through the policy engine. Works as transparent proxy for third-party vendors.
Vendor Integration — Route third-party AI vendors (Zendesk, Intercom, HubSpot) through Talon's MCP proxy. Gain audit trails, PII redaction, and policy enforcement without vendor rewrites. You stay compliant even with black-box SaaS.
LLM API Gateway — Route raw LLM API traffic (OpenAI, Anthropic, Ollama) through Talon at /v1/proxy/*. Desktop apps, Slack bots, and scripts use caller API keys; Talon enforces per-caller model and cost policy and records evidence. Same governance as native agents, zero app code changes beyond base URL.
Audited Secrets Vault — API keys encrypted at rest (AES-256-GCM). Per-agent ACLs. Every secret retrieval logged. Upgrade path to Infisical for rotation and SAML.
Prompt Injection Prevention — PDF/DOCX/HTML attachments are sandboxed automatically. Instruction-detection scanner flags injection attempts. Configurable: block, warn, or log.
Governed Agent Memory — Agents write learnings to an audited soul directory. Every memory write passes through a multi-layer governance pipeline (hardcoded forbidden categories, OPA policy, PII scan, conflict detection) and is HMAC-signed. Shadow mode lets operators observe memory behavior before enabling writes. Retention policies auto-purge expired entries. Prompt injection controls filter which memories enter LLM context. Rollback to any previous state if memory poisoning is detected. Unlike MemOS or mem0, Talon's memory is a compliance asset — not just a developer convenience.
Scheduled & Event-Driven — Cron schedules and webhook triggers. Same policy enforcement whether an agent runs manually, on schedule, or from a GitHub webhook.
Shared Enterprise Context — Read-only company knowledge mounts. All agents share the same org facts. Data classification tier propagates to model routing.
Multi-LLM — OpenAI, Anthropic, AWS Bedrock (EU), Ollama (local). Tier-based routing: public data → cheap models, sensitive data → EU-only models.
OpenTelemetry-Native — Traces, metrics, and logs export via OTel. GenAI semantic conventions for LLM observability. Upgrade path to Langfuse + LGTM stack.
| Capability | Talon | MemOS | OpenClaw | LangChain | CrewAI |
|---|---|---|---|---|---|
| Policy enforcement | Yes (OPA) | No | No | No | No |
| Cost control | Yes (per-request) | No | No | No | No |
| PII detection | Yes (EU patterns, configurable) | No | No | No | No |
| Audit trail | Yes (HMAC-signed) | No | No | No | No |
| Data sovereignty | Yes (EU routing) | No | No | No | No |
| MCP support | Yes (native) | Yes | Partial | Partial | No |
| Vendor proxy | Yes (MCP proxy) | No | No | No | No |
| LLM API gateway | Yes (/v1/proxy/*) | No | No | No | No |
| Secrets vault | Yes (audited) | No | No | No | No |
| Prompt injection prev. | Yes (3-layer) | No | No | No | No |
| Agent memory | Yes (governed) | Yes (advanced: KV-cache, graph, LoRA) | No | No | Partial |
| Memory governance | Yes (PII scan, HMAC, rollback) | No | No | No | No |
| Multi-tenant | Yes | No | No | No | No |
| Open source | Apache 2.0 | Apache 2.0 | Yes | Yes | Yes |
| EU AI Act alignment | Yes | No | No | No | No |
Key differentiator: Talon is the only platform that adds compliance to existing third-party AI vendors without rewriting them. Your Zendesk AI Agent, Intercom bot, or custom Slack automation becomes audit-ready in hours.
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ │ │ │ │ │
│ Agent/User │──────────│ Talon │──────────│ LLM/Tools │
│ │ │ (Proxy) │ │ (Vendors) │
└──────────────┘ └──────────────┘ └──────────────┘
│
┌──────────┴──────────┐
│ │
▼ ▼
┌──────────────────┐ ┌──────────────────┐
│ Policy Engine │ │ Evidence Store │
│ (OPA + Rego) │ │ (SQLite/PG) │
└──────────────────┘ └──────────────────┘
Single Go Binary (no microservices, no Kubernetes)
Detailed view:
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ │ │ │ │ │
↓ ↓ ↓ ↓ ↓ ↓
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Policy │ │ MCP Server │ │ Secrets │
│ Engine │ │ + LLM │ │ Vault │
│ (OPA) │ │ Router │ │ (AES-GCM) │
└──────────────┘ └──────────────┘ └──────────────┘
│ │ │
─ ─ ─
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Attachment │ │ Evidence │ │ Agent │
│ Scanner │ │ Store │ │ Memory │
│ (Injection │ │ (SQLite + │ │ (Soul Dir) │
│ Prevention) │ │ OTel + HMAC)│ │ │
└──────────────┘ └──────────────┘ └──────────────┘
│ │
─ ─
┌──────────────┐ ┌──────────────────────┐
│ agent.talon │ │ LLM Providers │
│ .yaml │ │ OpenAI/Anthropic │
│ │ │ Bedrock/Ollama │
└──────────────┘ └──────────────────────┘
# Agent execution
talon run "query" # Run agent with policy enforcement
talon run --dry-run "query" # Show policy decision without LLM call
talon run --attach report.pdf "Summarize" # Process attachments (injection-scanned)
talon run --agent sales --tenant acme "..." # Specify agent and tenant
talon run --policy custom.talon.yaml "..." # Use explicit policy file
# Project setup
talon init # Interactive wizard (TTY); creates agent + infra config
talon init --scaffold # Quick defaults without wizard (e.g. in CI/scripts)
talon init --pack openclaw # Starter pack (openclaw, fintech-eu, etc.)
