cmd

package
v1.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2026 License: Apache-2.0 Imports: 60 Imported by: 0

Documentation

Overview

Package cmd implements talon cache subcommands for the governed semantic cache.

Package cmd implements the talon init interactive wizard and config builders.

WizardState → Output File Mapping

agent.talon.yaml: 

AgentName, AgentDescription        → agent.name, agent.description
OwnerEmail, Department             → metadata.owner, metadata.department
WorkloadType="agent"               → agent.model_tier=1, capabilities.allowed_tools=[sql_query,file_read,web_search]
WorkloadType="proxy"               → agent.model_tier=0, capabilities.allowed_tools=[]
PackID                             → applyPackToAgent (openclaw → gateway proxy: model_tier=0, no tools, tags; langchain → tags)
DataSovereignty="eu_strict"        → compliance.data_residency=eu, policies.model_routing.*.location=EU region
DataSovereignty="eu_preferred"     → compliance.data_residency=eu
DataSovereignty="global"           → compliance.data_residency=any
EnabledFeatures contains "pii"     → policies.data_classification.{input_scan,output_scan,redact_pii}=true
EnabledFeatures contains "audit"  → audit.{log_level=detailed,retention_days=2555,include_prompts=false}
EnabledFeatures contains "cost"    → policies.cost_limits.{per_request,daily,monthly} with defaults
EnabledFeatures contains "injection" → attachment_handling.{mode=strict,scanning.detect_instructions=true}
EnabledFeatures contains "eu-ai-act" → compliance.ai_act_risk_level=limited, compliance.frameworks+=[eu-ai-act]
EnabledFeatures contains "dora"    → compliance.frameworks+=[dora]
RegionID                           → policies.model_routing tier locations when provider has region

talon.config.yaml: 

PackID=openclaw                    → gateway block in talon.config.yaml (enabled, callers, providers) so talon serve --gateway works
ProviderID, RegionID               → llm.providers.<id> block (type, config with region/key_env, enabled)
ProviderID                         → llm primary provider
DataSovereignty                    → llm.routing.data_sovereignty_mode
DataSovereignty="eu_strict"        → (OPA handles blocking; no blocked_providers in config)
AgentName                          → tenants[0].id (default tenant)
(always)                           → llm.pricing_file: "pricing/models.yaml"

Index

Constants

This section is empty.

Variables

View Source 
var (

	// Version info injected via ldflags at build time
	Version   = "dev"
	Commit    = "none"
	BuildDate = "unknown"
)

Functions

func Execute 

func Execute() error

Execute runs the root command and flushes OTel on exit

func IsTerminal 

func IsTerminal() bool

IsTerminal returns true if stdin is a TTY.

func PacksWithGateway 

func PacksWithGateway() []string

PacksWithGateway returns pack IDs that use the LLM gateway (talon.config.yaml gateway block + talon serve --gateway). Used so wizard infra and next-steps stay consistent with pack nature.

func PostInitVerify 

func PostInitVerify(agentPath, infraPath string, out io.Writer) (warnings int, fail error)

PostInitVerify runs a subset of doctor checks (policy, config load, data dir, crypto keys) and prints results.

func PrintNextSteps 

func PrintNextSteps(agentName, providerID string, out io.Writer)

PrintNextSteps prints the vault-first next steps block.

func VaultSecretName 

func VaultSecretName(providerID string) string

VaultSecretName returns the vault key name for talon secrets set <name>.

func WriteConfigs 

func WriteConfigs(agentCfg *policy.Policy, infraCfg *InfraYAML, opts WriteOptions) error

WriteConfigs writes both config files atomically (temp file + rename). Refuses overwrite without Force.

Types

type CacheBlock 

type CacheBlock struct {
	Enabled             bool    `yaml:"enabled"`
	DefaultTTL          int     `yaml:"default_ttl"`
	SimilarityThreshold float64 `yaml:"similarity_threshold"`
	MaxEntriesPerTenant int     `yaml:"max_entries_per_tenant"`
}

CacheBlock is the cache section in talon.config.yaml (governed semantic cache).

type GatewayBlock 

type GatewayBlock struct {
	Enabled        bool                       `yaml:"enabled"`
	ListenPrefix   string                     `yaml:"listen_prefix"`
	Mode           string                     `yaml:"mode"`
	Providers      map[string]GatewayProvider `yaml:"providers"`
	Callers        []GatewayCaller            `yaml:"callers"`
	ServerDefaults *GatewayServerDefaults     `yaml:"default_policy,omitempty"`
	RateLimits     *GatewayRateLimits         `yaml:"rate_limits,omitempty"`
	Timeouts       *GatewayTimeouts           `yaml:"timeouts,omitempty"`
}

GatewayBlock is the gateway section written to talon.config.yaml when PackID is openclaw. Structure matches gateway.GatewayConfig so LoadGatewayConfig parses it correctly.

