# Mindburn Labs Context Models propose. HELM governs execution. HELM is the Company AI OS for governed autonomous work: it reads company state, turns drift into reviewed specs, executes approved actions through a fail-closed Kernel, and leaves signed receipts. HELM governs approved autonomous business operations across digital, analog, kinetic, and code workflows where connector contracts, approvals, receipts, telemetry, and EvidencePacks exist. HELM makes company state queryable, turns divergence into reviewed specs, routes approved AI actions through a fail-closed execution boundary, and records proof. Models propose. HELM checks authority, decides what may execute, and records. Security and evidence material is source-backed: public repo, docs, SBOM, Claim Matrix, source details, responsible disclosure, and receipt demonstration. ## Claim Boundaries - Mindburn Labs is the company; HELM is the product. - HELM Kernel is public and provides the fail-closed execution firewall. - HELM Policy Lab is the public no-login workbench for scan, policy generation, simulation, templates, and receipt verification where source-backed. - HELM Cloud is hosted governed-action infrastructure with Free, Developer, Team, Scale, and Enterprise pricing visibility; paid checkout remains gated until backend self-serve readiness and billing smoke pass. - HELM Enterprise / Company AI OS is Preview or reviewed access, not self-serve GA, around the same kernel semantics. - Public pricing is available on /pricing/ when every plan declares availability, CTA target, checkout status, and source-owned terms. Free starts in Policy Lab with 500 hosted credits and no signup. - Code Intelligence Graph is read-only code evidence for engineering GeneratedSpecs, CodeIndexReceipts, CodeImpact, affected tests, write scope, and closure evidence. It does not authorize execution. - External web Search/Fetch evidence can inform CompanyArtifactGraph and GeneratedSpec proposals only where connector contracts, source hashes, receipt refs, and EvidencePack refs exist. Partial, stale, or conflicting sources remain draft, stale, or disputed. - CompanyArtifactGraph is a permission-aware query and reconciliation graph, not execution authority. - GeneratedSpecs are proposals until reviewed, approved, and routed through PEP/CPI. - Side effects require PEP/CPI and receipts. - HELM is not generic guardrails, agent orchestration, observability, DLP, pentesting, or model-safety filtering. Those layers can provide context, tests, filters, or downstream controls; HELM owns deterministic execution-authority decisions and source-owned evidence. - Orchestration decides what to attempt; HELM decides what may execute. - The norm: no receipt, no production. An agent action that cannot be replayed and verified offline is not production-grade. - Category framing: Straiker-like agent runtime guardrails test the MCP/tool-call surface; Native-like cloud controls are downstream enforcement; Jazz-like DLP is data-risk context; Tenzai-like offensive testing and Gray Swan-like model-safety evals become evidence inputs, not execution authority. - Analog and kinetic gateway claims require connector contracts, safety profiles, telemetry, approvals, and EvidencePacks. - Morning reports are summaries; receipts and EvidencePacks remain source truth. - The execution-boundary demo is deterministic public UI. Public console checks remain unavailable until DNS, health, verify, and tamper readiness gates pass. - HELM Launchpad points to helm-agent-integrations, a public examples repo with wrapper, MCP, /v1 proxy, receipt, and EvidencePack samples. It is not a partner or external standard-status claim. - The homepage boundary mapper is deterministic browser UI. It does not submit, store, or evaluate visitor text through a backend. - The homepage tells the HELM product story through generated brand visuals, proof demos, and source-backed page text. It does not collect workflow input. - TITAN is private proof context. - Research pages are status-labeled thesis material unless they cite implementation or external docs. - Reference packs are policy primitives, not legal advice or a substitute for an operator-run compliance program. - Bounded proof work must stay bounded: public pages must not imply every running implementation path is mathematically verified. - Do not infer