company-ai-os
Authority Boundary
The Company AI OS story is only safe when the authority boundary stays explicit. Models, retrieval systems, company graphs, and generated drafts can propose work. HELM decides whether a real side effect may cross the bouPublicSource-ownedMarkdown export
The Company AI OS story is only safe when the authority boundary stays explicit.
Models, retrieval systems, company graphs, and generated drafts can propose work. HELM decides whether a real side effect may cross the boundary.
Boundary rule
No consequential side effect should become real unless HELM can evaluate the request, enforce the policy boundary, and preserve proof.
In public copy, the boundary should name the mechanism:
- CPI checks plan shape, policy, actor, tenant, approval, and other required context before the proposal continues.
- PEP gates the side-effect boundary before connectors, production systems, payments, customer messages, access changes, or physical actions run.
- Receipts record the verdict and bind it to reviewable proof.
What is not authority
The following can help plan or explain work, but they should not be described as execution authority:
- A model answer.
- A valid-looking JSON payload.
- A CompanyArtifactGraph query result.
- An OrgGenome Compiler draft.
- A ticket, meeting note, or customer promise by itself.
- A diagram or Atlas view.
Verdict posture
Use the current public verdict terms:
ALLOW: HELM permits the action to run.DENY: HELM blocks the action.ESCALATE: HELM stops and asks for more facts, policy, or human approval.
Do not use old or softer verdict language on new public pages.
Diagram
flowchart TD
subgraph Proposals["1. Proposal Generation (Stochastic)"]
Model["Model Tool Call Proposal"]
Tickets["Ticket / External Intent Trigger"]
Model & Tickets --> Normalize["Parse & Normalize Arguments"]
end
subgraph Interceptors["2. Interceptor Evaluation Plane"]
Normalize --> Temporal["TemporalInterceptor: Check Time Bounds"]
Temporal --> Freeze["FreezeInterceptor: Inspect Kill Switch"]
Freeze --> ZeroID["ZeroIDInterceptor: Verify Identity Claims"]
ZeroID --> PDP{"PDP Evaluation: Cedar / OPA / CEL"}
end
subgraph Decision["3. Verdict Resolution & Execution"]
PDP -->|ALLOW| Sandbox["Allocate Warm Sandbox Lease"]
PDP -->|DENY| Block["DENY: Fail-Closed Enforced"]
PDP -->|ESCALATE| Ceremony["ESCALATE: Operator Signing Ceremony"]
Sandbox --> Dispatch["Dispatch Tool Call in Containment"]
Ceremony -->|Approved| Sandbox
Ceremony -->|Rejected| Block
end
subgraph Proof["4. Cryptographic Proof & Ledger"]
Dispatch --> Rec1["Generate signed ALLOW Receipt"]
Block --> Rec2["Generate signed DENY Receipt"]
Rec1 & Rec2 --> JCS["RFC 8785 JCS Canonicalization"]
JCS --> ProofGraph["Append to Merkle ProofGraph DAG"]
ProofGraph --> EvidencePack["Compile Offline EvidencePack Bundle"]
end
style PDP fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
style Sandbox fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff
style Block fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff
style Ceremony fill:#dd6b20,stroke:#9c4221,stroke-width:2px,color:#fffMermaid source
flowchart TD
subgraph Proposals["1. Proposal Generation (Stochastic)"]
Model["Model Tool Call Proposal"]
Tickets["Ticket / External Intent Trigger"]
Model & Tickets --> Normalize["Parse & Normalize Arguments"]
end
subgraph Interceptors["2. Interceptor Evaluation Plane"]
Normalize --> Temporal["TemporalInterceptor: Check Time Bounds"]
Temporal --> Freeze["FreezeInterceptor: Inspect Kill Switch"]
Freeze --> ZeroID["ZeroIDInterceptor: Verify Identity Claims"]
ZeroID --> PDP{"PDP Evaluation: Cedar / OPA / CEL"}
end
subgraph Decision["3. Verdict Resolution & Execution"]
PDP -->|ALLOW| Sandbox["Allocate Warm Sandbox Lease"]
PDP -->|DENY| Block["DENY: Fail-Closed Enforced"]
PDP -->|ESCALATE| Ceremony["ESCALATE: Operator Signing Ceremony"]
Sandbox --> Dispatch["Dispatch Tool Call in Containment"]
Ceremony -->|Approved| Sandbox
Ceremony -->|Rejected| Block
end
subgraph Proof["4. Cryptographic Proof & Ledger"]
Dispatch --> Rec1["Generate signed ALLOW Receipt"]
Block --> Rec2["Generate signed DENY Receipt"]
Rec1 & Rec2 --> JCS["RFC 8785 JCS Canonicalization"]
JCS --> ProofGraph["Append to Merkle ProofGraph DAG"]
ProofGraph --> EvidencePack["Compile Offline EvidencePack Bundle"]
end
style PDP fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
style Sandbox fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff
style Block fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff
style Ceremony fill:#dd6b20,stroke:#9c4221,stroke-width:2px,color:#fffSource truth
- Kernel verdict semantics, receipt headers, ProofGraph routes, replay verification, and conformance vectors:
helm-ai-kernel/README.md,helm-ai-kernel/api/openapi/,helm-ai-kernel/sdk/ts/src/client.ts,helm-ai-kernel/protocols/conformance/v1/test-vectors.json, andhelm-ai-kernel/tests/conformance/. - Enterprise API tags and route surfaces for ProofGraph, EvidencePack, Company Artifact Graph, GeneratedSpec, and connectors:
helm-ai-enterprise/api/openapi/helm.openapi.yamlandhelm-ai-enterprise/apps/console/src/router/routes.tsx. - Enterprise design-system route blueprints for approvals, actions, receipts, evidence, replay, audit, and connectors:
helm-ai-enterprise/packages/helm-ai-enterprise-design-system/src/routes/blueprints.ts.
Review checklist
Before publishing a Company AI OS explanation, check that it answers:
- What proposed side effect is being discussed?
- Which boundary evaluates it before dispatch?
- What proof remains after ALLOW, DENY, or ESCALATE?
- Which claims are current product behavior and which are reviewed-access Enterprise direction?