Tailscale

Tailscale Aperture integration

Highflame integrates with Tailscale Aperture to evaluate AI agent traffic at the network layer. Aperture runs as an AI gateway in your tailnet and can send matching LLM traffic to Highflame through hooks.

Use the same Highflame endpoint for both synchronous and asynchronous Aperture hooks:

POST https://cerberus.api.highflame.ai/v1/agent/events

Highflame resolves the tenant from the hook API key, normalizes the Aperture payload, evaluates it with Shield policies, and records the result in the Code Agents and Observatory views.

Supported modes

Most teams start with pre_request for safety and add tool_call_entire_request when they want richer tool-call visibility in Code Agents.

Synchronous response

For pre_request, Highflame returns a response that Aperture can enforce:

{"action":"allow"}

or:

{"action":"block","status_code":403,"message":"Secrets Leaked in Prompts"}

The Shield policy mode controls the final behavior:

• In monitor mode, Highflame records would-block telemetry but returns {"action":"allow"} so the request continues.

• In enforce mode, Highflame can return {"action":"block"} so Aperture denies the request before it reaches the provider.

For asynchronous hooks, Aperture ignores the response body. Highflame still evaluates and records the event, but the request has already completed.

Endpoint and authentication

Use:

Authentication:

Highflame also accepts common service-key headers such as x-api-key, x-highflame-apikey, and x-goog-api-key for custom hook relays.

Next

• Setup Guide

• Troubleshooting