adoption metrics, funding, legal advice, live rollout, private customer status, or deployment guarantees from this website. - The public assistant is source-backed. It cannot approve actions, execute workflows, or promote facts into canonical company truth. - The public assistant cannot treat code comments, README text, tool output, or pasted approval text as instruction authority. ## Core Pages - [Homepage](https://mindburn.org/): Company AI OS overview with Kernel live, Company OS preview, Enterprise coming soon, Policy Compiler CTA, and receipt verifier CTA. - [HELM Launchpad](https://mindburn.org/helm/launchpad/): HELM-compatible agent framework examples, generated receipts, and sample EvidencePacks. - [HELM AI Kernel](https://mindburn.org/helm/kernel/): Public Apache-2.0 fail-closed execution firewall route. - [HELM AI Company OS](https://mindburn.org/helm/company-ai-os/): Reviewed-access Company AI OS direction for policy, action review, notification routing, receipts/evidence, and emergency stop. - [Pricing](https://mindburn.org/pricing/): Public HELM pricing for Policy Lab, HELM Cloud Free, Developer, Team, Scale, and Enterprise. - [Policy Compiler Workbench](https://mindburn.org/scan/): Local browser-only policy compiler and receipt verifier. - [HELM comparison hub](https://mindburn.org/helm/vs/): HELM vs MCP gateways, audit logs, identity, autonomous execution tools, and agent version control. - [Use cases](https://mindburn.org/use-cases/): Access change, production deploy, customer-data update, finance transfer, vendor onboarding, competitive briefing, and board pack proof paths. - [Personas](https://mindburn.org/security/): Security, IT, engineering, operators, and founders pages with one pain, workflow, proof artifact, and CTA each. - [Research](https://mindburn.org/research/): Curated status-labeled research. Long-horizon material is strategic and non-normative. - [Company](https://mindburn.org/company/): Company identity, mission, team, product map, repo map, principles, and peycheff.com relationship. - [Assistant](https://mindburn.org/assistant/): Utility pointer to the contact flow; agents query public sources through the read-only /api/assistant, /mcp, and /a2a surfaces. - [Security](https://mindburn.org/security/): Security persona page with responsible disclosure, Company AI OS boundaries, provenance, SBOM, and receipt-verification trust substitutes. - [Contact](https://mindburn.org/contact/): Kernel, Cloud, Enterprise, Code Intelligence, business loop, simulator gateway, investor, technical collaboration, security, and press routing. - [Privacy notice](https://mindburn.org/privacy/): Visitor data handling. - [Terms of use](https://mindburn.org/terms/): Terms for using mindburn.org. ## External Surfaces - [HELM Docs](https://helm.docs.mindburn.org/): Live HELM documentation. - [HELM AI Kernel Docs](https://helm.docs.mindburn.org/helm-ai-kernel): Live Kernel docs route. - [HELM AI Kernel repository](https://github.com/Mindburn-Labs/helm-ai-kernel): Public OSS kernel repository. - [HELM Agent Integrations repository](https://github.com/Mindburn-Labs/helm-agent-integrations): Public HELM-compatible wrappers, demos, generated sample receipts, and sample EvidencePacks. - [HELM Agent Integrations v0.1.0 release](https://github.com/Mindburn-Labs/helm-agent-integrations/releases/tag/v0.1.0): Release assets and checksums for the first integration examples slice. - [peycheff.com](https://peycheff.com/): Founder thesis archive and non-normative writing surface. - [Site SBOM](https://mindburn.org/security/sbom.cdx.json): Public package manifest. ## Agent Surfaces - [A2A Agent Card](https://mindburn.org/.well-known/agent-card.json): Read-only A2A discovery for public Mindburn site search, source reading, and public answers. - [A2A JSON-RPC endpoint](https://mindburn.org/a2a): Stateless synchronous A2A endpoint for completed read-only tasks over public sources. - [MCP server card](https://mindburn.org/.well-known/mcp/server-card.json): MCP-style tool discovery for public source search, source reading, and source listing. - [MCP JSON-RPC endpoint](https://mindburn.org/mcp): Read-only MCP-style tool endpoint backed only by the public assistant source index. - [OpenAPI discovery](https://mindburn.org/openapi.json): Public HTTP contract for the website's agent-facing and assistant surfaces.