From 1ed57010d03568abc70da299ffc1db7b2d126c87 Mon Sep 17 00:00:00 2001 From: naffee Date: Wed, 3 Jun 2026 15:25:51 +0100 Subject: [PATCH] docs(limitations): add explicit boundaries guide based on #117 feedback --- LIMITATIONS.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 2 ++ 2 files changed, 50 insertions(+) create mode 100644 LIMITATIONS.md diff --git a/LIMITATIONS.md b/LIMITATIONS.md new file mode 100644 index 0000000..071a8d9 --- /dev/null +++ b/LIMITATIONS.md @@ -0,0 +1,48 @@ +# Talon Security Boundaries & Limitations + +Talon provides policy enforcement, routing controls, PII handling, and signed evidence records for AI gateway traffic. It does not determine legal compliance for an operator, and it does not prove that a downstream model, tool, or human decision was correct. + +This document serves as an explicit boundaries guide so that operators and security teams can accurately evaluate Talon's trust model. + +--- + +## Current Status Overview + +| Capability | Status | Description | +| :--- | :--- | :--- | +| **Available Now** | ✅ | Proxy governance, input/output PII scan, policy decision, signed evidence, audit verify. | +| **Partial Today** | 🟡 | EU routing proof is currently deny/allow evidence, not silent rerouting. | +| **Roadmap** | ⏳ | Runtime tool execution interception, full auditor pack, broader trust mesh/A2A. | + +--- + +## 1. Compliance Boundary + +**Talon provides supporting controls and evidence.** +- The operator remains entirely responsible for legal and compliance determinations. +- Talon produces cryptographic receipts that assist with audits. It does not make an organization automatically compliant with GDPR, NIS2, or the EU AI Act. + +## 2. Evidence Boundary + +**HMAC proves record integrity and tamper evidence.** +- The signature proves that the request passed through the gateway and that the logged payload was not maliciously altered after the fact. +- It **does not** prove that the policy configured was correct, that the model's response was safe or hallucination-free, or that the operator configured the right security controls. + +## 3. Tool-Governance Boundary + +**Today: Forbidden tools are filtered from request bodies before forwarding.** +- Talon prevents the model from ever seeing forbidden tools by stripping them from the initial request JSON. +- **Not yet:** Talon does not currently provide runtime execution interception or full MCP tool-call governance. These are planned for future roadmap epics. + +## 4. Isolation Boundary + +**Talon provides process-level controls only.** +- Talon is **not** an OS-level or kernel sandbox. +- External tools and providers remain completely separate trust boundaries and must be secured accordingly. + +## 5. Deployment and Key-Management Assumptions + +**Evidence signing depends on operator-controlled key handling.** +- The cryptographic guarantees of Talon's evidence records rely on the operator securing the signing keys. +- Provider registry and routing claims depend entirely on accurate provider configuration by the operator. +- Air-gapped deployments and full auditor-pack claims should be considered roadmap items unless marked as explicitly live. diff --git a/README.md b/README.md index b7972bb..a4e936d 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ [Quickstart](docs/tutorials/proxy-quickstart.md) · [Docker demo](examples/docker-compose/README.md) · [Dashboard](docs/reference/gateway-dashboard.md) · +[Limitations](LIMITATIONS.md) · [Releases](https://github.com/dativo-io/talon/releases/latest) Talon is a single Go binary that sits in front of OpenAI, Anthropic, AWS Bedrock, Azure OpenAI, and any OpenAI-compatible client. Change one URL and every request is policy-checked, PII-scanned, cost-tracked, and written to a tamper-evident, HMAC-signed evidence record — same SDK, same response shape, governed path. Built for EU teams that need real governance signals for GDPR, NIS2, DORA, and the EU AI Act. Apache 2.0. @@ -292,6 +293,7 @@ llm: - [Documentation index](docs/README.md) - [60-second demo](docs/tutorials/quickstart-demo.md) - [Your first governed agent](docs/tutorials/first-governed-agent.md) +- [Talon Security Boundaries & Limitations](LIMITATIONS.md) - [What Talon does to your request](docs/explanation/what-talon-does-to-your-request.md) - [Policy cookbook](docs/guides/policy-cookbook.md) - [Provider registry](docs/reference/provider-registry.md)