HELMteams
MCPLLMs

teams

Policy Bundles

After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim. Public route:
PublicSource-ownedMarkdown export

Audience

Outcome

After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim.

Source Truth

  • Public route: product/policy-bundles
  • Source document: helm-ai-enterprise/docs/public/product/policy-bundles.md
  • Public manifest: helm-ai-enterprise/docs/public-docs.manifest.json
  • Source inventory: helm-ai-enterprise/docs/source-inventory.manifest.json
  • Validation: corepack pnpm run docs:coverage, corepack pnpm run docs:truth, and npm run coverage:inventory from docs-platform

Do not expand this page with unsupported product, SDK, deployment, compliance, or integration claims unless the inventory manifest points to code, schemas, tests, examples, or an owner doc that proves the claim.

Troubleshooting

Symptom First check
A link or route is missing from the docs website Check docs/public-docs.manifest.json, llms.txt, search, and the per-page Markdown export before changing navigation.
A claim is not backed by code or tests Remove the claim or add the missing code, example, schema, or validation command before publishing.

Overview

HELM's policy engine currently uses CEL rules defined inline in Go code. This guide describes the planned external policy bundle format for loading rules from files at runtime.

Bundle Format

Policy bundles are YAML files with CEL expressions:

# policy-bundle.yaml
apiVersion: helm.mindburn.run/v1
kind: PolicyBundle
metadata:
  name: production-policy
  version: "1.2.0"
  hash: "sha256:auto-computed-on-load"

rules:
  # Guardian-level rules (evaluated on every tool call)
  - id: require-approval-for-write
    action: "write.*"
    expression: |
      intent.risk_score < 0.7 || 
      has(artifacts, "type", "HUMAN_APPROVAL")
    verdict: DENY
    reason: "Write operations with risk > 0.7 require human approval"

  - id: budget-gate
    action: "*"
    expression: |
      state.budget_remaining > 10.0
    verdict: DENY
    reason: "Insufficient error budget"

  # PEP-level rules (post-execution validation)
  - id: output-size-limit
    action: "*"
    expression: |
      size(effect.output) < 1048576
    verdict: DENY
    reason: "Output exceeds 1MB limit"

  # Temporal rules
  - id: rate-limit
    action: "*"
    expression: |
      state.calls_per_minute < 100
    verdict: THROTTLE
    reason: "Rate limit exceeded"

Loading

import "github.com/Mindburn-Labs/helm-ai-enterprise/core/pkg/guardian"

// Load at startup
bundle, err := guardian.LoadPolicyBundle("policy-bundle.yaml")
if err != nil {
    log.Fatal("failed to load policy bundle:", err)
}

// Content-addressed version (GOV-001)
log.Printf("Policy version: %s", bundle.ContentHash())

// Apply to Guardian
g := guardian.NewGuardian(signer, prg, registry)
g.ApplyPolicyBundle(bundle)

Validation

Bundles are validated on load:

  1. Schema check — YAML structure matches expected format
  2. CEL compilation — All expressions must compile without errors
  3. Content hash — SHA-256 of canonical bundle content (for GOV-001)
  4. Signature verification — Optional Cosign/Ed25519 signature on bundle file

Roadmap

Phase Feature Status
1 YAML bundle format definition ✅ Defined
2 Bundle loader with CEL compilation Planned
3 Hot-reload on file change (fsnotify) Planned
4 Bundle signing and verification Planned
5 Remote bundle fetch (HTTP/Git) Planned

Diagram

Diagram1. Ingestion & Context Plane -> Overview -> Bundle Format -> Loading -> Validation -> Reader outcome -> 2. Evaluation & Policy Plane -> External Policy Bundle Loading (GOV-002)
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        s0["Overview"]
        s1["Bundle Format"]
        s2["Loading"]
        s3["Validation"]
        output["Reader outcome"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        source["External Policy Bundle Loading (GOV-002)"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> s3
    s3 --> output

    %% Premium Styling Rules
    style source fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
Mermaid source
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        s0["Overview"]
        s1["Bundle Format"]
        s2["Loading"]
        s3["Validation"]
        output["Reader outcome"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        source["External Policy Bundle Loading (GOV-002)"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> s3
    s3 --> output

    %% Premium Styling Rules
    style source fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff

Operational Readiness

Use this page as the public operating layer for Policy Bundles. The source of truth is helm-ai-enterprise/docs/public/product/policy-bundles.md; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing.

Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, llms-full.txt, and MCP without exposing protected routes.

Validation command: corepack pnpm run docs:coverage && corepack pnpm run docs:truth. For website parity, also run npm run exports:boundary and npm run thin-pages:check from docs-platform.

Expected Output

A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread.

Failure Modes

If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.