Mindburn Labs
Founding Cohort
APACHE 2.0

Execution Authority for AI Agents

An open-source, fail-closed runtime governance layer for agent tool calls. Every side-effect is proposed, policy-checked, executed, and cryptographically receipted. MCP-native, framework-agnostic, verifiable offline. Apache 2.0.

View on GitHub Read the Standard
ARCHITECTURE

Governed Execution Pipeline

Every AI action flows through three trust boundaries โ€” from proposal to cryptographic receipt. Click any stage to see its invariant and proof output.

External BoundaryAgent sends structured proposals โ€” never raw execution
Kernel โ€” Fail-ClosedEvery proposal is validated, policy-checked, then executed under governance
Proof SurfaceReceipts chain into an offline-verifiable evidence bundle
Hover or click any stage to see its invariant and proof output
ExternalKernel boundaryProof surface
Full architecture docs
INPUT โ†’ GOVERNANCE โ†’ PROOF

From proposed action to verifiable proof

HELM turns policy inputs into deterministic execution records and offline-verifiable evidence without letting raw tool calls slip around the boundary.

Fail-closed runtimeOffline verificationMCP-native
HELM OSS execution latticeTyped policies, regulations, and permissions flow into the HELM core engine, which executes inside a fail-closed sandbox and emits audit trails, cryptographic proofs, and deterministic action records.POLICY SURFACESPROOF SURFACESTYPED GUARDRAILSPOL-01PoliciesJURISDICTION RULESREG-02RegulationsHUMAN APPROVALSPERM-03PermissionsFAIL-CLOSED KERNELHELMCore execution authorityCPI โ€ข PEP โ€ข WASI SANDBOX โ€ข RECEIPTSAudit TrailsCrypto ProofsCompleted Actions
Inputs arrive as typed constraints, not raw execution.HELM enforces policy before any side-effect is allowed.Outputs exit as receipts and proofs that can be checked offline.
Input Surface

Policies, rules, approvals

Governance starts with typed constraints from policy files, regulatory rules, and human permission checkpoints.

Kernel Boundary

Deterministic execution

The core validates, policy-checks, executes in a sandbox, and fails closed whenever the boundary cannot prove it is safe.

Proof Surface

Artifacts anyone can inspect

Every action leaves an auditable trail: receipts, proof structures, and completed action records that survive outside the runtime.

QUICKSTART

Deploy in 5 minutes

HELM is framework-agnostic. Here are exact code changes for popular stacks.

1
Clone the repo
$ git clone https://github.com/Mindburn-Labs/helm-oss.git
2
Build the kernel
$ cd helm-oss && go build ./cmd/helm-proxy
3
Start the proxy
$ ./helm-proxy --config config.yaml
4
Point your agent
$ export OPENAI_BASE_URL=http://localhost:8420/v1
Full quickstart guide
MCP ECOSYSTEM

Works with every MCP client

HELM is MCP-native. Any client that speaks the Model Context Protocol can use HELM as its execution authority โ€” no adapters, no shims.

FRAMEWORK COMPATIBILITY

Framework-agnostic by design

Change one URL โ€” every framework gets receipts, policy enforcement, and offline verification.

Full compatibility matrix
OSS โ†” HELM BOUNDARY

What's free. What's not. Why.

OSS makes HELM the default runtime boundary. HELM Enterprise becomes the default operating system for that boundary at scale.

OPEN SOURCE

OSS Kernel

$0
  • Deterministic proposal โ†’ effect pipeline with fail-closed enforcement
  • Hash-linked receipt DAG with session-anchored integrity
  • Gas-metered execution with configurable limits per action
  • Human-in-the-loop checkpoints with cryptographic attestation
  • L1/L2/L3 test vectors with deterministic JSON output
ENTERPRISE

HELM Enterprise

Custom
  • Cross-org trust delegation with revocable credentials
  • Model benchmarking and cost optimization analytics
  • Salesforce, SAP, ServiceNow native integrations
  • Multi-cluster deployment with centralized policy management
  • SOC 2, HIPAA, and ISO 27001 compliance automation
  • TEE-bound execution with silicon-level tamper evidence
FAQ

Common questions

Ship governance today

Clone the repo. Run the conformance suite. Deploy to production.

View on GitHub Full Documentation