talqora
Talqora/Documentation
Platform guide

Deploy an agent
into an isolated runtime.

Talqora packages your application, validates an immutable build, starts an isolated runtime, and exposes it through a stable project hostname.

Create a project Use the API

Core model

Three resources stay deliberately separate. This distinction makes builds reproducible and production promotion safe.

01

Project

The durable identity, source configuration, organization ownership, and public slug.

02

Build

An immutable, validated version produced from one deployment artifact.

03

Runtime

A running or paused isolated instance created from one build version.

DASHBOARD QUICKSTART

Create and promote

  1. 1

    Choose a source

    Templates are the default and fastest path. You can also provide a Dockerfile archive or attach Git metadata.

  2. 2

    Configure required secrets

    A template declares exactly which runtime values it needs. Required fields appear before project creation and are stored encrypted.

  3. 3

    Prepare the deployment

    Templates reuse a validated build and become ready_to_promote immediately. Custom archives run through the full build pipeline.

  4. 4

    Promote deliberately

    Talqora starts the validated version and atomically points the project hostname to it.

TALQORA CLI

Operate the complete lifecycle from a terminal

The CLI is a dependency-light Python 3 executable for macOS and Linux. The installer places it in ~/.local/bin/talqora; set TALQORA_BIN_DIR or TALQORA_INSTALL_DIR to choose another location.

Install and authorize
curl -fsSL https://talqora.com/install.sh | sh

talqora login
talqora status
PROJECTStalqora projects listtalqora projects create my-agenttalqora projects settings ID --idle 900
DEPLOYtalqora deploy PROJECT app.ziptalqora deployments list PROJECTtalqora deployments promote DEPLOYMENT
OPERATEtalqora deployments logs ID --followtalqora runtime suspend PROJECTtalqora runtime activate PROJECT
CONFIGUREtalqora env set PROJECT OPENAI_API_KEYtalqora templates use fastapi-langgraph --name agenttalqora keys list

How browser login works

  1. 1

    Request

    talqora login creates a random device secret and a human-readable code that expire after ten minutes.

  2. 2

    Approve

    The CLI opens talqora.com/cli/authorize. Sign in to the dashboard and approve the named terminal. Your password and browser session never enter the CLI.

  3. 3

    Exchange once

    The terminal polls the control plane and receives a user-bound credential once. The temporary encrypted copy is deleted during that exchange.

  4. 4

    Revoke

    Run talqora logout --revoke, or revoke the CLI credential from Organization API keys. A plain logout only removes the local file.

The local config is written to ~/.config/talqora/config.json with user-only permissions. Set TALQORA_API_KEY in CI to avoid browser login, add --json for machine-readable output, and set NO_COLOR=1 to disable terminal styling.

Discover every command
talqora --help
talqora projects --help
talqora --json api GET /api/projects
PREBUILT TEMPLATES

Configured per project, built once

A ready template is an immutable application build maintained by Talqora. Creating a project from it does not rebuild dependencies. Each project still receives its own isolated runtime and public hostname.

01

Choose

Select a ready framework and toolchain from the catalog.

02

Configure

Provide only the environment values declared by that template.

03

Promote

Start a dedicated runtime from the already validated build.

Secrets are never included in the shared template build. They are encrypted at rest and delivered only when your project runtime starts.

APPLICATION CONTRACT

What your archive must provide

Upload a zip whose root contains a Dockerfile. The application must listen on port 8080 and support the Talqora lifecycle handlers.

Dockerfile
FROM python:3.12-slim
WORKDIR /app
COPY . .
RUN pip install -r requirements.txt
EXPOSE 8080
CMD ["python", "server.py"]
01ready
02validate
03run
04resume
05suspend
06terminate

Runtime safety matters. Generate unique IDs and secrets during run, and re-establish stale network connections during resume.

API AUTHENTICATION

One credential, one organization

Every API key belongs to exactly one organization. Send it as a bearer credential or with X-Talqora-Key. The same project and deployment endpoints also accept dashboard session tokens.

shell
export TALQORA_API_KEY="tq_live_..."

curl https://api.talqora.com/api/projects \
  -H "Authorization: Bearer $TALQORA_API_KEY"

Keys are displayed once, stored only as a one-way hash, and can be renamed or revoked from Organization settings.

