Configured posture
Show declared sovereignty and deployment settings, including EU/local and air-gap choices.
Talon is the control plane for company AI use cases. Its sovereignty report is supporting proof: configured EU/local and air-gap posture combined with observed runtime destinations, egress denials and routing rejections where evidence is available.
talon compliance sovereignty \
--format html \
--tenant acme \
--gateway-config talon.config.yaml \
--output sovereignty.acme.html
Report can include:
✓ configured posture
✓ provider evaluation
✓ gateway upstreams
✓ observed destinations
✓ egress denialsWhy it exists
A policy document saying “we prefer EU providers” is not enough. The useful question is whether configured intent and observed runtime behavior tell a consistent story. Talon can package those technical facts for review.
Show declared sovereignty and deployment settings, including EU/local and air-gap choices.
Aggregate signed destination facts by provider, kind and region where evidence contains them.
Surface egress denials and routing rejections so reviewers can see controls that actually executed.
Air-gap mode
Current Talon air-gap behavior applies a deny-by-default local/EU egress posture and requires explicit runtime configuration. The exact configuration contract is documented in the current source; the website does not turn this into a universal compliance claim.
sovereignty:
mode: eu_strict
deployment_mode: air_gap
gateway:
providers:
ollama:
enabled: true
base_url: http://127.0.0.1:11434
region: LOCAL
talon doctor --gateway-config talon.config.yamlWhat appears in the artifact
| Section | Source | Review value |
|---|---|---|
| Configured sovereignty posture | Runtime configuration | Shows intended data-residency and egress posture. |
| Provider evaluation | Provider metadata and routing policy | Shows allowed or rejected candidates under the selected mode. |
| Gateway upstreams | Gateway config | Shows declared upstreams and regions. |
| Observed destinations | Signed runtime evidence | Shows where intercepted AI traffic actually went. |
| Policy and egress denials | Signed runtime evidence | Shows blocked paths and reasons. |
Customer-safe language
The report helps teams answer practical questions: which providers were configured, which destinations were observed, what was blocked, and which records verify. It does not replace legal advice, a DPO assessment, contractual review or formal certification.
# JSON for machines
talon compliance sovereignty --format json
# HTML for review packets
talon compliance sovereignty --format html \
--output sovereignty.html
# Verify an underlying runtime record
talon audit verify <evidence-id>Evaluate the trust layer
Run the documented air-gap path, verify allowed local traffic and denied egress, then generate the sovereignty posture report from the same control-plane facts.