The execution authority for AI agents

Govern every action. Prove every outcome.

HELM is the fail-closed execution layer between AI agents and real-world systems. It decides what's allowed, enforces policy, and creates cryptographic evidence for everything that happens.

Explore the platform Read the docs

Fail-closed

Default deny.

Nothing slips through.

Cryptographic proof

Every decision is signed.

Every effect is verifiable.

Built for builders

Open source kernel.

Enterprise control plane.

Verified public
artifacts

GitHub Hedera CLI OpenAPI SDKs SBOM Cloudflare Google Checksums

How HELM works

A deterministic boundary for autonomous work.

1

Agent proposes

An agent or application proposes an action.

2

Policy is checked

Policy is evaluated against context and rules.

3

If allowed, execute

Action runs in an isolated kernel jurisdiction.

4

Outcome recorded

Decisions and effects are signed and recorded.

5

Evidence stored

ProofLogs and EvidencePacks capture the full trace.

6

Verify anytime

Anyone can verify offline with public proof.

HELM AI Kernel

The open source execution firewall.

Interposable, policy, sandboxing, proofs, and verifiability. Run anywhere. Integrate everywhere.

  • MCP quarantines & control
  • API request boundary
  • Signed events & EvidencePacks
  • Offline verification
  • Self-hostable
Get started View on GitHub

+ helm kernel status

Verdict
ALLOW
Policy
ops.budget.v1
Reason
within approved budget
Receipt
9f2b76a...c18b
Status
200 OK

HELM AI Company OS

Govern company work, not just agent calls.

Company AI OS turns drift, requests, and operational signals into reviewed specs, approvals, Kernel-governed execution, and closure evidence.

Catalog governed work

Map agents, tools, owners, and policies in one operating layer.

Route before execution

Apply access, approval, and budget rules before work runs.

Gate external web evidence

Require source hashes, receipts, and EvidencePack refs before web Search/Fetch evidence informs specs.

Attach proof

Bind decisions, receipts, and effects to governed actions.

Close the loop

Review drift and update policy from observed outcomes.

Explore Company OS Book a demo

Governed Work In Action

See governed work move from request to proof.

One company action enters HELM, receives a policy decision, routes approval when needed, and leaves behind a receipt.

Engineering

Input
dependency drift found
HELM
creates GeneratedSpec
Decision
ESCALATE to code owner
Proof
PR ref + EvidencePack

DevOps

Input
deploy request
HELM
checks environment and rollback plan
Decision
ESCALATE
Proof
approval receipt + healthcheck receipt

Security

Input
IAM permission change
HELM
checks scope and owner
Decision
QUARANTINE or ESCALATE
Proof
security owner approval + receipt

Verifiable by design

Evidence you can trust and prove.

HELM proof paths bind decisions to receipts and EvidencePacks where a source-owned route exists. Receipts show the decision. EvidencePacks show the review chain for that route.

ProofGraph

DecisionEffectArtifactPolicyActor

Receipt details

Verdict
ALLOW
Policy
ops.finance.v2
Actor
finance-agent
Time
2025-04-16T14:33:27Z
Receipt ID
98a9e2c6...a4f2
Signature
ecc5139a5d...3ef1

Verify

Signature valid

Integrity verified

No tampering detected

Verify offline Open sample EvidencePacks
“HELM makes autonomy possible without giving up control.”
Architecture review principle

Ready to govern your agents?

Join the builders turning AI into trustworthy autonomous work.

Book a demo Talk to sales