ORGANIZATION API KEYS

Create, use, rotate, revoke

  1. 1

    Create

    Open Organization settings → API keys, name the credential, and create it. Key management requires an owner or admin dashboard session; an API key cannot create more keys.

  2. 2

    Store once

    Copy the tq_live_... value immediately. Talqora cannot reveal it again.

  3. 3

    Use

    Call any project or deployment endpoint. Authorization is automatically scoped to the key's organization.

  4. 4

    Rotate

    Create a replacement, update the client, verify traffic through last_used_at, then delete the old key.

REST API

Endpoint reference

The API base URL is https://api.talqora.com. JSON request bodies require Content-Type: application/json.

POST/api/cli/device-authorizationsStart a short-lived CLI browser login
POST/api/cli/device-authorizations/tokenExchange an approved device request exactly once
GET/api/meRead the authenticated organization, user role, and credential type
GET/api/templatesList ready prebuilt templates
POST/api/templates/{id}/instantiateCreate a project from a ready template
GET/api/organization/api-keysList API key metadata (owner/admin session)
POST/api/organization/api-keysCreate and reveal a key once (owner/admin session)
PATCH/api/organization/api-keys/{keyId}Rename an API key (owner/admin session)
DELETE/api/organization/api-keys/{keyId}Revoke an API key (owner/admin session)
GET/api/projectsList projects in the authenticated organization
POST/api/projectsCreate a project
GET/api/projects/{id}Read one project
PATCH/api/projects/{id}/settingsUpdate identity, Git branch, or runtime idle policy
POST/api/projects/{id}/runtime/suspendSuspend the active runtime immediately
POST/api/projects/{id}/runtime/resumeActivate a suspended runtime immediately
DELETE/api/projects/{id}Delete a project and its active resources (owner/admin session)
GET/api/projects/{id}/env-varsList encrypted environment variable metadata
POST/api/projects/{id}/env-varsCreate or replace an encrypted environment variable
GET/api/projects/{id}/env-vars/{key}/revealReveal one value (owner/admin session)
DELETE/api/projects/{id}/env-vars/{key}Delete an environment variable
POST/api/projects/{id}/artifactsCreate a scoped archive upload
POST/api/projects/{id}/deployQueue a deployment
POST/api/projects/{id}/redeploy-templateCreate a deployment from the latest ready template version
GET/api/projects/{id}/deploymentsList project deployments
GET/api/deployments/{id}Read deployment status
GET/api/deployments/{id}/logsRead platform, build, and runtime logs
POST/api/deployments/{id}/promotePromote a validated deployment
Create a project
curl https://api.talqora.com/api/projects \
  -X POST \
  -H "Authorization: Bearer $TALQORA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "weather-agent",
    "source_type": "dockerfile_upload",
    "git_branch": "main",
    "runtime_idle_timeout_seconds": 1800
  }'
RUNTIME CONTROL API

Suspend and activate safely

Runtime controls operate on the project's currently promoted instance. Talqora verifies organization ownership, keeps the production hostname attached, and records the requested state for the dashboard.

POST/api/projects/{project_id}/runtime/suspend

Stop active compute without destroying runtime state

Use this when a development environment, demo, or agent API should stop consuming active compute immediately. The endpoint requires no JSON body.

Authentication
Bearer session, organization API key, or X-Talqora-Key
Success
202 Accepted
Resulting state
suspended
Public route
Retained for manual or traffic-triggered activation
Suspend current runtime
curl -X POST \
  https://api.talqora.com/api/projects/$PROJECT_ID/runtime/suspend \
  -H "Authorization: Bearer $TALQORA_API_KEY"
202 response
{
  "instance_id": "2b63fb24-...",
  "state": "suspended",
  "state_reason": "Suspended manually"
}

Calling suspend for an already suspended active runtime is safe. Talqora returns its current state instead of creating another runtime.

POST/api/projects/{project_id}/runtime/resume

Activate the same suspended runtime

Activation restores the existing runtime rather than creating a new deployment. The request returns when activation is accepted; state reconciliation then confirms when it becomes running.

