AI software

Let AI coding agents write code, not rewrite the rules

Give AI coding agents write access without surrendering control. Every PR, merge, and command gets a fail-closed verdict and a signed receipt you can verify offline.

Run the execution risk test Request a proof pack

The problem

The action is the risk, not the model.

A coding agent with repository and shell access can merge to protected paths or run a destructive command. Buyers want the boundary and the proof before they grant it write access.

Granting this agent access means it can open pull requests, run commands, and change code. Each of those is a side effect someone has to answer for.

What HELM does

A verdict before the side effect runs.

HELM checks the proposed action against policy before any effect runs, then records a signed receipt. Here is one path for ai coding agents and autonomous dev platforms.

Agent proposes

Agent attempts to force-push to a protected branch

HELM checks policy

Checks branch protection, diff scope, and reviewer

Verdict

DENY

Proof

Denied-action receipt + diff hash

Proof you can hand to a reviewer

Evidence that survives outside the dashboard.

Each governed action leaves a record your security reviewer can verify offline.

  • PR-action receipt
  • Denied destructive-command receipt
  • Signed EvidencePack

Action class: Code merge / PR action

How this side effect is governed

Default policy. Allow for draft; escalate for merge or protected paths.

Required evidence. PR receipt, diff hash, reviewer disposition.

Questions

What reviewers ask first.

Can the agent act without approval?

Not for this action class. HELM checks the proposed action against policy before any side effect runs. For code merge / pr action the default is "Allow for draft; escalate for merge or protected paths", so anything unknown or unapproved stops by default.

What evidence do I show a security reviewer?

Every decision records pr receipt, diff hash, reviewer disposition. You hand the reviewer the signed receipt and EvidencePack, which they verify offline without access to your dashboard.

Does this slow the agent down?

The check sits in the action path, not the conversation. Low-risk actions that policy already permits proceed; only consequential side effects pause for a verdict or an approver.

Keep reading

Follow the proof path.

Execution authority The layer that decides whether an agent action may run. Receipts vs logs Why a log is not proof an action was authorized. EvidencePacks Signed, offline-verifiable proof of what happened. See the demo Watch the agent attempt its action and HELM return a verdict.

Hand your reviewer proof, not promises.

Bring one code merge / pr action action to the boundary and see the verdict and the receipt.

Request a proof pack Run the risk test