Autonomous-company architecture is not a single agent with more permissions. It is a layered system that separates company context, model proposal, policy authority, execution, and evidence. The useful question is not whether a model can plan work. The useful question is where the right to act is checked.
Why it matters now
- Without layers, every improvement in model capability increases the blast radius of a wrong action.
- A company can become more automated only when each transition from suggestion to effect has a named boundary.
- The architecture must make proof normal, not exceptional, because after-the-fact explanations are weak substitutes for pre-action authority.
Boundary and evidence
This article is strategic architecture research. It does not claim that every layer is publicly shipped or available as a single production system today.
Read it as the map around HELM, not as a replacement for HELM product evidence. Kernel pages remain the current public boundary proof. Company OS pages describe reviewed-access direction.
Product map
Use this piece after the execution authority thesis when you need the system-level map: context can inform work, models can propose work, HELM decides whether work may cross the boundary.
The operating rule is consistent across the library: research can frame the question, but execution claims need source-owned proof. Look for policy checks, approval state, connector contracts, receipt hashes, replay evidence, or a clearly labeled product surface before treating an idea as current capability.
