HELMcompany-ai-os
MCPLLMs

company-ai-os

Proof and Replay

The Company AI OS loop is credible only if decisions remain reviewable after the action has run, been denied, or been escalated. HELM proof language should name the artifact: a receipt for the execution decision a ProofG
PublicSource-ownedMarkdown export

The Company AI OS loop is credible only if decisions remain reviewable after the action has run, been denied, or been escalated.

HELM proof language should name the artifact:

  • a receipt for the execution decision
  • a ProofGraph record for the proof trail
  • an EvidencePack slice for focused review
  • a policy or approval reference when relevant

Why receipts matter

A receipt records what was requested, which verdict was returned, and what proof pointer belongs to the decision. It gives operators and reviewers a bounded object to inspect instead of reconstructing the event from chat history.

ProofGraph posture

ProofGraph is a proof trail, not a public dump of company memory. Public docs should explain replay and review without implying sensitive raw artifacts are exposed.

EvidencePack posture

EvidencePacks are focused review bundles. They can collect receipts, policy snapshots, approval records, and context references for one event or review path.

Do not imply every low-risk action must always store the same heavy evidence bundle. The public point is proportional proof: high-risk work needs stronger review evidence.

Reviewer questions

For a consequential AI-assisted action, proof should help answer:

  • Who or what requested the action?
  • Which policy and approval state applied?
  • Was the verdict ALLOW, DENY, or ESCALATE?
  • Did a connector or external system receive the action?
  • Which record should be used for later review?

Diagram

Diagram1. Execution Interception Plane -> Proposed Tool Call Context -> PEP Boundary Interception -> 2. Cryptographic Receipt Creation -> Compile Verdict Payload Struct -> JCS Canonicalization (RFC 8785) -> Compute SHA-256 Signature Hash -> Asymmetric Signing (Ed25519/JWS)
flowchart TD
    subgraph Capture["1. Execution Interception Plane"]
        Request["Proposed Tool Call Context"] --> PEP["PEP Boundary Interception"]
        PEP --> Verdict{"Verdict: ALLOW, DENY, or ESCALATE"}
    end

    subgraph Receipt["2. Cryptographic Receipt Creation"]
        Verdict --> RawPayload["Compile Verdict Payload Struct"]
        RawPayload --> JCS["JCS Canonicalization (RFC 8785)"]
        JCS --> Hashing["Compute SHA-256 Signature Hash"]
        Hashing --> Sign["Asymmetric Signing (Ed25519/JWS)"]
        Sign --> SignedReceipt["Tamper-Evident Signed Receipt"]
    end

    subgraph Causality["3. ProofGraph DAG Causality Ledger"]
        SignedReceipt --> ProofGraph["Append to ProofGraph Session Chain"]
        
        subgraph DAGEdges["Causality Merkle Verification"]
            direction LR
            PrevHash["prev_hash Signature Linkage"]
            Lamport["Increment Lamport Clock"]
            PrevHash --> Lamport
        end
        ProofGraph --> DAGEdges
    end

    subgraph Verification["4. Offline EvidencePack & Replay"]
        DAGEdges --> Archiver["Compile Session Archive"]
        Archiver --> EvidencePack["EvidencePack Offline Bundle (.tar)"]
        EvidencePack --> Auditing["Operator Console Offline Auditing"]
        Auditing --> Replay["Deterministic Replay Validation Sandbox"]
    end

    style Verdict fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style SignedReceipt fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style EvidencePack fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff
Mermaid source
flowchart TD
    subgraph Capture["1. Execution Interception Plane"]
        Request["Proposed Tool Call Context"] --> PEP["PEP Boundary Interception"]
        PEP --> Verdict{"Verdict: ALLOW, DENY, or ESCALATE"}
    end

    subgraph Receipt["2. Cryptographic Receipt Creation"]
        Verdict --> RawPayload["Compile Verdict Payload Struct"]
        RawPayload --> JCS["JCS Canonicalization (RFC 8785)"]
        JCS --> Hashing["Compute SHA-256 Signature Hash"]
        Hashing --> Sign["Asymmetric Signing (Ed25519/JWS)"]
        Sign --> SignedReceipt["Tamper-Evident Signed Receipt"]
    end

    subgraph Causality["3. ProofGraph DAG Causality Ledger"]
        SignedReceipt --> ProofGraph["Append to ProofGraph Session Chain"]
        
        subgraph DAGEdges["Causality Merkle Verification"]
            direction LR
            PrevHash["prev_hash Signature Linkage"]
            Lamport["Increment Lamport Clock"]
            PrevHash --> Lamport
        end
        ProofGraph --> DAGEdges
    end

    subgraph Verification["4. Offline EvidencePack & Replay"]
        DAGEdges --> Archiver["Compile Session Archive"]
        Archiver --> EvidencePack["EvidencePack Offline Bundle (.tar)"]
        EvidencePack --> Auditing["Operator Console Offline Auditing"]
        Auditing --> Replay["Deterministic Replay Validation Sandbox"]
    end

    style Verdict fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style SignedReceipt fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style EvidencePack fill:#38a169,stroke:#276749,stroke-width:2px,color:#fff

Source truth

  • Kernel receipts, proof routes, replay verification, SDK receipt/proof headers, conformance evidence, and test vectors: helm-ai-kernel/README.md, helm-ai-kernel/api/openapi/, helm-ai-kernel/sdk/ts/src/client.ts, helm-ai-kernel/core/pkg/conform/, helm-ai-kernel/tests/conformance/, and helm-ai-kernel/protocols/conformance/v1/test-vectors.json.
  • Enterprise ProofGraph and EvidencePack API tags and commercial evidence storage: helm-ai-enterprise/api/openapi/helm.openapi.yaml and helm-ai-enterprise/commercial/evidence/.
  • Enterprise Console proof, receipts, evidence, replay, and audit surfaces: helm-ai-enterprise/apps/console/src/router/routes.tsx and helm-ai-enterprise/packages/helm-ai-enterprise-design-system/src/routes/blueprints.ts.