Local preview. Browser-only compiler.

Compile a fail-closed policy from your agent surface.

Paste redacted tool config, edit ALLOW / ESCALATE / DENY rules, export local policy artifacts, and verify receipts without sending raw material.

Compile policy Verify receipt

The compiler loop

Load
MCP configs, tool manifests, GitHub scopes, and sample logs.
Classify
Code, customer data, money, access, and production state.
Decide
ALLOW, ESCALATE, or DENY with receipt and owner placeholders.
Export
Download the report, MCP overlay, or HELM kernel policy pack.
Preview artifact terms
EvidencePack
A small bundle of records used to verify one event or review path.

Browser-only preview. Summary handoff only.

  1. 1Inspect surface

    Paste redacted config, scopes, or logs.

  2. 2Compile policy

    Edit ALLOW, ESCALATE, and DENY rules.

  3. 3Export / review

    Download local artifacts or hand off a summary.

Inspect surface

Paste the material

Use redacted MCP configs, tool manifests, GitHub app scopes, or sample logs. The pasted text stays in this browser.

Raw pasted material is never attached to the contact request or telemetry. Only derived counts and the generated summary are staged locally after compile.

Compile policy

Policy workbench

MCP config · 12 rules · default DENY

100/100local score
Critical

Fail-closed policy compiled

Review each action before treating this overlay as executable runtime policy.

Allow2
Escalate10
Deny0
Custom MCP6

Compiler boundary

ALLOW / ESCALATE / DENY

ReadyDefault decision

Runtime overlay remains deny by default unless a rule says otherwise.

ReadyPolicy verdicts

12 local rules compiled.

ReadyReceipts

10 rules require receipt evidence.

NeededCustom MCP review

6 custom or low-confidence actions need mapping.

Custom MCP review

6 custom or low-confidence actions are visible before export. Unknown write-like tools default to DENY until mapped.

  • Money · stripe.refund.create
  • Money · payments.transfer
  • Access · conversations.invite
  • Customer data · chat.postMessage

Code

5 actions

docs.searchreadonlyDocs · medium confidence · json_structural

The surface appears read-only from this sample.

mcpServers.readonlyDocs.tools[0]: docs.search
issues.readreadonlyDocs · medium confidence · json_structural

The surface appears read-only from this sample.

mcpServers.readonlyDocs.tools[1]: issues.read
Code write or repository mutationgithub · high confidence · scope_pattern

The surface can change source code, pull requests, workflows, or repository state.

mcpServers.github.permissions.contents: write
Code write or repository mutationgithub · high confidence · scope_pattern

The surface can change source code, pull requests, workflows, or repository state.

mcpServers.github.permissions.pull_requests: write
Code write or repository mutationgithub · high confidence · scope_pattern

The surface can change source code, pull requests, workflows, or repository state.

mcpServers.github.permissions.actions: write

Customer data

1 actions

chat.postMessageslack · high confidence · connector_profile

The surface can export, transform, or post customer records or private user data.

mcpServers.slack.tools[0]: chat.postMessage

Money

2 actions

stripe.refund.createfinance · high confidence · json_structural

The surface can move money, issue refunds, create invoices, or change financial state.

mcpServers.finance.tools[0]: stripe.refund.create
payments.transferfinance · high confidence · json_structural

The surface can move money, issue refunds, create invoices, or change financial state.

mcpServers.finance.tools[1]: payments.transfer

Access

4 actions

conversations.inviteslack · high confidence · connector_profile

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.slack.tools[1]: conversations.invite
Access, identity, or secret boundarygithub · high confidence · scope_pattern

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.github.permissions.contents: write
Access, identity, or secret boundarygithub · high confidence · scope_pattern

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.github.permissions.pull_requests: write
Access, identity, or secret boundarygithub · high confidence · scope_pattern

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.github.permissions.actions: write

Risk report

Top 5 of 10.

SeverityActionStatusControl
CriticalLine 8 · high
Access, identity, or secret boundary

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.slack.tools[1]: conversations.invite
UnguardedAccess

Require least-privilege scope, owner approval, identity binding, and an access receipt.

CriticalLine 9 · high
Money movement or billing change

The surface can move money, issue refunds, create invoices, or change financial state.

mcpServers.finance.tools[0]: stripe.refund.create
UnguardedMoney

Require spend policy, threshold approval, ledger context, and a finance receipt.

CriticalLine 10 · high
Money movement or billing change

The surface can move money, issue refunds, create invoices, or change financial state.

mcpServers.finance.tools[1]: payments.transfer
UnguardedMoney

Require spend policy, threshold approval, ledger context, and a finance receipt.

HighLine 4 · high
Code write or repository mutation

The surface can change source code, pull requests, workflows, or repository state.

mcpServers.github.permissions.contents: write
UnguardedCode

Require repository scope, code-owner approval, policy verdict, and a code/action receipt.

HighLine 4 · high
Access, identity, or secret boundary

The surface can grant roles, invite users, rotate tokens, or change permission state.

mcpServers.github.permissions.contents: write
UnguardedAccess

Require least-privilege scope, owner approval, identity binding, and an access receipt.

Export warnings

  • 6 custom or low-confidence tool actions require explicit review before execution.
Request architecture review

Review handoff contains the generated summary, categories, decision counts, and custom MCP count only.

Bring one real action path.

Use the local policy pack to pick the first GitHub, Linear, Slack, finance, access, or production action that needs HELM governance. The contact handoff carries only the generated summary, categories, decision counts, and custom MCP count.

Request architecture review