--- title: "HELM Console" canonical: "https://helm.docs.mindburn.org/product/console" source: "helm-ai-enterprise/docs/public/product/console.md" edit: "https://github.com/Mindburn-Labs/helm-ai-enterprise/edit/main/docs/public/product/console.md" section: "helm-ai-enterprise" access: "public" sensitivity: "public" last_reviewed: "2026-05-05" checksum_sha256: "sha256:75a9298af385af636aa5c4cd9ade82d961dd85cdb3bb1d3f10f9cca5ba17c0d8" build_timestamp: "2026-05-24T13:40:27.882Z" --- # HELM Console HELM Console is the commercial workspace surface for importing tool surfaces, drafting and activating policy, reviewing governed runs, replaying evidence, and exporting self-hostable bundles. This page is the public docs entry point for the source material under `docs/console/`. ## Audience Use this page if you are evaluating HELM AI Enterprise, designing a Console-backed workflow, or operating the hosted/control-plane deployment. ## Outcome You should understand the Console surfaces, the data flow from connector import to policy activation, and the source documents that back each behavior. ## Console Lifecycle ```mermaid flowchart TD subgraph Ingestion["1. Ingestion & Context Plane"] import["Import MCP / OpenAPI surface"] graph["Build Tool Surface Graph"] draft["draft"] compile["Compile canonical bundle"] export["Export workspace bundle"] end subgraph Execution["3. Execution & Verdict Plane"] run["Run governed workflow"] end subgraph Ledger["4. Tamper-Evident Ledger Plane"] replay["Replay receipts"] end %% Operational Flow Edges import --> graph draft --> compile compile --> run run --> replay replay --> export %% Premium Styling Rules style run fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff style replay fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff ``` ## Public Console Surfaces | Surface | Source truth | What to read | | --- | --- | --- | | Product boundary | `docs/console/PRODUCT_BOUNDARY.md` | What is OSS, hosted, public verification, and enterprise-only. | | Run lifecycle | `docs/console/RUN_LIFECYCLE.md` | How a workspace moves through import, policy, run, receipt, replay, and export. | | Replay and receipts | `docs/console/REPLAY_AND_RECEIPTS.md` | How Console exposes receipt review and replay evidence. | | Workstation governance | `docs/console/WORKSTATION_GOVERNANCE.md` | How local agent receipts, denied effects, memory writes, and loops appear in Console. | | Deployment architecture | `docs/console/DEPLOYMENT_ARCHITECTURE.md` | How Console fits into the enterprise control plane and deployment topology. | | Export format | `docs/console/EXPORT_FORMAT.md` | What a self-host export contains. | | Security model | `docs/console/SECURITY_MODEL.md` | Workspace isolation, evidence handling, and policy boundaries. | | Execution scenarios | `docs/console/EXECUTION_SCENARIOS.md` | Production verification fixtures and evaluator flows. | | OSS vs hosted | `docs/console/OSS_VS_HOSTED.md` | Boundary between the OSS kernel and hosted Console capability. | ## Control Plane Boundary Console is not the policy kernel. The kernel remains responsible for governed execution, receipts, verification, and evidence. Console provides workspace UX, import surfaces, policy authoring, replay views, and export flows around that kernel. ## Source Truth - `docs/console/PRODUCT_BOUNDARY.md` - `docs/console/RUN_LIFECYCLE.md` - `docs/console/REPLAY_AND_RECEIPTS.md` - `docs/console/WORKSTATION_GOVERNANCE.md` - `docs/console/DEPLOYMENT_ARCHITECTURE.md` - `docs/console/SECURITY_MODEL.md` - `docs/COMMERCIAL_OVERVIEW.md` ## Troubleshooting | Symptom | Check | | --- | --- | | A workspace import does not show expected tools | Review the Tool Surface Graph import path and connector manifest. | | A policy draft cannot activate | Check compile diagnostics, bundle hash, and required approvals. | | Replay evidence is missing | Check receipt index materialization and export-bundle storage. | | An evaluator asks whether a feature is OSS or hosted | Use `docs/console/OSS_VS_HOSTED.md` and `docs/console/PRODUCT_BOUNDARY.md`. | ## Operational Readiness Use this page as the public operating layer for **HELM Console**. The source of truth is `helm-ai-enterprise/docs/public/product/console.md`; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing. Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, `llms-full.txt`, and MCP without exposing protected routes. Validation command: `corepack pnpm run docs:coverage && corepack pnpm run docs:truth`. For website parity, also run `npm run exports:boundary` and `npm run thin-pages:check` from `docs-platform`. ### Expected Output A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread. ### Failure Modes If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.