talon init --list-providers # List LLM providers; --list-packs, --list-features
talon validate # Validate agent.talon.yaml
# Audit trail
talon audit list # List evidence records
talon audit list --tenant acme --limit 50 # Filter by tenant with limit
talon audit show <evidence-id> # Full record (Layer 3: classification, PII, HMAC)
talon audit verify <evidence-id> # Verify HMAC-SHA256 + compact summary
talon audit export --format csv|json [--from YYYY-MM-DD] [--to YYYY-MM-DD] # Export with pii_detected, tiers
# Secrets vault
talon secrets set <name> <value> # Store encrypted secret (AES-256-GCM)
talon secrets list # List secrets (metadata only, values hidden)
talon secrets audit # View secret access log
talon secrets rotate <name> # Re-encrypt with fresh nonce
# Agent memory
talon memory list [--agent name] # Browse memory index
talon memory show <entry-id> # Full entry detail
talon memory search "query" # Full-text search
talon memory rollback <mem_id> --yes # Rollback to entry (soft-delete newer)
talon memory health [--agent name] # Trust distribution + conflicts
talon memory audit [--agent name] # Evidence chain verification
# Trigger server
talon serve [--port 8080] # Start HTTP server + cron scheduler
# Coming soon
talon costs [--tenant acme] # Cost and budget summaryPII detection uses Presidio-compatible recognizer definitions. Defaults are embedded (EU-focused: email, phone, IBAN, credit card, VAT, SSNs, IP, passport). You can extend or override them without recompiling:
- Global overrides: Put a
patterns.yamlfile in~/.talon/or the project directory. Same YAML format as the built-inpatterns/pii_eu.yaml. Later layers override earlier (embedded → global → per-agent). - Per-agent: In
agent.talon.yamlunderpolicies.data_classificationsetenabled_entities(whitelist),disabled_entities(blacklist), and/orcustom_recognizers(extra patterns). See the commented block intalon init --scaffoldor wizard-generated output.
Attachment (prompt-injection) patterns are configured the same way; see patterns/injection.yaml for the default set.
| Framework | Status | Key Talon Features |
|---|---|---|
| GDPR | ✅ Core | PII detection, data residency, right to erasure, audit trail |
| ISO 27001 | ✅ Core | Secrets management (A.8.24), logging (A.8.15), access control (A.5.15) |
| NIS2 | ✅ Core | Incident evidence, supply chain controls, risk management |
| DORA | ⚡️ Partial | ICT incident logging, cost tracking, third-party risk |
| EU AI Act | ✅ Core | Risk classification, human oversight, transparency, documentation |
| SOC 2 | ⚡️ Partial | Trust services criteria via evidence + audit trail |
GDPR Article 30 Exports: Generate processing records in one command. Proves what data was processed, by which agent, when, and with what legal basis.
NIS2 Article 21 Evidence: Complete incident logs with timestamps, policy decisions, and audit trails. Required for cyber incident reporting.
EU AI Act Articles 9, 13, 14: Risk management system (OPA policies), transparency logs (evidence store), human oversight (plan review UI).
Before: Custom Slack bot for eSIM support. Works great, but no audit trail. After: Added Talon in 4 hours (5 lines of code). Now GDPR + NIS2 compliant. ROI: €15,000 saved (avoided rewrite) + eliminated fine risk.
Before: Zendesk AI Agent (€3,000/month). Black box, no visibility. After: Routed through Talon MCP proxy in 1 week. Full audit trail. ROI: €100,000 saved (kept vendor) + GDPR compliance proven.
Before: Building custom AI support from scratch. After: Used Talon from Day 1. Compliant without custom governance code. ROI: €25,000 saved (didn't build compliance layer) + faster time to market.
See: ADOPTION_SCENARIOS.md for detailed timelines.
See examples/ for ready-to-use agent configurations:
examples/sales-analyst/— Financial data analysis with PII redactionexamples/support-agent/— Customer support with data sovereigntyexamples/code-reviewer/— Code review with tool access controlsexamples/vendor-proxy/— Third-party vendor compliance wrapper
Talon is designed for progressive complexity — start simple, add sophistication via configuration:
| Component | MVP (Free) | Growth (Self-hosted) | Enterprise |
|---|---|---|---|
| Storage | SQLite | PostgreSQL | PostgreSQL + S3 WORM |
| Secrets | Embedded vault | Infisical (self-hosted) | Infisical Enterprise / Vault |
| Observability | OTel → stdout | LGTM stack + Langfuse | Datadog / Elastic |
| Agent isolation | Process | Docker / gVisor | Firecracker MicroVMs |
| Protocols | MCP | MCP + A2A | MCP + A2A + custom |
| Auth | API key | OIDC | SAML / SSO |
See CONTRIBUTING.md for development workflow.
Apache 2.0 — See LICENSE
- Documentation: docs/
- Quick Start: QUICKSTART.md
- Persona Guides: PERSONA_GUIDES.md — How Compliance, CTO, SecOps, FinOps, and DevOps use Talon
- Memory Governance: MEMORY_GOVERNANCE.md
- Vendor Integration: VENDOR_INTEGRATION_GUIDE.md
- Adoption Paths: ADOPTION_SCENARIOS.md
- Website: https://talon.dativo.io
- Community: https://github.com/dativo-io/talon/discussions
EU AI Act enforcement: August 2026. Are your AI agents compliant?
Already using AI vendors? Make them compliant in hours, not months.
