Security & Trust

TCB Policy

Threat model, TCB policy, credential security, supply chain, chaos testing, and compliance.

PublicSource-ownedMarkdown export

HELM Trust BoundaryEvery governed call produces receipts that can be inspected, exported, and verified.

Audience

Outcome

After this page you should know what this surface is for, which source files own the behavior, which public route or adjacent page to use next, and which validation command to run before changing the claim.

Source Truth

Public route: security/tcb-policy
Source document: helm-ai-enterprise/docs/public/security-and-trust/tcb-policy.md
Public manifest: helm-ai-enterprise/docs/public-docs.manifest.json
Source inventory: helm-ai-enterprise/docs/source-inventory.manifest.json
Validation: corepack pnpm run docs:coverage, corepack pnpm run docs:truth, and npm run coverage:inventory from docs-platform

Do not expand this page with unsupported product, SDK, deployment, compliance, or integration claims unless the inventory manifest points to code, schemas, tests, examples, or an owner doc that proves the claim.

Troubleshooting

Symptom	First check
A link or route is missing from the docs website	Check `docs/public-docs.manifest.json`, `llms.txt`, search, and the per-page Markdown export before changing navigation.
A claim is not backed by code or tests	Remove the claim or add the missing code, example, schema, or validation command before publishing.

Trust Computing Base Principles

Minimal Surface: Only code that directly handles tool execution authorization, cryptographic signing, and policy enforcement lives in the TCB.
Fail-Closed: All PEP (Policy Enforcement Point) boundaries default to deny. Unknown tools, unvalidated args, drifted outputs are all blocked.
Deterministic: All canonicalization uses RFC 8785 JCS. All hashes are SHA-256. All signing uses Ed25519. No randomness in the decision path.
Auditable: Every action produces a ProofGraph node with Lamport-clock ordering. Evidence packs can be exported and independently verified.

TCB Boundaries

                    ┌──────────────────────┐
   Untrusted        │     TCB Boundary     │      Trusted
                    │                      │
   LLM Output ────► │  PEP: Tool Args      │
                    │  Validation +        │──── Guardian PRG
   Connector   ◄─── │  Output Drift        │
   Response         │  Detection           │──── SafeExecutor
                    │                      │
   Human Input ────►│  Ceremony            │──── Crypto Signer
                    │  Validation          │
                    └──────────────────────┘

Adding Code to TCB

Any code addition to TCB packages requires:

Deterministic behavior (no goroutines, no time-dependent logic in decision path)
Test coverage > 80%
No external network calls
No dynamic loading (no plugins, no reflection-based dispatch)
Reviewed via helm-ai-kernel verify pack evidence export

Diagram

Diagram1. Ingestion & Context Plane -> Trust Computing Base Principles -> TCB Boundaries -> Adding Code to TCB -> Reader outcome -> 2. Evaluation & Policy Plane -> HELM TCB Policy

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        s0["Trust Computing Base Principles"]
        s1["TCB Boundaries"]
        s2["Adding Code to TCB"]
        output["Reader outcome"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        source["HELM TCB Policy"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> output

    %% Premium Styling Rules
    style source fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff

Mermaid source

flowchart TD
    subgraph Ingestion["1. Ingestion & Context Plane"]
        s0["Trust Computing Base Principles"]
        s1["TCB Boundaries"]
        s2["Adding Code to TCB"]
        output["Reader outcome"]
    end

    subgraph Evaluation["2. Evaluation & Policy Plane"]
        source["HELM TCB Policy"]
    end

    %% Operational Flow Edges
    source --> s0
    s0 --> s1
    s1 --> s2
    s2 --> output

    %% Premium Styling Rules
    style source fill:#2d3748,stroke:#4a5568,stroke-width:2px,color:#fff

Operational Readiness

Use this page as the public operating layer for TCB Policy. The source of truth is helm-ai-enterprise/docs/public/security-and-trust/tcb-policy.md; if this page and the implementation disagree, update the source-backed doc and rerun the validation command before publishing.

Before relying on this surface, confirm three things: the source path above still exists, the referenced commands or contracts are still present in the owning repo, and the docs-platform export surfaces still show this page in search, Markdown, llms-full.txt, and MCP without exposing protected routes.

Validation command: corepack pnpm run docs:coverage && corepack pnpm run docs:truth. For website parity, also run npm run exports:boundary and npm run thin-pages:check from docs-platform.

Expected Output

A reader should leave with a concrete next action, the source file or contract to inspect, the command that proves the claim, and a clear boundary for what is public versus protected. For reference pages, the expected output is a correctly scoped request, schema, command, or diagnostic path. For operations pages, the expected output is a reproducible readiness or failure signal that can be attached to an evaluation or support thread.

Failure Modes

If the validation command fails, do not patch this page in isolation. First identify whether the drift is in code, generated contracts, source-owner docs, or the docs manifest. If the public page needs a protected deep link, describe the protected document by name instead of exposing its route. Commercial operator details, tenant data, key ceremonies, and deployment-sensitive internals stay in protected customer or staff docs; this public page only exposes the safe developer contract.