Research / Execution substrate

Signed Receipts and Replayable Evidence

Important work should leave proof that can be checked later.

CURRENT Advanced Developer / CISO / Security

Current HELM AI Kernel relevance. This page separates current product relevance from thesis material.

PUBLIC

Diagram interlude

Receipts make execution replayable as evidence.

Every governed action needs a receipt trail that can be inspected without turning private context into public proof.

ProofGraph Event TrailREPLAYABLESIGNEDHASH-CHAINED
Every action leaves a chain of signed evidence that can be replayed and verified.
ProofGraph Event TrailProofGraph Event Trail: 8 cryptographic events form a chain from Proposal through Receipt to Replay, each with timestamp, actor, policy version, and hash.SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]SECURE_BLOCK_CHAIN_HASH_VALIDATION_STAMP_MD5_SHA256_VERIFIED_BY_HELM_KERNEL_SECURE_REPLAY_HASH_[a4f2_e7b1_91c8_b3d0]EVENT CHAINClick any event to reveal its metadata. Arrow keys navigate.▶ REPLAY
Text description
EventTimestampActorHashDecision
Proposal14:32:01.442Zagent-sprint-twina4f2…c891Submitted
Policy Snapshot14:32:01.443Zhelm-pepe7b1…3d40Captured
Approval State14:32:01.510Zhelm-cpi91c8…f712Verified
Tool Contract14:32:01.511Zhelm-connectorb3d0…8a21Matched
Action14:32:01.580Zconnector-githubf4e2…1b09Executed
Receipt14:32:01.581Zhelm-proofc912…4df8Signed
EvidencePack14:32:01.590Zhelm-evidenced1a7…92e3Bundled
Replayauditorfull chainVerifier pass

The Auditability Gap in Autonomous Systems

When an API call is made by a human developer, the audit trail is usually straightforward: an identity, a timestamp, and a request payload. When an autonomous AI agent executes a sequence of actions, the context is far more complex.

Why did the agent make that specific decision? What data did it consider? Was it following a human instruction or its own derived logic? Traditional logging is insufficient for answering these questions, creating a critical compliance gap for enterprises.

Cryptographic Provenance

HELM addresses this gap by ensuring every action taken by the system generates Signed Receipts and Replayable Evidence.

The Evidence Pack

Whenever a proposal is generated and evaluated, HELM compiles an “Evidence Pack.” This is a signed, tamper-sensitive record containing:

  • The Original Intent: The user prompt or trigger that initiated the action.
  • The Context: The specific source-backed context state the model had access to at the time.
  • The Proposal: The exact JSON/Protobuf spec generated by the model.
  • The Policy Evaluation: The deterministic result of the HELM runtime evaluating the proposal against organizational rules.
  • The Human Approval: If a HitL gate was involved, the cryptographic signature of the human approver.
  • The Execution Result: The final outcome of the action.

Replayability for Trust and Debugging

Because every input and state transition is captured in the Evidence Pack, any execution can be deterministically replayed.

  • For Auditors: This gives reviewers a chain from human intent to machine execution. It is evidence, not a certification.
  • For Engineers: This allows developers to load a failed execution state locally, inspect exactly what the model saw, and debug the specific failure point without needing to recreate the entire non-deterministic conversation.

In the HELM loop, execution should not be a black box. It should leave a receipt that people can inspect.

← Back to Research