Remote Control

Talon runs on your desktop, but you can reach it from anywhere — your phone, a browser tab, another machine on your network. The remote control system connects your mobile or web client to the desktop backend securely, without exposing your machine directly to the internet.

How It Works

Talon uses a WebSocket-based relay hosted at talon.aieduapp.com to bridge your remote clients and your desktop instance. Both ends authenticate with a shared token, and all traffic is encrypted in transit.

[Mobile App] ──── WebSocket ────► [talon.aieduapp.com relay] ──── WebSocket ────► [Desktop Talon]

Your desktop Talon connects outbound to the relay on startup. Remote clients connect to the same relay and are forwarded through to your instance. The relay never stores your messages — it only routes them.

Authentication

Authentication is handled via a shared token you configure in Talon. Anyone connecting remotely must present this token to establish a session.

# In your Talon config
relay:
  token: your-secret-token-here
  relay_url: wss://talon.aieduapp.com

Tip

Use a long, random token — at least 32 characters. Treat it like a password. Anyone with this token can send commands to your Talon instance.

Generate a secure token from your terminal:

openssl rand -hex 32

What You Can Do Remotely

Once connected, the full Talon feature set is available from any client:

• Chat — send messages, receive responses, view conversation history
• Config management — update settings, switch models, adjust permissions
• File operations — read and write files on your desktop machine
• Task and memory management — create tasks, store and retrieve memories

The remote experience mirrors the local one — same channels, same history, same agent.

Mobile and Web App

The Talon mobile app connects to your desktop instance via the relay. Your conversation list shows all channels with their full history. You can pick up any conversation on your phone exactly where you left it on your desktop.

App ──► relay ──► desktop Talon ──► runs commands, reads files, talks to AI
                                              │
                                              └──► responds back through relay to app

Direct LAN Connection

If you’re on the same local network as your desktop, you can connect directly without going through the relay — lower latency, no relay dependency.

# Client config for direct LAN connection
connection:
  mode: direct
  host: 192.168.1.100
  port: 8765
  token: your-secret-token-here

Tip

Direct LAN mode is ideal for home or office setups where your phone and desktop are on the same Wi-Fi. It’s faster and keeps all traffic local.

Security Model

Layer	Protection
Transport	WSS (WebSocket over TLS) — traffic encrypted end-to-end
Authentication	Shared token required for every connection
Relay	Routes traffic only — no message storage, no logging
Local access	Relay connection is outbound from your machine — no inbound ports required

The relay acts as a dumb pipe. It forwards authenticated WebSocket connections between clients and your desktop but has no access to message content.

Relay Connection Status

You can check whether the relay is connected from the Talon CLI:

talon relay status

Or ask the agent directly:

Are you connected to the relay?
Show relay connection status

Disabling the Relay

If you only want local access and do not need remote control, you can disable the relay entirely:

relay:
  enabled: false

In this mode, Talon operates fully locally with no outbound relay connection.