---
title: "HELM Operator Guide"
canonical: "https://helm.docs.mindburn.org/operations/operator-guide"
source: "helm-ai-enterprise/docs/public/operations/operator-guide.md"
edit: "https://github.com/Mindburn-Labs/helm-ai-enterprise/edit/main/docs/public/operations/operator-guide.md"
section: "helm-ai-enterprise"
access: "public"
sensitivity: "public"
last_reviewed: "2026-05-05"
checksum_sha256: "sha256:c3394d1736c9d25439ee53baeaac5bbd68a02b88687b8e4389d0e120d4817294"
build_timestamp: "2026-05-24T13:40:27.882Z"
---
# HELM Operator Guide

This page summarizes the public-safe operational material for HELM AI Enterprise.
It links the public docs site to the source documents under `docs/operations/`
without publishing credentials, customer-specific inventory, or private incident
details.

## Audience

Use this page if you operate HELM, evaluate deployment readiness, review backup
and restore posture, or need to understand promotion, rollback, and SLO
mechanics.

## Outcome

You should know the operator workflow, which source docs own each procedure, and
which checks to run before promotion or recovery.

## Operator Flow

```mermaid
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        inventory["Deployment inventory"]
        baseline["Baseline infrastructure"]
        deploy["Deploy / migrate"]
        observe["SLOs and perf budgets"]
        recover["Backup, restore, rollback"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        verify["Production verification"]
    end

    %% Operational Flow Edges
    inventory --> baseline
    baseline --> deploy
    deploy --> verify
    verify --> observe
    observe --> recover

    %% Premium Styling Rules
    style verify fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
```


## Canonical Release Readiness

Use the repository root as the release gate entrypoint for the active backend:

```bash
make release-readiness
docker compose up -d postgres helm-ai-enterprise helm-ai-enterprise-console
curl -fsS http://localhost:8080/health/live
curl -fsS http://localhost:8080/health/ready
```

What this verifies:

- `make release-readiness` runs the canonical Go tests for `core`, `commercial`, and `apps/controlplane`, the JS workspace typecheck/lint/test/build set, boundary verification, and documentation truth checks.
- `docker compose up -d postgres helm-ai-enterprise helm-ai-enterprise-console` exercises the local controlplane runtime path only.
- `/health/live` confirms process liveness; `/health/ready` confirms readiness before promotion or rollback decisions.

## Operational Domains

| Domain | Source truth | Public purpose |
| --- | --- | --- |
| Deployment inventory | `docs/operations/DEPLOYMENT_INVENTORY.md` | Track services, dependencies, and ownership. |
| Baseline infrastructure | `docs/operations/DROPLET_BASELINE.md`, `docs/operations/TERRAFORM.md` | Explain infrastructure baseline and IaC expectations. |
| Deployment and chart | `docs/operations/DEPLOY_RUNBOOK.md`, `docs/operations/HELM_CHART.md` | Describe rollout prerequisites and Kubernetes chart operation. |
| Migration and versioning | `docs/operations/MIGRATIONS.md`, `docs/operations/VERSIONING.md` | Keep data and API changes ordered. |
| Promotion | `docs/operations/PROMOTION_RULES.md`, `docs/operations/PROD_VERIFICATION.md` | Define release promotion and verification checks. |
| Observability | `docs/operations/slos.md`, `docs/operations/PERF_BUDGETS.md`, `docs/public/observability/observability.md` | Explain service health and budget enforcement. |
| Recovery | `docs/operations/DR_RESTORE.md`, `docs/operations/RESTORE_DRILL.md`, `docs/operations/runbooks/ROLLBACK.md` | Prepare backup, restore, and rollback paths. |

## Public-Safe Boundary

The docs site exposes operational concepts, checks, and source links. It does
not publish secrets, private inventory values, customer-specific incident data,
or active credentials. When a source runbook contains environment-specific
material, the public page summarizes the invariant and points operators back to
their controlled repository access.

## Source Truth

- `docs/operations/README.md`
- `docs/operations/PROMOTION_RULES.md`
- `docs/operations/PROD_VERIFICATION.md`
- `docs/operations/DR_RESTORE.md`
- `docs/operations/runbooks/ROLLBACK.md`
- `docs/public/observability/observability.md`

## Troubleshooting

| Symptom | First check |
| --- | --- |
| Release cannot promote | Confirm promotion rules, SLO state, and production verification results. |
| Migration order is unclear | Review `MIGRATIONS.md` and versioning policy before applying. |
| Restore path is uncertain | Run the restore drill against controlled non-production data first. |
| Runtime is healthy but evidence is missing | Check observability, tracing, and receipt index materialization. |
| A duplicate backend or standalone proof service reappears in CI or docs | Run `make docs-truth` and `bash scripts/ci/22_console_unification_guard.sh`; the gates block split Console surfaces. |

## Operational Readiness

Use this page as the public operating layer for **HELM Operator Guide**. The source of truth is `helm-ai-enterprise/docs/public/operations/operator-guide.md`; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing.

Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, `llms-full.txt`, and MCP without exposing protected routes.

Validation command: `corepack pnpm run docs:coverage && corepack pnpm run docs:truth`. For website parity, also run `npm run exports:boundary` and `npm run thin-pages:check` from `docs-platform`.

### Expected Output

A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread.

### Failure Modes

If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.