Models propose. HELM governs execution.

HELM is the Company AI OS for governed autonomous work.

It reads company state, turns drift into reviewed specs, executes approved actions through a fail-closed Kernel, and leaves signed receipts.

The Kernel is live. Company OS is preview. Enterprise is coming soon.

Kernel live

Fail-closed execution.

Offline receipt verification.

Company OS preview

Reviewed access.

Outcome-to-receipt loop.

Enterprise coming soon

Reviewed commercial path.

No self-serve GA claim.

From outcome to receipt

Define outcome. Map context. Approve plan. Execute through Kernel. Prove it.

1

Define outcome

Name the company result and the side effect required to produce it.

2

HELM maps context

Read company state, owner, policy, prior receipts, and drift signals.

3

Approve plan

Turn drift into a reviewed GeneratedSpec or approval request.

4

Kernel executes

Only approved side effects cross the fail-closed Kernel boundary.

5

Receipt proves it

Signed receipts and EvidencePack refs close the loop.

Where HELM fits

Other layers decide and observe. HELM decides what may execute, and records the proof.

Agent frameworks

Decide what an agent should attempt.

Gateways

Route and observe tool and MCP traffic.

Identity

Prove who or what is acting.

Observability

Reconstruct what happened from logs and traces.

Governance & risk

Organize policy and compliance records.

HELM

Decides whether the side effect may run, returns ALLOW / DENY / ESCALATE, and records a signed receipt.

Proof, not logs

Logs describe. Receipts prove.

A log says traffic moved. A HELM receipt says the action was authorized under policy, and lets anyone check it.

A log line

  • Timestamped message
  • Lives in the vendor console
  • Editable after the fact
  • Shows that traffic moved

A HELM receipt

  • Signed verdict bound to the effect
  • Verifiable offline by anyone
  • Tamper-evident content hash
  • Shows the action was authorized under policy

See the full comparison: a log is not a receipt ->

HELM AI Kernel · Open source, Apache-2.0

The open source execution firewall.

Interposition, policy checks, sandboxing, signed proofs, and offline verifiability. Run anywhere. Integrate everywhere.

  • MCP quarantines & control
  • API request boundary
  • Signed events & EvidencePacks
  • Offline verification
  • Self-hostable

+ helm kernel status

Verdict
ALLOW
Policy
ops.budget.v1
Reason
within approved budget
Receipt
9f2b76a...c18b
Status
200 OK

HELM AI Company OS · Reviewed access

Govern company work, not just agent calls.

Company AI OS turns drift, requests, and operational signals into reviewed specs, approvals, Kernel-governed execution, and closure evidence.

Catalog governed work

Map agents, tools, owners, and policies in one operating layer.

Route before execution

Apply access, approval, and budget rules before work runs.

Gate external web evidence

Require source hashes, receipts, and EvidencePack refs before web Search/Fetch evidence informs specs.

Attach proof

Bind decisions, receipts, and effects to governed actions.

Close the loop

Review drift and update policy from observed outcomes.

Governed work in action

Use cases start with a side effect and end with evidence.

Access change, deploy, customer-data update, finance transfer, vendor onboarding, competitive briefing, and board pack routes now have explicit proof paths.

Engineering

Input
dependency drift found
HELM
creates GeneratedSpec
Decision
ESCALATE to code owner
Proof
PR ref + EvidencePack

DevOps

Input
deploy request
HELM
checks environment and rollback plan
Decision
ESCALATE
Proof
approval receipt + healthcheck receipt

Security

Input
IAM permission change
HELM
checks scope and owner
Decision
ESCALATE
Proof
security owner approval + receipt

Verifiable by design

Evidence you can trust and prove.

HELM proof paths bind decisions to receipts and EvidencePacks where a source-owned route exists. Receipts show the decision. EvidencePacks show the review chain for that route. The ProofGraph links each decision to the policy, actor, and effects behind it.

ProofGraph

IntentPolicyDecisionEffectReceipt

Verify a receipt offline

Your browser recomputes the SHA-256 content hash and checks the Ed25519 signature. No network call is made.

The bundled sample is signed with a demonstration key. The verification math is real.

“HELM makes autonomy possible without giving up control.”
Architecture review principle

Buy the proof path before the promise.

Start with the live Kernel, preview Company OS with review, and use Enterprise only when the workflow is ready for receipts.