README
¶
HELM OSS Core Packages Source Owner
Audience
Use this file when you need to find the package that owns runtime, policy, receipt, verifier, evidence, MCP, sandbox, compliance, connector, or governance behavior.
Responsibility
core/pkg is the shared runtime library layer behind the OSS CLI and server. Public docs should not duplicate every package; they should link to the right source family and explain the externally supported behavior.
Package Families
- Boundary and policy:
boundary,policybundles,policyloader,celcheck,contracts,runtime. - Receipts and evidence:
receipts,evidence,proofgraph,merkle,ledger,verifier. - MCP and execution safety:
mcp,sandbox,runtime/sandbox,firewall,guardian,executor. - Identity and crypto:
identity,crypto,kms,rbac,auth,vcredentials. - Observability and operations:
metrics,otel,observability,tracing,audit. - Connectors and integrations:
connectors,integrations,registry,packs. - Compliance and governance:
compliance,governance,constitution,delegation.
Public Docs Owners
- Runtime and first-call flows:
helm-oss/developer-journey. - Architecture and trust boundary:
helm-oss/architecture. - Verification and receipts:
helm-oss/verification. - MCP behavior:
helm-oss/integrations/mcp. - Protocol and schema contracts:
helm-oss/reference/protocols-and-schemas.
Validation
Run:
make test
make docs-coverage
make docs-truth
Any public behavior claim must point to a package, test, schema, example, or generated API contract from this layer.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package a2a provides the Agent-to-Agent trust protocol for HELM.
|
Package a2a provides the Agent-to-Agent trust protocol for HELM. |
|
payments
Package payments implements the AP2 (Agent Payments Protocol) for HELM A2A.
|
Package payments implements the AP2 (Agent Payments Protocol) for HELM A2A. |
|
Package actiongraph provides signal-to-proposal conversion with dependency graphs.
|
Package actiongraph provides signal-to-proposal conversion with dependency graphs. |
|
Package actioninbox provides human governance and approval inbox for fail-closed execution control.
|
Package actioninbox provides human governance and approval inbox for fail-closed execution control. |
|
Package aibom provides AI Bill of Materials (AI-BOM) tracking for governed components.
|
Package aibom provides AI Bill of Materials (AI-BOM) tracking for governed components. |
|
Package api — RFC 7807 Problem Detail error responses for the HELM API.
|
Package api — RFC 7807 Problem Detail error responses for the HELM API. |
|
trust
Package trust provides HTTP API handlers for the Trust Registry.
|
Package trust provides HTTP API handlers for the Trust Registry. |
|
Package attention provides the People/Programs/Accounts routing layer for HELM.
|
Package attention provides the People/Programs/Accounts routing layer for HELM. |
|
Package audit — Timeline reconstruction.
|
Package audit — Timeline reconstruction. |
|
Package auth — apikey.go provides pre-shared API key authentication middleware.
|
Package auth — apikey.go provides pre-shared API key authentication middleware. |
|
Package authority defines the canonical authority evaluation contract for HELM.
|
Package authority defines the canonical authority evaluation contract for HELM. |
|
Package bridge provides KernelBridge — the composition layer that wires Guardian, Executor, ProofGraph, and Budget into a single governance call.
|
Package bridge provides KernelBridge — the composition layer that wires Guardian, Executor, ProofGraph, and Budget into a single governance call. |
|
estimate.go provides pre-execution cost estimation based on historical data.
|
estimate.go provides pre-execution cost estimation based on historical data. |
|
Package buildguard — Build Guard.
|
Package buildguard — Build Guard. |
|
Package bundles implements the HELM policy bundle runtime.
|
Package bundles implements the HELM policy bundle runtime. |
|
Package canonicalize provides RFC 8785 (JSON Canonicalization Scheme) compliant serialization for deterministic hashing of HELM artifacts.
|
Package canonicalize provides RFC 8785 (JSON Canonicalization Scheme) compliant serialization for deterministic hashing of HELM artifacts. |
|
Package celcheck validates CEL policy packs at compile time.
|
Package celcheck validates CEL policy packs at compile time. |
|
Package certification implements the HELM Agent Certification Framework.
|
Package certification implements the HELM Agent Certification Framework. |
|
admission
Package admission implements attestation-based admission control for packs and deployments.
|
Package admission implements attestation-based admission control for packs and deployments. |
|
Package channels provides the inbound channel gateway for multi-channel messaging.
|
Package channels provides the inbound channel gateway for multi-channel messaging. |
|
lark
Package lark provides the inbound channel adapter for Lark (Feishu) messaging.
|
Package lark provides the inbound channel adapter for Lark (Feishu) messaging. |
|
slack
Package slack provides the inbound channel adapter for Slack messaging.
|
Package slack provides the inbound channel adapter for Slack messaging. |
|
telegram
Package telegram provides the inbound channel adapter for Telegram messaging.
|
Package telegram provides the inbound channel adapter for Telegram messaging. |
|
api.go provides HTTP handlers for real-time compliance scoring.
|
api.go provides HTTP handlers for real-time compliance scoring. |
|
cftc
Package cftc implements CFTC compliance for AI agent governance.
