A fail-closed boundary for AI-agent actions.

HELM AI Kernel checks consequential tool calls before side effects run, records the verdict, and leaves evidence that can be verified later. Unknown MCP servers stay quarantined until a human approves them.

View GitHub Request Kernel evaluation

Public Apache-2.0

Inspect the source and evaluate locally.

Policy boundary

Consequential calls are checked before dispatch.

Receipts & evidence

Verdicts leave a reviewable record.

Run one action through the boundary.

Toggle the conditions that decide whether the request is allowed, escalated, or denied. The receipt changes with the verdict.

Request

Change IAM permission

actor: admin-agent
policy: iam_permission_change.v3
target: Identity provider

HELM checks

Verdict DENY

Fail-closed: human approval, connector scope missing for iam_permission_change.v3.

PermissionReceipt rcpt-demo-f703476e

Build from source. Keep the boundary visible.

The Kernel page gives builders a straight path from public source to local evaluation to receipt review.

GitHubCLIOpenAPISDKsSBOMllms.txt

git clone github.com/Mindburn-Labs/helm-ai-kernel
helm kernel status
helm verify receipt

Receipts make the decision reviewable.

After the model session ends, the record still shows what was requested, what HELM decided, and what evidence belongs with the decision.

verdict: ALLOW / DENY / ESCALATE
policy: policy snapshot
actor: request identity
receipt: recorded decision
signature: tamper check
EvidencePack: review bundle

Changed verdict - different digest.

See sample receipts and EvidencePacks

Start with one consequential action.

Bring one tool call, one policy, and one receipt requirement to the boundary.

View GitHub Request Kernel evaluation