helm-ai-enterprise
HELM Console
HELM Console is the commercial workspace surface for importing tool surfaces, drafting and activating policy, reviewing governed runs, replaying evidence, and exporting self hostable bundles. This page is the public docsHELM Console is the commercial workspace surface for importing tool surfaces,
drafting and activating policy, reviewing governed runs, replaying evidence, and
exporting self-hostable bundles. This page is the public docs entry point for the
source material under docs/console/.
Audience
Use this page if you are evaluating HELM AI Enterprise, designing a Console-backed workflow, or operating the hosted/control-plane deployment.
Outcome
You should understand the Console surfaces, the data flow from connector import to policy activation, and the source documents that back each behavior.
Console Lifecycle
flowchart TD
subgraph Ingestion["1. Ingestion & Context Plane"]
import["Import MCP / OpenAPI surface"]
graph["Build Tool Surface Graph"]
draft["draft"]
compile["Compile canonical bundle"]
export["Export workspace bundle"]
end
subgraph Execution["3. Execution & Verdict Plane"]
run["Run governed workflow"]
end
subgraph Ledger["4. Tamper-Evident Ledger Plane"]
replay["Replay receipts"]
end
%% Operational Flow Edges
import --> graph
draft --> compile
compile --> run
run --> replay
replay --> export
%% Premium Styling Rules
style run fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
style replay fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fffMermaid source
flowchart TD
subgraph Ingestion["1. Ingestion & Context Plane"]
import["Import MCP / OpenAPI surface"]
graph["Build Tool Surface Graph"]
draft["draft"]
compile["Compile canonical bundle"]
export["Export workspace bundle"]
end
subgraph Execution["3. Execution & Verdict Plane"]
run["Run governed workflow"]
end
subgraph Ledger["4. Tamper-Evident Ledger Plane"]
replay["Replay receipts"]
end
%% Operational Flow Edges
import --> graph
draft --> compile
compile --> run
run --> replay
replay --> export
%% Premium Styling Rules
style run fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
style replay fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fffPublic Console Surfaces
| Surface | Source truth | What to read |
|---|---|---|
| Product boundary | docs/console/PRODUCT_BOUNDARY.md |
What is OSS, hosted, public verification, and enterprise-only. |
| Run lifecycle | docs/console/RUN_LIFECYCLE.md |
How a workspace moves through import, policy, run, receipt, replay, and export. |
| Replay and receipts | docs/console/REPLAY_AND_RECEIPTS.md |
How Console exposes receipt review and replay evidence. |
| Workstation governance | docs/console/WORKSTATION_GOVERNANCE.md |
How local agent receipts, denied effects, memory writes, and loops appear in Console. |
| Deployment architecture | docs/console/DEPLOYMENT_ARCHITECTURE.md |
How Console fits into the enterprise control plane and deployment topology. |
| Export format | docs/console/EXPORT_FORMAT.md |
What a self-host export contains. |
| Security model | docs/console/SECURITY_MODEL.md |
Workspace isolation, evidence handling, and policy boundaries. |
| Execution scenarios | docs/console/EXECUTION_SCENARIOS.md |
Production verification fixtures and evaluator flows. |
| OSS vs hosted | docs/console/OSS_VS_HOSTED.md |
Boundary between the OSS kernel and hosted Console capability. |
Control Plane Boundary
Console is not the policy kernel. The kernel remains responsible for governed execution, receipts, verification, and evidence. Console provides workspace UX, import surfaces, policy authoring, replay views, and export flows around that kernel.
Source Truth
docs/console/PRODUCT_BOUNDARY.mddocs/console/RUN_LIFECYCLE.mddocs/console/REPLAY_AND_RECEIPTS.mddocs/console/WORKSTATION_GOVERNANCE.mddocs/console/DEPLOYMENT_ARCHITECTURE.mddocs/console/SECURITY_MODEL.mddocs/COMMERCIAL_OVERVIEW.md
Troubleshooting
| Symptom | Check |
|---|---|
| A workspace import does not show expected tools | Review the Tool Surface Graph import path and connector manifest. |
| A policy draft cannot activate | Check compile diagnostics, bundle hash, and required approvals. |
| Replay evidence is missing | Check receipt index materialization and export-bundle storage. |
| An evaluator asks whether a feature is OSS or hosted | Use docs/console/OSS_VS_HOSTED.md and docs/console/PRODUCT_BOUNDARY.md. |
Operational Readiness
Use this page as the public operating layer for HELM Console. The source of truth is helm-ai-enterprise/docs/public/product/console.md; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing.
Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, llms-full.txt, and MCP without exposing protected routes.
Validation command: corepack pnpm run docs:coverage && corepack pnpm run docs:truth. For website parity, also run npm run exports:boundary and npm run thin-pages:check from docs-platform.
Expected Output
A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread.
Failure Modes
If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.