Agent proposals
The support task and six proposed actions are deterministic demo data.
Proof demo
Watch an AI agent hit the boundary.
Run the Boundary / Refund Trap. The agent proposes safe and unsafe support actions. HELM allows, denies, or escalates each action, then the receipt can be tampered with to verify failure.
Scripted agent scenario. Real receipt tamper check against static signed fixtures.
Boundary / Refund Trap
Boundary / Refund Trap
Scripted agent scenario. Real receipt tamper check against static signed fixtures.
CheckingVerification pending.
Agent proposals01 / 06
HELM boundarypolicy · support-refund-boundary.v1
Verdict
ALLOWRead-only, in scope.Business state
Order context opened; no customer data leaves the support task.Receipt
- receipt
- demo.refund-trap.01
- actor
- support.agent.refund-trap
- action
- Read order
- amount
- 0
- verdict
- allow
- reason
- Read-only order lookup is inside the support scope.
- digest
- pending
Technical JSON
{
"receiptId": "demo.refund-trap.01",
"scenarioId": "refund-trap",
"timestamp": "2026-05-04T12:00:00Z",
"actor": "support.agent.refund-trap",
"action": "Read order",
"connector": "orders.read",
"amount": 0,
"policyId": "support-refund-boundary.v1",
"verdict": "allow",
"reason": "Read-only order lookup is inside the support scope.",
"evidenceHash": "sha256:f4633b6a766c30fa550a79fb0ac38a7ed8393478e20573ca3bc8c5ae8686947f"
}demo.refund-trap.01
Boundary rules
What this demo proves, and what it does not.
The proposal stream is scripted so visitors can inspect a stable scenario. The receipt verification is real against the static signed fixtures in the site content. This page does not claim a live agent runtime.
Receipt tamper result
Changing receipt fields causes the signature check to fail.
Live enforcement
No real payment, customer, email, or infrastructure system is connected to this page.
Technical JSON
Open the receipt drawer to see the signed payload fields used by the verifier.