Skip to main content

Operational control plane

Talon's operational control plane provides real-time visibility and intervention capabilities for running AI agents. All endpoints are admin-only (require X-Talon-Admin-Key or bearer fallback).


Concepts

Run lifecycle

Every agent execution follows a state machine:

QUEUED → RUNNING → COMPLETED
→ FAILED (with failure_reason)
→ TERMINATED (operator kill)
→ BLOCKED (policy deny at runtime)
→ DENIED (tenant lockdown)

RUNNING → PAUSED → RUNNING (resume)
→ TERMINATED (kill while paused)

Terminal states: completed, failed, terminated, blocked, denied.

Failure taxonomy

When a run ends in a non-success state, the evidence record includes a structured failure_reason:

ReasonMeaning
cost_exceededPer-request or accumulated cost exceeded budget
tool_timeoutA tool execution timed out
tool_failureA tool returned an error
tool_escalationA tool was auto-disabled after 3 consecutive failures
llm_errorLLM provider returned an error
llm_timeoutLLM call timed out
containment_denyContainment policy blocked execution
circuit_breakerCircuit breaker tripped for this agent
operator_killAdmin terminated the run via API
context_timeoutOverall agent timeout exceeded
policy_denyOPA policy denied the request
pii_blockPII detected and policy is set to block
hook_denyA lifecycle hook rejected execution
internal_errorUnexpected internal error
max_steps_exceededAgent exceeded max iteration count

Operator overrides

Runtime overrides take precedence over .talon.yaml policy. They are in-memory and reset on server restart. Use them for incident response — not permanent policy changes.

Tool approval gates

Tools listed in resource_limits.require_approval pause execution and wait for human approval before proceeding. If no decision arrives within 5 minutes (default), the tool call is denied.


Run management API

List runs

GET /v1/runs[?tenant_id=X]

Returns all active (non-terminal) runs. Optional tenant_id query parameter filters by tenant.

Response:

{
"runs": [
{
"correlation_id": "req_abc123",
"tenant_id": "acme",
"agent_id": "support-bot",
"status": "running",
"started_at": "2026-03-28T10:00:00Z",
"updated_at": "2026-03-28T10:00:05Z",
"step_count": 3,
"cost_accrued": 0.0042,
"tool_calls": 2,
"duration_ms": 5000
}
],
"count": 1
}

Get run

GET /v1/runs/{id}

Returns the full state of a single run by correlation ID. Returns 404 if the run is not found.

Kill run

POST /v1/runs/{id}/kill

Cancels the context of a running or paused run. The run transitions to terminated with failure_reason: operator_kill. Evidence is recorded.

Response:

{"status": "terminated", "correlation_id": "req_abc123"}

Kill all runs for tenant

POST /v1/runs/kill-all?tenant_id=X

Terminates all active runs for the specified tenant. The tenant_id query parameter is required.

Response:

{"status": "terminated", "tenant_id": "acme", "killed": 3}

Pause run

POST /v1/runs/{id}/pause

Pauses a running agent at the next loop iteration boundary. The run status transitions to paused. The agent will not make further LLM calls or tool executions until resumed or killed.

Response:

{"status": "paused", "correlation_id": "req_abc123"}

Resume run

POST /v1/runs/{id}/resume

Resumes a paused run. The run status transitions back to running.

Response:

{"status": "running", "correlation_id": "req_abc123"}

Override API

Overrides are in-memory and per-tenant. They take precedence over .talon.yaml policy for the duration of the server process.

List overrides

GET /v1/overrides

Returns all active overrides, keyed by tenant ID.

Get overrides for tenant

GET /v1/overrides/{tenant_id}

Returns the current override state for a specific tenant, or {"status": "no overrides"} if none are set.

Tenant lockdown

POST /v1/overrides/{tenant_id}/lockdown

Activates lockdown mode: all new runs for this tenant are immediately denied (status: denied), and all currently active runs are killed.

Response:

{"tenant_id": "acme", "lockdown": true, "runs_killed": 3}

Lift lockdown

DELETE /v1/overrides/{tenant_id}/lockdown

Removes lockdown. New runs are allowed again.

Response:

{"tenant_id": "acme", "lockdown": false}

Disable tools

POST /v1/overrides/{tenant_id}/tools/disable

Request body:

{"tools": ["bulk_delete_users", "send_email"], "reason": "INC-2026-042"}

Disabled tools are removed from the agent's available tool set at runtime. Any call to a disabled tool is rejected with a synthetic error.

Response:

{"tenant_id": "acme", "disabled_tools": ["bulk_delete_users", "send_email"], "reason": "INC-2026-042"}

Enable tools

POST /v1/overrides/{tenant_id}/tools/enable

Request body:

{"tools": ["send_email"]}

Re-enables previously disabled tools.

Policy override

POST /v1/overrides/{tenant_id}/policy

Request body:

{"max_cost_per_run": 0.10, "max_tool_calls": 5}

Sets stricter runtime caps that override .talon.yaml values. Both fields are optional; omit a field to leave it unchanged.

Clear all overrides

DELETE /v1/overrides/{tenant_id}

Removes all overrides (lockdown, disabled tools, policy caps) for the tenant.


Tool approval API

List pending approvals

GET /v1/tool-approvals

Returns all pending tool approval requests.

Response:

{
"pending": [
{
"id": "apr_xyz789",
"correlation_id": "req_abc123",
"tenant_id": "acme",
"agent_id": "support-bot",
"tool_name": "send_email",
"tool_call_id": "call_001",
"arguments": {"to": "customer@example.com", "subject": "..."},
"status": "pending",
"created_at": "2026-03-28T10:00:05Z"
}
],
"count": 1
}

Get approval request

GET /v1/tool-approvals/{id}

Returns a specific approval request by ID. Returns 404 if not found.

Decide on approval

POST /v1/tool-approvals/{id}/decide

Request body:

{"decision": "approve", "reason": "Verified recipient"}

The decision field must be "approve" or "deny". On approval, the paused agent resumes and executes the tool. On denial, the tool call is skipped with an error.

If no decision is made within the timeout (default 5 minutes), the request is automatically denied.


Configuration

require_approval (agent.talon.yaml)

To enable pre-tool approval gates, add require_approval to the resource_limits section of the agent policy:

policies:
resource_limits:
require_approval:
- send_email
- bulk_delete_users
- execute_sql

When the agent attempts to call a listed tool, execution pauses and a pending approval request appears in GET /v1/tool-approvals. The run's status becomes paused until an operator decides.

Automatic tool failure escalation

No configuration is needed. When a tool fails 3 consecutive times within a single run, it is automatically removed from the agent's available tools for the remainder of that run. This prevents infinite retry loops. The failure count resets between runs.

Single-shot cost check

For non-agentic (single-shot) LLM calls, Talon checks the estimated cost against policies.cost_limits.per_request after the LLM response and before returning it. If the cost exceeds the limit, the run is terminated with failure_reason: cost_exceeded and the response is not returned.


Compliance alignment

RegulationControl plane featureArticle/Control
EU AI Act Art. 14Pause/resume, kill, tool approval gatesHuman oversight
EU AI Act Art. 9Override store, runtime policy tighteningRisk management
NIS2 Art. 21Tenant lockdown, kill-allIncident response
DORA Art. 11Run lifecycle tracking, failure taxonomy in evidenceICT incident evidence
ISO 27001 A.5.24Lockdown, tool disable, killIncident management