Trust layer · Review artifact

Show the sovereignty posture around your AI use cases.

Talon is the control plane for company AI use cases. Its sovereignty report is supporting proof: configured EU/local and air-gap posture combined with observed runtime destinations, egress denials and routing rejections where evidence is available.

talon compliance sovereignty \
  --format html \
  --tenant acme \
  --gateway-config talon.config.yaml \
  --output sovereignty.acme.html

Report can include:
✓ configured posture
✓ provider evaluation
✓ gateway upstreams
✓ observed destinations
✓ egress denials
eu_strictair_gapLOCAL / EU providersegress denialsrouting rejectionsHTML / JSON

Why it exists

Operational controls need a reviewable posture artifact.

A policy document saying “we prefer EU providers” is not enough. The useful question is whether configured intent and observed runtime behavior tell a consistent story. Talon can package those technical facts for review.

Configured posture

Show declared sovereignty and deployment settings, including EU/local and air-gap choices.

Observed destinations

Aggregate signed destination facts by provider, kind and region where evidence contains them.

Denied paths

Surface egress denials and routing rejections so reviewers can see controls that actually executed.

Air-gap mode

Support local-only or private in-region model deployments.

Current Talon air-gap behavior applies a deny-by-default local/EU egress posture and requires explicit runtime configuration. The exact configuration contract is documented in the current source; the website does not turn this into a universal compliance claim.

sovereignty:
  mode: eu_strict
  deployment_mode: air_gap

gateway:
  providers:
    ollama:
      enabled: true
      base_url: http://127.0.0.1:11434
      region: LOCAL

talon doctor --gateway-config talon.config.yaml

What appears in the artifact

Declared controls plus observed runtime facts.

SectionSourceReview value
Configured sovereignty postureRuntime configurationShows intended data-residency and egress posture.
Provider evaluationProvider metadata and routing policyShows allowed or rejected candidates under the selected mode.
Gateway upstreamsGateway configShows declared upstreams and regions.
Observed destinationsSigned runtime evidenceShows where intercepted AI traffic actually went.
Policy and egress denialsSigned runtime evidenceShows blocked paths and reasons.

Customer-safe language

Supporting evidence, not a certificate.

The report helps teams answer practical questions: which providers were configured, which destinations were observed, what was blocked, and which records verify. It does not replace legal advice, a DPO assessment, contractual review or formal certification.

# JSON for machines
talon compliance sovereignty --format json

# HTML for review packets
talon compliance sovereignty --format html \
  --output sovereignty.html

# Verify an underlying runtime record
talon audit verify <evidence-id>

Evaluate the trust layer

Test local-only control, then inspect the resulting artifact.

Run the documented air-gap path, verify allowed local traffic and denied egress, then generate the sovereignty posture report from the same control-plane facts.