Authentication
Bearer session, organization API key, or X-Talqora-Key
Success
202 Accepted
Immediate state
pending
Confirmed state
running
Activate suspended runtime
curl -X POST \
  https://api.talqora.com/api/projects/$PROJECT_ID/runtime/resume \
  -H "X-Talqora-Key: $TALQORA_API_KEY"
202 response
{
  "instance_id": "2b63fb24-...",
  "state": "pending",
  "state_reason": "Activation requested manually"
}

Runtime control responses

202Action accepted, including an idempotent request where the runtime is already in the requested stable state.
401Missing, invalid, or expired session or organization API key.
409The project has no compatible active runtime, or the runtime no longer exists.
503The lifecycle provider or persistence layer is temporarily unavailable. Retry with backoff.
LOGS AND TELEMETRY API

Read a deployment's operational view

The logs endpoint merges durable platform events with available build output, runtime stdout/stderr, request telemetry, and resource samples. It returns a snapshot, not a streaming connection.

GET/api/deployments/{deployment_id}/logs?limit=500
Authentication
Bearer session, organization API key, or X-Talqora-Key
Default limit
500 log entries
Allowed limit
1..2000
Ordering
Chronological, oldest to newest
Fetch deployment logs
curl "https://api.talqora.com/api/deployments/$DEPLOYMENT_ID/logs?limit=200" \
  -H "Authorization: Bearer $TALQORA_API_KEY"

Response fields

entries[]Timestamped platform, build, and runtime messages.
build_stream_availableWhether build output exists for this deployment.
runtime_stream_availableWhether runtime stdout/stderr exists.
requests[]Method, path, status, duration, and byte counts observed at the public edge.
metrics[]CPU, memory, process RSS, and root-disk samples reported from inside the runtime.

Request headers, query strings, bodies, prompts, responses, and environment values are not returned or retained by this endpoint.

BUILDS

Slow once, fast afterward

The first build installs dependencies, starts the application, waits for readiness, captures prepared state, and validates a fresh restore. Starting that version later skips repeated initialization.

FIRST BUILD30s–3mNEW RUNTIMEseconds
PROMOTION

Blue-green at the routing layer

The replacement runtime is started and checked before one atomic route update. A failed build or launch never replaces the current production version.

Project hostnameweather-agent.live.talqora.com
Active routeatomic pointer
RuntimeRUNNING
PUBLIC ROUTING

One hostname per project

Every promoted project is reachable at https://slug.live.talqora.com. Paths, methods, query strings, request bodies, and safe headers are forwarded to the active runtime.

GET https://weather-agent.live.talqora.com/healthactive runtime /health
PROJECT RUNTIME POLICY

Pause idle capacity per project

Every project owns an inactivity threshold from five minutes to eight hours. The value is measured from public endpoint traffic and is applied when a runtime is promoted. Changing it does not mutate an already active runtime.

01

Automatic pause

After the configured quiet period, the runtime preserves its state while active compute stops.

02

Manual controls

Use Suspend or Activate in the project header, or call the corresponding runtime endpoint.

03

Automatic wake

The project route remains stable. New endpoint traffic can also wake a paused runtime and then serve the request.

RUNTIME OBSERVABILITY

Understand resource pressure

Talqora captures a runtime resource sample after a public request completes. The deployment page checks for stored updates every five seconds; opening or refreshing the page does not create a sample.

01

Runtime CPU

Aggregate CPU activity between two samples. A displayed 0.0% means the runtime was idle or activity was below the dashboard's precision.

02

Memory and RSS

Runtime memory includes the system and caches. Process RSS approximates the physical RAM currently held by running processes.

03

Runtime disk

Local files survive pause and resume but disappear when the runtime is terminated or replaced. Keep durable data in external storage.

HTTP telemetry retains method, path, status, latency, and byte counts. Headers, query strings, request bodies, prompts, responses, and environment values are not retained.

STATE MACHINE

Deployment states

queued
packaging
uploading
building
validating
ready_to_promote
promoted

Terminal failure states are build_failed, validate_failed, and promote_failed. Replaced production versions become superseded.

CURRENT LIMITS

Current boundaries

  • One promoted runtime and one slug.live.talqora.com route per project
  • Manual promotion after every ready template or successful custom build
  • Template and Dockerfile sources are functional; Git metadata is stored but cloning and webhook automation are not enabled
  • Project-specific custom domains and preview deployments are not enabled yet
  • HTTP request proxying; WebSocket forwarding is not implemented yet