Highflame integrates with Tailscale Aperture to provide security evaluation of AI agent traffic at the network layer.
When LLM requests flow through Aperture, Aperture captures requests/responses, extracts tool calls, prompts, and forwards event data to Highflame via webhook hooks. Highflame receives the event at POST /v1/agent/events, with the Highflame API key in the Authorization header, normalizes the payload into individual evaluations (user prompt + each tool call), and evaluates them via our extensive guardrail system.
What Highflame evaluates
A single Aperture event can produce multiple evaluations:
User prompt (action: process_prompt, content type: prompt)
Each tool call (action: call_tool, content type: tool_call)
Each evaluation runs through our detection engines and is logged with the decision/policy context in your Highflame dashboard.
Endpoint
Use:
POST https://api.highflame.ai/v1/agent/events
Authentication:
Authorization: Bearer hf_sk-...
The endpoint acknowledges immediately (fire-and-forget). Evaluation happens asynchronously, so you should verify results in the Highflame dashboard rather than relying on the webhook response body.