HELM Changelog

Audience

This changelog is for developers, operators, security reviewers, and evaluators tracking public HELM product, Console, Teams, Enterprise, and reference changes across releases.

Outcome

After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim.

Source Truth

• Public route: changelog
• Source document: helm-ai-enterprise/CHANGELOG.md
• Public manifest: helm-ai-enterprise/docs/public-docs.manifest.json
• Source inventory: helm-ai-enterprise/docs/source-inventory.manifest.json
• Validation: corepack pnpm run docs:coverage, corepack pnpm run docs:truth, and npm run coverage:inventory from docs-platform

Do not expand this page with unsupported product, SDK, deployment, compliance, or integration claims unless the inventory manifest points to code, schemas, tests, examples, or an owner doc that proves the claim.

Troubleshooting

All notable changes to the HELM AI Enterprise/control-plane surface are documented in this file. HELM AI Kernel release notes are surfaced here as a pointer because the HELM docs site also hosts the OSS pages under /helm-ai-kernel/*.

HELM AI Kernel v0.4.0 — 2026-04-25

Latest public Kernel release: https://github.com/Mindburn-Labs/helm-ai-kernel/releases/tag/v0.4.0.

Use /helm-ai-kernel/changelog for the full Kernel release notes. The v0.4.0 GitHub release published platform binaries for Darwin, Linux, and Windows, SHA256SUMS.txt, sbom.json, release-attestation.json, evidence-pack.tar, release.high_risk.v3.toml, helm-ai-enterprise.mcpb, and helm-ai-enterprise.rb.

The tag is v0.4.0; no public major-version HELM AI Kernel GitHub release was found in the 2026-05-05 release audit.

[3.0.0] — 2026-02-21

Added

• @mindburn/helm-ai-enterprise CLI v3 — npx @mindburn/helm-ai-enterprise for one-command verification with progressive disclosure, cryptographic proof (Ed25519 + real Merkle tree), and HTML evidence reports.
• v3 bundle format spec (docs/cli_v3/FORMAT.md) — canonicalization rules, Merkle tree construction, attestation schema.
• Key rotation policy (docs/cli_v3/KEYS.md).
• Release pipeline — evidence bundle build job with Ed25519 attestation signing in release.yml.
• Verification guide (docs/verify.md).

Security

• Removed .env.release containing plaintext tokens from repo and git history.
• Purged 376MB of compiled binaries from artifacts/ tracked in git history via git filter-repo.
• Hardened .gitignore — secrets hard lock (.env*, *.key, *.pem), artifacts/ blanket ignore.
• Removed committed encrypted cookie from core/pkg/console/.auth/.

Removed

• cli/ directory (v2, superseded by packages/mindburn-helm-ai-enterprise-cli/).
• Internal planning docs: OSS_CUTLINE.md, UNKNOWNs.md, TITAN docs, investment memo.
• Dead redirect stubs for HELM_Unified_Canonical_Standard.md.

[0.1.1] — 2026-02-19

Fixed

• Resolved MockSigner build failure in core/pkg/guardian by implementing missing PublicKeyBytes.
• Fixed redundant signature assignment in Ed25519Signer.SignDecision.
• Standardized ImmunityVerifier hashing logic and cleaned up misleading test comments.
• Corrected version display in helm-ai-enterprise CLI help output.

Improved

• Increased governance package test coverage from 60.8% to 79.5%.
• Added comprehensive unit tests for LifecycleManager, PolicyEngine, EvolutionGovernance, SignalController, and StateEstimator.

[0.1.0] — 2026-02-15

Added

• Proxy sidecar (helm-ai-kernel proxy) — OpenAI-compatible reverse proxy. One line changed, every tool call gets a receipt.
• SafeExecutor — single execution boundary with schema validation, hash binding, and signed receipts.
• Guardian — policy engine with configurable tool allowlists and deny-by-default.
• ProofGraph DAG — signed nodes (INTENT, ATTESTATION, EFFECT, TRUST_EVENT, CHECKPOINT) with Lamport clocks and causal PrevHash chains.
• Trust Registry — event-sourced key lifecycle (add/revoke/rotate), replayable at any height.
• WASI Sandbox — deny-by-default (no FS, no net) with gas/time/memory budgets and deterministic trap codes.
• Approval Ceremonies — timelock + deliberate confirmation + challenge/response, suitable for disputes.
• EvidencePack Export — deterministic .tar.gz with sorted paths, epoch mtime, root uid/gid.
• Replay Verify — offline session replay with full signature and schema re-validation.
• CLI — 11 commands: proxy, export, verify, replay, conform, doctor, init, trust add/revoke, version, serve.
• SDK Stubs — TypeScript and Python client libraries.
• Regional Profiles — US, EU, RU, CN with Island Mode for network partitions.
• 12 executable use cases with scripted validation.
• Conformance gates — L1 (kernel invariants) and L2 (profile-specific).

Security

• Fail-closed execution: undeclared tools are blocked, schema drift is a hard error.
• Ed25519 signatures on all decisions, intents, and receipts.
• ArgsHash (PEP boundary) cryptographically bound into signed receipt chain.
• 8-package TCB with forbidden-import linter.

Diagram

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        source["Changelog"]
        s0["HELM AI Kernel v0.4.0 — 2026-04-25"]
        s1["[3.0.0] — 2026-02-21"]
        s2["[0.1.1] — 2026-02-19"]
        s3["[0.1.0] — 2026-02-15"]
        output["Reader outcome"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> s3
    s3 --> output

    %% Premium Styling Rules

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        source["Changelog"]
        s0["HELM AI Kernel v0.4.0 — 2026-04-25"]
        s1["[3.0.0] — 2026-02-21"]
        s2["[0.1.1] — 2026-02-19"]
        s3["[0.1.0] — 2026-02-15"]
        output["Reader outcome"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> s3
    s3 --> output

    %% Premium Styling Rules