PUBLIC

Signed Receipts and Replayable Evidence

Important work should leave proof that can be checked later

Autonomous work should emit signed receipts and replayable evidence.

CURRENT 5 min Advanced Paper
Article map
Maps to
Maps to HELM AI Kernel
Status
PUBLIC
Reviewed
2026-06-08

Editorial thesis, proof-safe boundary.

Autonomous execution needs more than logs. This paper explains why proposals, verdicts, approvals, execution results, and evidence references should be captured for audit and replay.

ReceiptsEvidencePackReplay

What this does and does not claim.

Does
  • Frames signed receipts and replayable evidence as a research lens for governed AI execution.
  • Separates model proposal from execution authority.
  • Keeps product claims tied to current public HELM evidence surfaces.
Does not
  • Does not claim every described pattern is generally available in production.
  • Does not claim third-party compliance approval, vendor partnership, or compliance attestation.
  • Does not make local demos, tests, or diagrams equivalent to live customer proof.

Claim, boundary, evidence implication.

Claim

Autonomous work should emit signed receipts and replayable evidence.

Boundary

The article describes the proof model and does not claim every deployed environment emits every artifact today.

Evidence

Proof claims need receipt hashes, verifier coverage, and EvidencePack references.

Where this maps.

Maps to HELM AI Kernel. Product relevance: HELM AI Kernel. Status: PUBLIC. Horizon: CURRENT.

Diagram interlude

Receipts make execution replayable as evidence.

Every governed action needs a receipt trail that can be inspected without turning private context into public proof.

ProofGraph Event TrailREPLAYABLESIGNEDHASH-CHAINED
Every action leaves a chain of signed evidence that can be replayed and verified.
ProofGraph Event TrailProofGraph Event Trail: 8 cryptographic events form a chain from Proposal through Receipt to Replay, each with timestamp, actor, policy version, and hash.SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]EVENT CHAINClick any event to reveal its metadata. Arrow keys navigate.▶ REPLAY
Text description
EventTimestampActorHashDecision
Proposal14:32:01.442Zagent-sprint-twina4f2…c891Submitted
Policy Snapshot14:32:01.443Zhelm-pepe7b1…3d40Captured
Approval State14:32:01.510Zhelm-cpi91c8…f712Verified
Tool Contract14:32:01.511Zhelm-connectorb3d0…8a21Matched
Action14:32:01.580Zconnector-githubf4e2…1b09Executed
Receipt14:32:01.581Zhelm-proofc912…4df8Signed
EvidencePack14:32:01.590Zhelm-evidenced1a7…92e3Bundled
Replayauditorfull chainVerifier pass
Open standalone diagram

A governed action should leave a receipt. The receipt binds the proposed action, policy context, decision, and evidence posture so an operator or reviewer can inspect what happened without trusting a narrative summary.

Why it matters now

  • Logs describe events, but receipts prove the decision boundary that allowed, denied, or escalated an action.
  • Replayable evidence makes audits possible after the model session is gone.
  • Private context can stay private while hashes, verdicts, and evidence references remain inspectable.

Boundary and evidence

This article describes the proof model. It does not claim every deployed environment emits every artifact today.

The public Kernel and scan workbench show the narrower receipt posture: local verification, hashes, policy overlays, and evidence packs where available.

Product map

Read models propose, HELM governs execution to connect the receipt back to the boundary decision.

The operating rule is consistent across the library: research can frame the question, but execution claims need source-owned proof. Look for policy checks, approval state, connector contracts, receipt hashes, replay evidence, or a clearly labeled product surface before treating an idea as current capability.

Request architecture review Back to Research