company-ai-os
Workstation Governance
HELM workstation governance covers local coding agent runs when the run is captured through a HELM adapter or selected effect wrapper. The public surface is manifest first: a run manifest, diff summary, validation outputPublicSource-ownedMarkdown export
HELM workstation governance covers local coding-agent runs when the run is captured through a HELM adapter or selected-effect wrapper. The public surface is manifest-first: a run manifest, diff summary, validation output, optional tool events, signed Agent Run Receipt, ProofGraph references, and EvidencePack references.
This does not mean HELM provides blanket control over local desktop activity. Direct actions that bypass the adapter, private browser sessions, local secrets, and proprietary hosted-agent internals remain outside the claim unless a future adapter proves a stronger surface through conformance.
flowchart TD
subgraph AgentSpace["1. Local Workstation Execution"]
Agent["Local Coding Agent Run (Codex / Claude Code)"] --> Wrapper["Selected-Effect Wrapper Intercept"]
subgraph Intercepts["Monitored Action Classes"]
direction LR
I1["Network Egress"]
I2["MCP Mutation"]
I3["Shell Operations"]
I4["Secret Reads"]
end
Wrapper --> Intercepts
end
subgraph Verification["2. Manifest-First Verification Engine"]
Intercepts --> Evaluator["Run Constraint Policy Check"]
Evaluator --> Decision{"Decision: ALLOW or DENY"}
Decision -->|Exec Plan Checked| RunCode["Execute in Container / Bounded Shell"]
RunCode --> CreateArtifacts["Generate Manifest, Diff Summary, & Event Logs"]
end
subgraph Receipt["3. Tamper-Proof Cryptographic Receipting"]
CreateArtifacts --> Signer["Emit Signed Agent Run Receipt"]
subgraph Refs["Merkle Ledger Registration"]
direction LR
R1["ProofGraph Indexing"]
R2["EvidencePack Packager"]
end
Signer --> Refs
end
subgraph ControlPlane["4. Enterprise Governance Sync"]
Refs --> Sync["Secure TLS Telemetry Ingestion"]
Sync --> Console["HELM Enterprise Console Portal"]
Console --> D1["Interactive Run Timeline"]
Console --> D2["Denied Attempt Audits"]
Console --> D3["Loop Execution Registry"]
end
style Decision fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
style Signer fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
style Console fill:#38a169,stroke:#276749,stroke-width:2px,color:#fffMermaid source
flowchart TD
subgraph AgentSpace["1. Local Workstation Execution"]
Agent["Local Coding Agent Run (Codex / Claude Code)"] --> Wrapper["Selected-Effect Wrapper Intercept"]
subgraph Intercepts["Monitored Action Classes"]
direction LR
I1["Network Egress"]
I2["MCP Mutation"]
I3["Shell Operations"]
I4["Secret Reads"]
end
Wrapper --> Intercepts
end
subgraph Verification["2. Manifest-First Verification Engine"]
Intercepts --> Evaluator["Run Constraint Policy Check"]
Evaluator --> Decision{"Decision: ALLOW or DENY"}
Decision -->|Exec Plan Checked| RunCode["Execute in Container / Bounded Shell"]
RunCode --> CreateArtifacts["Generate Manifest, Diff Summary, & Event Logs"]
end
subgraph Receipt["3. Tamper-Proof Cryptographic Receipting"]
CreateArtifacts --> Signer["Emit Signed Agent Run Receipt"]
subgraph Refs["Merkle Ledger Registration"]
direction LR
R1["ProofGraph Indexing"]
R2["EvidencePack Packager"]
end
Signer --> Refs
end
subgraph ControlPlane["4. Enterprise Governance Sync"]
Refs --> Sync["Secure TLS Telemetry Ingestion"]
Sync --> Console["HELM Enterprise Console Portal"]
Console --> D1["Interactive Run Timeline"]
Console --> D2["Denied Attempt Audits"]
Console --> D3["Loop Execution Registry"]
end
style Decision fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
style Signer fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
style Console fill:#38a169,stroke:#276749,stroke-width:2px,color:#fffWhat is governed
- Imported Codex or Claude Code-style artifact sets.
- Signed Agent Run Receipts.
- Deterministic ProofGraph mapping.
- Workspace-scoped draft edits represented in the receipt.
- Selected-effect decisions for network egress, MCP mutation, memory writes, recurring loops, shell operate, deploy/publish, secret read, and payment initiate requests.
- Memory writes with TTL and sensitivity.
- Recurring loops with schedule, max runtime, tool scope, and expiration.
Certification levels
| Level | Meaning |
|---|---|
| Observe-only | HELM can import artifacts and explain what happened after the run. |
| Selected-effect enforceable | HELM can allow or deny selected effects routed through the wrapper. |
| High-risk-effect capable | The adapter passes fixtures for memory, recurring loops, tainted context, and other high-risk classes. |
Operator path
- Run the local wrapper.
- Produce the artifact directory.
- Emit a signed Agent Run Receipt.
- Import the receipt into Enterprise Console.
- Review the run list, denied timeline, memory queue, and loop registry.
- Inspect EvidencePack and ProofGraph references offline.
- Run conformance certification for the adapter mode.
Source truth
- Product page:
helm-ai-enterprise/docs/public/product/workstation-governance.md - Operator workflow:
helm-ai-enterprise/docs/console/WORKSTATION_GOVERNANCE.md - Console routes:
helm-ai-enterprise/apps/controlplane/internal/console/workstation_routes.go - OpenAPI:
helm-ai-enterprise/api/openapi/helm.openapi.yaml - Kernel adapter examples:
helm-ai-kernel/examples/workstation/