HELMhelm-ai-enterprise
MCPLLMs

helm-ai-enterprise

HELM Launchpad App Store

HELM Launchpad is a workspace scoped app store for governed app launches in the Enterprise Console. This page is for Enterprise operators, platform teams, and evaluators who need to understand which Launchpad routes, app
PublicSource-ownedMarkdown export

HELM Launchpad is a workspace-scoped app store for governed app launches in the Enterprise Console.

Audience

This page is for Enterprise operators, platform teams, and evaluators who need to understand which Launchpad routes, approvals, policy packs, audit exports, and EvidencePack exports back the Console app-store surface.

Outcome

You should leave with the Enterprise Launchpad gate model, workspace API surface, approval defaults, retention defaults, and promotion rule for moving apps from catalog candidates to governed execution.

Source Truth

  • Console routes: apps/controlplane/internal/console/launchpad_routes.go
  • Launch lifecycle service: apps/controlplane/internal/console/launchpad_service.go
  • Durable run store: apps/controlplane/internal/console/launchpad_store.go
  • Catalog migration: apps/controlplane/migrations/006_launchpad_app_store.up.sql
  • Route/OpenAPI parity: apps/controlplane/internal/console/route_registry.go and api/openapi/helm.openapi.yaml
  • Kernel evidence source: helm-ai-kernel/docs/launchpad/final_report.json and helm-ai-kernel/docs/launchpad/v1_report.json
Diagram1. Ingestion & Context Plane -> Workspace catalog -> Revoke/delete -> 3. Execution & Verdict Plane -> Plan LaunchRun -> Execute gate -> 4. Tamper-Evident Ledger Plane -> Approval receipt
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        catalog["Workspace catalog"]
        revoke["Revoke/delete"]
    end

    subgraph Execution["3. Execution & Verdict Plane"]
        plan["Plan LaunchRun"]
        execute["Execute gate"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        approval["Approval receipt"]
        audit["Audit and EvidencePack refs"]
        teardown["Teardown receipt"]
        export["Tenant audit / EvidencePack export"]
    end

    %% Operational Flow Edges
    catalog --> plan
    plan --> approval
    approval --> execute
    execute --> audit
    execute --> revoke
    revoke --> teardown
    audit --> export

    %% Premium Styling Rules
    style plan fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style approval fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style execute fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style audit fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style teardown fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style export fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
Mermaid source
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        catalog["Workspace catalog"]
        revoke["Revoke/delete"]
    end

    subgraph Execution["3. Execution & Verdict Plane"]
        plan["Plan LaunchRun"]
        execute["Execute gate"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        approval["Approval receipt"]
        audit["Audit and EvidencePack refs"]
        teardown["Teardown receipt"]
        export["Tenant audit / EvidencePack export"]
    end

    %% Operational Flow Edges
    catalog --> plan
    plan --> approval
    approval --> execute
    execute --> audit
    execute --> revoke
    revoke --> teardown
    audit --> export

    %% Premium Styling Rules
    style plan fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style approval fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style execute fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style audit fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style teardown fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style export fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff

Strict GA behavior is fail-closed:

  • Planning creates a durable LaunchRun, GeneratedSpec, ActionProposal, approval request, retention ref, receipt refs, and EvidencePack refs.
  • Execution requires an approved approval receipt, kernel ALLOW, certification refs, retention refs, provider readiness, and offline-verifiable EvidencePacks.
  • DigitalOcean and Hetzner are dry-run by default. Live cloud mode requires explicit operator approval, provider secrets, idempotency reconciliation, and teardown receipts.
  • OpenClaw, Hermes, OpenCode, and Kilo Code are kernel oss_supported for signed local-container Launchpad execution after workflow 26198407296 produced signed image refs, conformance evidence, teardown receipts, and offline-verifiable EvidencePacks.
  • Codex, Claude Code, Cursor, and Junie are governed BYO adapters unless separate license/vendor/install/cloud certification passes.
  • local-container is a Docker baseline for trusted developer workloads, not a hostile-code isolation claim. Hardened tiers are explicit: Docker rootless/userns, Docker ECI, gVisor, Kata/Firecracker, or dedicated VM.
  • OpenRouter egress receipts prove CONNECT destination allowlisting. CONNECT payload contents are opaque unless a token-broker or model-gateway inspection mode is enabled.
  • WebSocket MCP is not a supported Launchpad transport; advertised MCP paths must be covered by mediation proof tests before publication.

