# Tailscale ## Tailscale Aperture integration Highflame integrates with [Tailscale Aperture](https://tailscale.com/docs/aperture) to evaluate AI agent traffic at the network layer. Aperture runs as an AI gateway in your tailnet and can send matching LLM traffic to Highflame through hooks. Use the same Highflame endpoint for both synchronous and asynchronous Aperture hooks: ``` POST https://cerberus.api.highflame.ai/v1/agent/events ``` Highflame resolves the tenant from the hook API key, normalizes the Aperture payload, evaluates it with Shield policies, and records the result in the Code Agents and Observatory views. ### Supported modes | Mode | Aperture event | Behavior | Use when | | -------------------------- | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | | Synchronous guardrail | `pre_request` | Aperture waits for Highflame before forwarding the request to the model provider. Highflame returns `allow` or `block` based on Shield policy mode. | You need inline allow/block control for prompts before they reach the provider. | | Asynchronous observability | `tool_call_entire_request` | Aperture sends the completed request and tool-call context after the model response. The provider response is not delayed or changed. | You need full visibility into tool calls, command-like actions, model responses, and session activity. | | Asynchronous audit | `entire_request` | Aperture sends every completed request after the provider response. The provider response is not delayed or changed. | You need broad request/response audit coverage, even when no tools are called. | Most teams start with `pre_request` for safety and add `tool_call_entire_request` when they want richer tool-call visibility in Code Agents. ### Synchronous response For `pre_request`, Highflame returns a response that Aperture can enforce: ```json {"action":"allow"} ``` or: ```json {"action":"block","status_code":403,"message":"Secrets Leaked in Prompts"} ``` The Shield policy mode controls the final behavior: * In monitor mode, Highflame records would-block telemetry but returns `{"action":"allow"}` so the request continues. * In enforce mode, Highflame can return `{"action":"block"}` so Aperture denies the request before it reaches the provider. For asynchronous hooks, Aperture ignores the response body. Highflame still evaluates and records the event, but the request has already completed. ### Endpoint and authentication Use: ``` POST https://cerberus.api.highflame.ai/v1/agent/events ``` Authentication: ``` Authorization: Bearer ``` Highflame also accepts common service-key headers such as `x-api-key`, `x-highflame-apikey`, and `x-goog-api-key` for custom hook relays. *** ### Next * [Setup Guide](/integrations/tailscale/setup-guide.md) * [Troubleshooting](/integrations/tailscale/troubleshooting.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.highflame.ai/integrations/tailscale.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.