HELMHELM AI Enterprise
MCPLLMs

HELM AI Enterprise

HELM AI Enterprise

Commercial control plane overview for shared administration, evidence, identity, and operations.
PublicSource-ownedMarkdown export

HELM AI Enterprise is the organizational control plane around the HELM AI Kernel execution kernel. It is for teams that need shared administration, identity, approval workflows, retention, evidence export, and evaluator-ready security posture around governed AI execution.

Audience

This page is for enterprise evaluators, platform leaders, security architects, procurement reviewers, and operators deciding whether HELM can become the execution boundary for autonomous work.

Outcome

After reading this page, an evaluator should understand:

  • what stays in the OSS kernel and what the commercial control plane adds;
  • how Individual and Enterprise differ;
  • where Console, Console proof, SSO/RBAC, tenancy, SIEM, retention, deployment, and upgrades fit;
  • which evidence an enterprise reviewer can ask for before a pilot;
  • which pages contain exact APIs and trust details.

Control Plane Map

Diagram1. Ingestion & Context Plane -> HELM AI Kernel kernel -> Individual workspaces -> Console operations UI -> SSO / RBAC / SCIM -> SIEM export -> Retention and archival -> Enterprise admin
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        Kernel["HELM AI Kernel kernel"]
        Individual["Individual workspaces"]
        Console["Console operations UI"]
        SSO["SSO / RBAC / SCIM"]
        SIEM["SIEM export"]
        Retention["Retention and archival"]
        Enterprise["Enterprise admin"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        Receipts["Receipts and evidence"]
        Proof["Console proof routes"]
    end

    %% Operational Flow Edges
    Kernel --> Receipts
    Individual --> Kernel
    Console --> Individual
    SSO --> Individual
    SIEM --> Receipts
    Proof --> Receipts
    Retention --> Receipts
    Enterprise --> SSO
    Enterprise --> Retention

    %% Premium Styling Rules
    style Receipts fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style Proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
Mermaid source
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        Kernel["HELM AI Kernel kernel"]
        Individual["Individual workspaces"]
        Console["Console operations UI"]
        SSO["SSO / RBAC / SCIM"]
        SIEM["SIEM export"]
        Retention["Retention and archival"]
        Enterprise["Enterprise admin"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        Receipts["Receipts and evidence"]
        Proof["Console proof routes"]
    end

    %% Operational Flow Edges
    Kernel --> Receipts
    Individual --> Kernel
    Console --> Individual
    SSO --> Individual
    SIEM --> Receipts
    Proof --> Receipts
    Retention --> Receipts
    Enterprise --> SSO
    Enterprise --> Retention

    %% Premium Styling Rules
    style Receipts fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style Proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff

Source Truth

This commercial overview is a routing page. Exact operational details live in:

  • docs/public/product/agent-skills-governance.md
  • docs/public/product/console-api.md
  • docs/public/product/procurement.md
  • docs/public/product/rfp-answers.md
  • docs/public/product/regional-compat.md
  • docs/public/security-and-trust/security-model.md
  • docs/public/security-and-trust/threat-model.md
  • docs/11_API_REFERENCE.md

Do not use this page as a substitute for endpoint, policy, or deployment references.

Product Tiers

Tier Primary User What It Adds
OSS Kernel Developers and framework authors Local execution boundary, policy evaluation, receipts, verification, SDKs, MCP, OpenAI-compatible proxy.
Individual Product teams and internal platforms Workspaces, role models, approvals, API key management, shared policy bundles, audit trails, team administration.
Enterprise Regulated or large organizations Control plane governance, SSO/RBAC/SCIM path, tenancy controls, SIEM export, retention policies, certification evidence, deployment and upgrade support.

Commercial value comes from shared organizational control around the kernel, not from artificial OSS gaps.

Enterprise Capabilities

Control Plane

The control plane coordinates workspaces, policy bundle attachment, approval flows, key issuance, audit trails, and evidence export. It does not replace the kernel. The kernel remains the decision boundary.

Console

Console is the operational surface for inspecting decisions, receipts, approvals, policy versions, and workspace state. Evaluators should look for whether operators can answer "why was this action allowed?" without reading application logs.

Console Proof

The Console proof should expose security model, TCB, threat model, evidence pack semantics, SBOM/SLSA/Cosign material where available, OWASP mappings, and compliance pack references.

SSO, RBAC, and Tenancy

Enterprise deployments should align identity with the customer directory and map roles to concrete actions: administer workspace, issue keys, approve escalations, export evidence, and change policy. Tenancy should isolate workspaces, policy state, receipts, and exports.

SIEM, Retention, and Archival

Receipts and audit events are useful only when they leave the product cleanly. Enterprise posture requires export to security tooling, explicit retention policy, and archival behavior that survives vendor or model-provider changes.

Deployment and Upgrades

Enterprise reviewers should ask:

  1. Which components run in our network?
  2. Which components are hosted?
  3. How are policy bundles promoted?
  4. How are signing keys and evidence exports rotated?
  5. How are upgrades rolled back?
  6. What is the minimum evidence package for an audit?

Evaluator Checklist

Question Where to Verify
Can a developer integrate in under 10 minutes? Start guide
Can an auditor verify a receipt offline? Verify
What is in the trusted computing base? TCB Policy
What threats are modeled? Threat Model
Which APIs exist for operators? API Reference and Console API
How do procurement teams evaluate the product? Procurement FAQ and RFP Answers

Troubleshooting

Symptom Likely Cause Fix
Enterprise review stalls on "what is hosted?" Deployment model not stated for the pilot Write the chosen deployment model into the evaluation packet.
Security team cannot trace a decision Receipts are not exported or linked to policy versions Require receipt export and bundle hashes in pilot acceptance.
SSO/RBAC discussion stays abstract Roles are not tied to actions Map each role to workspace, approval, key, policy, and export permissions.
Compliance asks for a claim that is not in docs Claim has no source-truth page Add a source-backed doc or remove the claim.

Next Pages