Connector Drift

Connectors are where HELM-governed plans touch real systems. They deserve stricter language than generic integration copy because external APIs, permissions, schemas, and operational behavior can drift.

What drift means

Connector drift is a mismatch between the connector contract HELM expects and the connector behavior available at execution time.

Examples include:

• an upstream API changes a required field
• a permission scope no longer matches the intended action
• a tool starts returning a new error shape
• a vendor changes rate limits or side-effect semantics
• a physical or analog route becomes unavailable

Safe behavior

When connector verification cannot complete, public copy should say HELM blocks or escalates. It should not imply the agent improvises around the mismatch.

Certification posture

Connector certification should be described as bounded and specific:

• what action family the connector supports
• what scopes or sandbox grants are allowed
• what policy checks apply before dispatch
• what proof is recorded after the attempt
• how drift is detected, denied, or escalated

Physical and analog effects

Physical-world effects raise the standard. Shipping goods, moving money, dispatching people, operating devices, or triggering robots can be harder to roll back than software state.

Use stronger language for these paths:

• narrower action contracts
• explicit approval where needed
• route and drift checks
• receipt-backed proof after the decision

Diagram

flowchart TD
    subgraph Contract["1. Schema & Capability Verification"]
        Plan["Checked Action Plan"] --> TargetCheck["Identify Upstream Connector Target"]
        TargetCheck --> SchemaCheck["Fetch Signed Connector Schema & Scopes"]
        SchemaCheck --> LiveInspect["Query Active Interface State"]
    end

    subgraph DriftCheck["2. Drift Evaluation Plane"]
        LiveInspect --> Validate{"Schema or Scope Mismatch?"}
        
        Validate -->|API Changes / Perm Revocation / Limit Shift| Drift["Drift Detected"]
        Validate -->|Perfect Parity| Sterile["No Drift Detected"]
    end

    subgraph Execution["3. Verdict Gate & Sandbox Containment"]
        Drift --> Halt["DENY / ESCALATE: ERR_CONNECTOR_CONTRACT_DRIFT"]
        Halt --> SafeStop["Halt Execution Thread safely (Zero Side Effects)"]
        SafeStop --> OpsAlert["Emit Out-of-band Operator Patching Alert"]

        Sterile --> Sandbox["Allocate Sandbox with lease restrictions"]
        Sandbox --> EgressCheck{"Egress Firewall (Taint-Tracking)"}
        EgressCheck -->|Clean context| Dispatch["Bounded Side-Effect Dispatch"]
        EgressCheck -->|Tainted context / Unknown dest| EgressDeny["DENY: TAINTED_DATA_EGRESS_DENY"]
    end

    subgraph Proof["4. Audit Receipt Generation"]
        Dispatch --> Signed1["Signed ALLOW Receipt (Successful call)"]
        EgressDeny --> Signed2["Signed DENY Receipt (Firewall Block)"]
        OpsAlert --> Signed3["Signed ESCALATE Receipt (Pending Manual Fix)"]

        Signed1 & Signed2 & Signed3 --> ProofGraph["Append to ProofGraph DAG Ledger"]
    end

    style Validate fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style SafeStop fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff
    style Dispatch fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff
    style EgressCheck fill:#dd6b20,stroke:#9c4221,stroke-width:2px,color:#fff

flowchart TD
    subgraph Contract["1. Schema & Capability Verification"]
        Plan["Checked Action Plan"] --> TargetCheck["Identify Upstream Connector Target"]
        TargetCheck --> SchemaCheck["Fetch Signed Connector Schema & Scopes"]
        SchemaCheck --> LiveInspect["Query Active Interface State"]
    end

    subgraph DriftCheck["2. Drift Evaluation Plane"]
        LiveInspect --> Validate{"Schema or Scope Mismatch?"}
        
        Validate -->|API Changes / Perm Revocation / Limit Shift| Drift["Drift Detected"]
        Validate -->|Perfect Parity| Sterile["No Drift Detected"]
    end

    subgraph Execution["3. Verdict Gate & Sandbox Containment"]
        Drift --> Halt["DENY / ESCALATE: ERR_CONNECTOR_CONTRACT_DRIFT"]
        Halt --> SafeStop["Halt Execution Thread safely (Zero Side Effects)"]
        SafeStop --> OpsAlert["Emit Out-of-band Operator Patching Alert"]

        Sterile --> Sandbox["Allocate Sandbox with lease restrictions"]
        Sandbox --> EgressCheck{"Egress Firewall (Taint-Tracking)"}
        EgressCheck -->|Clean context| Dispatch["Bounded Side-Effect Dispatch"]
        EgressCheck -->|Tainted context / Unknown dest| EgressDeny["DENY: TAINTED_DATA_EGRESS_DENY"]
    end

    subgraph Proof["4. Audit Receipt Generation"]
        Dispatch --> Signed1["Signed ALLOW Receipt (Successful call)"]
        EgressDeny --> Signed2["Signed DENY Receipt (Firewall Block)"]
        OpsAlert --> Signed3["Signed ESCALATE Receipt (Pending Manual Fix)"]

        Signed1 & Signed2 & Signed3 --> ProofGraph["Append to ProofGraph DAG Ledger"]
    end

    style Validate fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style SafeStop fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff
    style Dispatch fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff
    style EgressCheck fill:#dd6b20,stroke:#9c4221,stroke-width:2px,color:#fff

Source truth

• Kernel connector/tool-call boundary, receipts, conformance vectors, and fail-closed verdict terms: helm-ai-kernel/README.md, helm-ai-kernel/api/openapi/, helm-ai-kernel/sdk/ts/src/client.ts, and helm-ai-kernel/protocols/conformance/v1/test-vectors.json.
• Enterprise connector governance API tag, connector route surfaces, and commercial connector lifecycle management: helm-ai-enterprise/api/openapi/helm.openapi.yaml, helm-ai-enterprise/apps/console/src/router/routes.tsx, and helm-ai-enterprise/commercial/csr/.
• Enterprise connector UI and drift surface references: helm-ai-enterprise/packages/helm-ai-enterprise-design-system/src/routes/blueprints.ts and helm-ai-enterprise/packages/helm-ai-enterprise-design-system/src/agent-ui/component-registry.ts.