HELMteams
MCPLLMs

teams

Workstation Governance

HELM workstation governance records what local coding agents did, what selected side effects were allowed or denied, and what evidence survived the run. It is designed for Codex, Claude Code, and similar developer workfl
PublicSource-ownedMarkdown export

HELM workstation governance records what local coding agents did, what selected side effects were allowed or denied, and what evidence survived the run. It is designed for Codex, Claude Code, and similar developer workflows where the first adapter is manifest-first and local-wrapper based.

The current boundary is deliberately narrow: HELM governs artifacts and selected effects that pass through its adapter or wrapper. It does not claim full desktop, browser session, kernel-level, or proprietary hosted-agent control.

Audience

Use this page if you are evaluating HELM for local coding-agent governance, operating the Enterprise Console workstation view, or deciding which adapter certification level is ready for a buyer-facing demo.

Outcome

After reading this page, you should know what HELM governs for Codex or Claude Code-style runs, what remains outside scope, how receipts reach Console, and which release checks prove the adapter boundary.

Flow

Diagram1. Ingestion & Context Plane -> Local wrapper -> HELM importer -> Enterprise Console -> 2. Evaluation & Policy Plane -> 3. Execution & Verdict Plane -> Run artifacts -> ALLOW receipt
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        wrapper["Local wrapper"]
        importer["HELM importer"]
        console["Enterprise Console"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        decision{"Selected effect?"}
    end

    subgraph Execution["3. Execution & Verdict Plane"]
        artifacts["Run artifacts"]
        allow["ALLOW receipt"]
        deny["DENY receipt"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        receipt["Signed Agent Run Receipt"]
        proof["ProofGraph and EvidencePack refs"]
    end

    %% Operational Flow Edges
    wrapper --> artifacts
    artifacts --> importer
    importer --> receipt
    receipt --> proof
    receipt --> console
    wrapper --> decision
    decision --> allow
    decision --> deny
    allow --> console
    deny --> console

    %% Premium Styling Rules
    style artifacts fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style receipt fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style decision fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style allow fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style deny fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff
Mermaid source
flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        wrapper["Local wrapper"]
        importer["HELM importer"]
        console["Enterprise Console"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        decision{"Selected effect?"}
    end

    subgraph Execution["3. Execution & Verdict Plane"]
        artifacts["Run artifacts"]
        allow["ALLOW receipt"]
        deny["DENY receipt"]
    end

    subgraph Ledger["4. Tamper-Evident Ledger Plane"]
        receipt["Signed Agent Run Receipt"]
        proof["ProofGraph and EvidencePack refs"]
    end

    %% Operational Flow Edges
    wrapper --> artifacts
    artifacts --> importer
    importer --> receipt
    receipt --> proof
    receipt --> console
    wrapper --> decision
    decision --> allow
    decision --> deny
    allow --> console
    deny --> console

    %% Premium Styling Rules
    style artifacts fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style receipt fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style proof fill:#2f855a,stroke:#276749,stroke-width:2px,color:#fff
    style decision fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff
    style allow fill:#3182ce,stroke:#2b6cb0,stroke-width:2px,color:#fff
    style deny fill:#e53e3e,stroke:#9b2c2c,stroke-width:2px,color:#fff

What HELM Governs

  • A signed Agent Run Receipt for an imported local run.
  • Deterministic ProofGraph mapping from manifest, tool events, diff summary, validation output, and receipt references.
  • EvidencePack references that can be inspected offline.
  • Workspace-scoped draft edits represented in the receipt.
  • Selected operate-class effects sent through the enforcement bridge, including network egress, MCP mutation, memory write, recurring loop registration, shell operate, deploy/publish, secret read, and payment initiate requests.
  • Memory writes as reviewable effects with TTL and sensitivity.
  • Recurring loops as high-risk effects with schedule, max runtime, tool scope, and expiration.

What HELM Does Not Govern

  • Direct actions that bypass the HELM adapter or wrapper.
  • Private Codex or Claude Code internals that are not exposed as artifacts.
  • Raw chat history, private browser sessions, secrets, or local credential material.
  • Every side effect on a workstation unless a future adapter proves that surface through conformance.
  • Proprietary hosted-agent behavior unless there is an enforceable adapter for that hosted surface.

Modes

Mode Meaning Typical buyer question it answers
Observe-only HELM imports artifacts and emits a receipt after the run. What happened, what changed, and what evidence survived?
Selected-effect enforceable HELM can allow or deny declared effects routed through the wrapper. Was this network, MCP, memory, loop, or publish action approved?
High-risk-effect capable HELM has conformance fixtures for memory, recurring loop, taint, and other high-risk effect classes. Can this adapter prove the effect classes we care about?

Operator Workflow

  1. Run the local Codex or Claude Code wrapper.
  2. Produce an artifact directory and signed Agent Run Receipt.
  3. View the receipt with the local CLI.
  4. Import the receipt or decision receipt into Enterprise Console.
  5. Review the run list, receipt detail, denied timeline, memory queue, and loop registry.
  6. Export or inspect the EvidencePack and ProofGraph references.
  7. Run conformance certification for observe-only, enforceable, or high-risk-effect-capable mode.

Console View

Enterprise Console exposes /workspaces/:workspaceId/workstation for the operator read model. The view shows run summaries, receipt details, denied effects, memory review items, and recurring loop registrations without rendering raw transcripts.

Source Truth

  • Console route registry: apps/controlplane/internal/console/route_registry.go
  • Workstation backend handlers: apps/controlplane/internal/console/workstation_routes.go
  • OpenAPI contract: api/openapi/helm.openapi.yaml
  • Console UI: apps/console/src/features/workstation/
  • Kernel adapter and conformance: helm-ai-kernel/core/pkg/workstation/
  • Adapter examples: helm-ai-kernel/examples/workstation/

Validation commands:

make openapi-route-parity
python3 scripts/check_documentation_truth.py

Troubleshooting

Symptom First check
A run is missing from Console Confirm the signed receipt was imported through /api/v1/workspaces/{id}/workstation/receipts/import.
A denied action does not appear in the timeline Confirm the wrapper wrote a decision receipt with the same run ID.
A memory write is not reviewable Confirm the artifact models it as a memory effect with TTL and sensitivity.
A buyer assumes full workstation control Re-state the adapter boundary: HELM governs artifacts and selected effects routed through the adapter or wrapper.