type GatewayCaller 

type GatewayCaller struct {
	Name             string                  `yaml:"name"`
	TenantKey        string                  `yaml:"tenant_key"` //nolint:gosec // G117 — caller identifier, not a credential
	TenantID         string                  `yaml:"tenant_id"`
	Team             string                  `yaml:"team,omitempty"`
	Tags             []string                `yaml:"tags,omitempty"`
	AllowedProviders []string                `yaml:"allowed_providers,omitempty"`
	PolicyOverrides  *GatewayCallerOverrides `yaml:"policy_overrides,omitempty"`
}

type GatewayCallerOverrides 

type GatewayCallerOverrides struct {
	MaxDailyCost   float64  `yaml:"max_daily_cost,omitempty"`
	MaxMonthlyCost float64  `yaml:"max_monthly_cost,omitempty"`
	PIIAction      string   `yaml:"pii_action,omitempty"`
	AllowedModels  []string `yaml:"allowed_models,omitempty"`
}

type GatewayProvider 

type GatewayProvider struct {
	Enabled       bool     `yaml:"enabled"`
	SecretName    string   `yaml:"secret_name"`
	BaseURL       string   `yaml:"base_url"`
	AllowedModels []string `yaml:"allowed_models,omitempty"`
}

type GatewayRateLimits 

type GatewayRateLimits struct {
	GlobalRequestsPerMin    int `yaml:"global_requests_per_min"`
	PerCallerRequestsPerMin int `yaml:"per_caller_requests_per_min"`
}

type GatewayServerDefaults 

type GatewayServerDefaults struct {
	DefaultPIIAction  string  `yaml:"default_pii_action"`
	ResponsePIIAction string  `yaml:"response_pii_action,omitempty"`
	MaxDailyCost      float64 `yaml:"max_daily_cost"`
	MaxMonthlyCost    float64 `yaml:"max_monthly_cost"`
	RequireCallerID   bool    `yaml:"require_caller_id"`
	LogPrompts        bool    `yaml:"log_prompts"`
	LogResponses      bool    `yaml:"log_responses"`
}

type GatewayTimeouts 

type GatewayTimeouts struct {
	ConnectTimeout    string `yaml:"connect_timeout"`
	RequestTimeout    string `yaml:"request_timeout"`
	StreamIdleTimeout string `yaml:"stream_idle_timeout"`
}

type InfraYAML 

type InfraYAML struct {
	LLM *struct {
		PricingFile string                   `yaml:"pricing_file"`
		Providers   map[string]ProviderBlock `yaml:"providers"`
		Routing     *struct {
			DataSovereigntyMode string `yaml:"data_sovereignty_mode"`
		} `yaml:"routing"`
	} `yaml:"llm"`
	Evidence *struct {
		Type string `yaml:"type"`
		Path string `yaml:"path"`
	} `yaml:"evidence"`
	Cache         *CacheBlock   `yaml:"cache,omitempty"`
	SecretsKeyEnv string        `yaml:"secrets_key_env"`
	Tenants       []TenantBlock `yaml:"tenants"`
	Gateway       *GatewayBlock `yaml:"gateway,omitempty"`
}

InfraYAML is the structure written to talon.config.yaml.

func BuildConfigs 

func BuildConfigs(state WizardState) (*policy.Policy, *InfraYAML, error)

BuildConfigs converts WizardState into agent policy and infra config. Pure function, no I/O.

type ProviderBlock 

type ProviderBlock struct {
	Type    string                 `yaml:"type"`
	Config  map[string]interface{} `yaml:"config"`
	Enabled bool                   `yaml:"enabled"`
}

ProviderBlock is one entry in llm.providers.

type TenantBlock 

type TenantBlock struct {
	ID          string `yaml:"id"`
	DisplayName string `yaml:"display_name"`
	Budgets     struct {
		Daily   float64 `yaml:"daily"`
		Monthly float64 `yaml:"monthly"`
	} `yaml:"budgets"`
	RateLimit int `yaml:"rate_limit"`
}

TenantBlock is one entry in tenants.

type WizardIO 

type WizardIO struct {
	In     io.Reader
	Out    io.Writer
	ErrOut io.Writer
}

WizardIO injects I/O for testability.

type WizardState 

type WizardState struct {
	AgentName        string
	AgentDescription string
	OwnerEmail       string
	Department       string
	WorkloadType     string // "agent" | "proxy" | "hybrid"
	PackID           string
	ProviderID       string
	RegionID         string
	DataSovereignty  string // "eu_strict" | "eu_preferred" | "global"
	EnabledFeatures  []string
	CacheEnabled     bool // semantic cache for cost savings (off by default)
}

WizardState accumulates wizard answers.

func RunWizard 

func RunWizard(wio WizardIO) (WizardState, bool, error)

RunWizard runs the interactive wizard. Returns (state, confirmed, error). When confirmed is false, the user aborted (e.g. EOF); no files should be written.

type WriteOptions 

type WriteOptions struct {
	AgentPath   string
	InfraPath   string
	Force       bool
	Version     string
	ProviderID  string
	RegionID    string
	Sovereignty string
	PackID      string
	Features    []string
}

WriteOptions configures WriteConfigs.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.