API Surface

Workspace routes:

  • GET /api/v1/workspaces/{id}/launchpad/apps
  • GET /api/v1/workspaces/{id}/launchpad/substrates
  • GET /api/v1/workspaces/{id}/launchpad/matrix
  • POST /api/v1/workspaces/{id}/launchpad/plan
  • POST /api/v1/workspaces/{id}/launchpad/launch
  • GET /api/v1/workspaces/{id}/launchpad/launches
  • GET /api/v1/workspaces/{id}/launchpad/launches/{launch_id}
  • POST /api/v1/workspaces/{id}/launchpad/launches/{launch_id}/execute
  • POST /api/v1/workspaces/{id}/launchpad/launches/{launch_id}/repair
  • POST /api/v1/workspaces/{id}/launchpad/launches/{launch_id}/delete
  • POST /api/v1/workspaces/{id}/export
  • POST /api/v1/workspaces/{id}/evidence/export

Execute responses include approval refs, certification ref, retention ref, runtime handles, provider resource refs, redaction profile, and install mode when execution reaches RUNNING. Gate failures return 409 with blocked reasons and the updated launch state.

Audit export returns a redacted machine-readable launch record: workspace, app/substrate, state, policy verdict, approval refs, signed receipt refs, EvidencePack refs, retention ref, provider resource refs, and redaction profile. Evidence export returns receipt refs, EvidencePack refs, and the exact helm-ai-kernel verify --bundle <pack> command for offline proof.

Approval Defaults

Launchpad maps app execution to an approval tier before any side effect runs:

  • T0 plan, catalog, matrix, and evidence inspection routes are read-only and need no approval.
  • T1 local-container launch requires a workspace operator approval receipt.
  • T2 model egress, MCP side effects, or privileged local access require workspace admin approval.
  • T3 cloud launch, public egress, or cost exposure requires tenant admin approval plus a cost ceiling receipt.
  • T4 destructive repair, revoke, or force teardown requires dual control from tenant admin and security/admin roles.

Approval records carry tenant ID, workspace ID, requesting principal, approval principal, risk tier, app, substrate, policy verdict, receipt refs, EvidencePack refs, retention policy, and revoke/delete state.

Admin Workflows

Operators must be able to approve pending launches, reject requests, revoke active launches, force teardown with a receipt, export tenant audit trails, export EvidencePacks, verify EvidencePacks offline, rotate provider/model secrets, and inspect unreconciled cloud resources.

Retention Defaults

Launchpad keeps receipts for 400 days by default. EvidencePack manifests stay attached to audit records. Raw logs are excluded unless explicitly enabled, secrets are never retained, and tenant override may only increase retention or reduce raw-log capture.

Incident Playbook

Runbooks must cover leaked secret suspicion, stuck cloud resources, failed teardown, compromised artifacts, bad MCP servers/tools, tenant audit disputes, and evidence verification failure. The first response is containment: revoke the launch, rotate affected secrets, export receipts/EvidencePack manifests, reconcile cloud resources, and record the operator decision trail.

Production Promotion Rule

No app is cloud-installable because it appears in the catalog. Promotion requires:

  • signed OCI manifest from the executed artifact workflow
  • immutable GHCR digest reference
  • cosign signature ref
  • syft SBOM ref
  • grype or trivy vulnerability scan ref
  • license and redistribution proof
  • live local/container e2e to RUNNING
  • egress proxy receipt
  • teardown proof
  • offline EvidencePack verification from directory and tar
  • cloud provider sandbox create/retry/reconcile/teardown tests
  • secret-redacted logs
  • public proof redaction review

Enterprise Launchpad remains approval-gated even for supported kernel apps: tenant launch state, retention refs, route/OpenAPI parity, receipts, and EvidencePack refs are the canonical commercial record.

Troubleshooting

Condition Response
Plan returns blocked reasons Inspect the LaunchRun state, policy verdict, certification refs, and provider readiness before retrying.
Execute lacks approval Collect the required workspace, tenant, or dual-control approval receipt and retry through the same LaunchRun.
Evidence export is incomplete Keep the launch non-promotable until audit rows and EvidencePack manifests verify offline.
Teardown fails Revoke the launch, rotate affected secrets, reconcile provider resources, and attach the operator decision trail.