HELM Sandbox Governance — OpenSandbox / E2B / Daytona

HELM enforces strict governance on sandbox execution with preflight posture checks and receipt preimage binding.

---

Quick Start

# Mock provider (zero deps, for demos)
helm sandbox exec --provider mock -- echo "Hello"

# Real providers
helm sandbox exec --provider opensandbox -- npm test
helm sandbox exec --provider e2b -- python script.py
helm sandbox exec --provider daytona -- cargo build

---

Strict Preflight

Before any sandbox command executes, HELM performs a strict posture check:

Check	Description
Provider version	Pinned to known-good version
Image digest	SHA-256 of container/sandbox image
Egress policy	Hash of network egress rules
Mount policy	Read-only workspace mounts
Resource limits	CPU, memory, time bounds

Degraded posture → automatic DENY. No fallthrough.

---

Receipt Preimage Binding

Every sandbox execution produces a receipt whose preimage binds:

provider_version | sandbox_spec_hash | image_digest | mounts_hash | egress_policy_hash | resource_limits_hash

This means the receipt cryptographically proves which exact sandbox configuration was used.

---

Conformance Tiers

# Check provider conformance
helm sandbox conform --provider opensandbox --tier compatible
helm sandbox conform --provider e2b --tier verified
helm sandbox conform --provider daytona --tier sovereign --json

Tier	Requirements
Compatible	L1 pass (preflight, receipt binding)
Verified	L1 + L2 + strict preflight + receipt binding checks
Sovereign	Verified + L3 degraded-path adversarial tests

---

Provider Setup

OpenSandbox

export OPENSANDBOX_API_KEY=your-key
helm sandbox exec --provider opensandbox -- echo "governed"

E2B

export E2B_API_KEY=your-key
helm sandbox exec --provider e2b -- echo "governed"

Daytona

export DAYTONA_API_KEY=your-key
helm sandbox exec --provider daytona -- echo "governed"

---

Switching Providers

One flag:

helm sandbox exec --provider opensandbox -- npm test
helm sandbox exec --provider e2b -- npm test        # same command, different provider
helm sandbox exec --provider daytona -- npm test

Receipts bind to the specific provider configuration used.