|
Package cftc implements CFTC compliance for AI agent governance. |
|
compiler
Package compiler transforms legal obligations into executable CEL policies.
|
Package compiler transforms legal obligations into executable CEL policies. |
|
controls
Package controls provides the ControlsGraph — a directed graph linking obligations, controls, evidence types, checks, and compensating controls.
|
Package controls provides the ControlsGraph — a directed graph linking obligations, controls, evidence types, checks, and compensating controls. |
|
csr
Package csr implements the Compliance Source Registry (CSR) — a first-class product surface that defines every compliance source connector HELM integrates.
|
Package csr implements the Compliance Source Registry (CSR) — a first-class product surface that defines every compliance source connector HELM integrates. |
|
docs
Package docs implements compliance documentation generation for HELM.
|
Package docs implements compliance documentation generation for HELM. |
|
dora
Package dora implements EU DORA (Digital Operational Resilience Act) compliance.
|
Package dora implements EU DORA (Digital Operational Resilience Act) compliance. |
|
enforcement
Package enforcement integrates SCO with SwarmPDP for policy evaluation.
|
Package enforcement integrates SCO with SwarmPDP for policy evaluation. |
|
euaiact
Package euaiact implements EU AI Act (Regulation 2024/1689) compliance.
|
Package euaiact implements EU AI Act (Regulation 2024/1689) compliance. |
|
evidence
Package evidence provides the EvidencePack builder and dedicated receipt types.
|
Package evidence provides the EvidencePack builder and dedicated receipt types. |
|
fca
Package fca implements UK FCA (Financial Conduct Authority) compliance profile.
|
Package fca implements UK FCA (Financial Conduct Authority) compliance profile. |
|
gdpr
Package gdpr implements EU GDPR (General Data Protection Regulation) compliance profile.
|
Package gdpr implements EU GDPR (General Data Protection Regulation) compliance profile. |
|
hipaa
Package hipaa implements HIPAA compliance for AI agent governance.
|
Package hipaa implements HIPAA compliance for AI agent governance. |
|
jkg
Package jkg provides the Jurisdiction Knowledge Graph for compliance.
|
Package jkg provides the Jurisdiction Knowledge Graph for compliance. |
|
mica
Package mica implements EU MiCA (Markets in Crypto-Assets) compliance.
|
Package mica implements EU MiCA (Markets in Crypto-Assets) compliance. |
|
normalize
Package normalize provides canonical output models for compliance source adapters.
|
Package normalize provides canonical output models for compliance source adapters. |
|
obligations
Package obligations implements the two-tier obligations compiler.
|
Package obligations implements the two-tier obligations compiler. |
|
regwatch
Package regwatch implements K2.5-powered regulatory monitoring.
|
Package regwatch implements K2.5-powered regulatory monitoring. |
|
risk
Package risk provides automated third-party risk assessment for compliance.
|
Package risk provides automated third-party risk assessment for compliance. |
|
sec
Package sec implements SEC compliance for AI agent governance.
|
Package sec implements SEC compliance for AI agent governance. |
|
sox
Package sox implements SOX (Sarbanes-Oxley) compliance profile.
|
Package sox implements SOX (Sarbanes-Oxley) compliance profile. |
|
Package conform implements the HELM Conformance Standard v1.0 engine.
|
Package conform implements the HELM Conformance Standard v1.0 engine. |
|
adversarial
Package adversarial provides conformance-level adversarial test suites per §8.1 of the HELM Conformance Standard.
|
Package adversarial provides conformance-level adversarial test suites per §8.1 of the HELM Conformance Standard. |
|
gates
Package gates provides the gate implementations and a default registry.
|
Package gates provides the gate implementations and a default registry. |
|
Package conformance provides test fixtures for conformance verification.
|
Package conformance provides test fixtures for conformance verification. |
|
cases
Package cases provides concrete conformance test implementations with fixtures and generators for each test level.
|
Package cases provides concrete conformance test implementations with fixtures and generators for each test level. |
|
sandbox
Package sandbox provides the conformance test suite for SandboxActuator implementations.
|
Package sandbox provides the conformance test suite for SandboxActuator implementations. |
|
scenarios
Package scenarios implements the 6 canonical incident scenario tests specified in the HELM OSS Canonical Implementation Plan.
|
Package scenarios implements the 6 canonical incident scenario tests specified in the HELM OSS Canonical Implementation Plan. |
|
Package connector provides zero-trust enforcement for connectors.
|
Package connector provides zero-trust enforcement for connectors. |
|
connectors
|
|
|
arc
Package arc provides the HELM connector for ARC-AGI-3 benchmark environments.
|
Package arc provides the HELM connector for ARC-AGI-3 benchmark environments. |
|
github
Package github provides a HELM connector for the GitHub API.
|
Package github provides a HELM connector for the GitHub API. |
|
linear
Package linear provides a HELM connector for the Linear GraphQL API.
|
Package linear provides a HELM connector for the Linear GraphQL API. |
|
oauth2
Package oauth2 provides shared token management for HELM connectors that require OAuth2 authentication.
|
Package oauth2 provides shared token management for HELM connectors that require OAuth2 authentication. |
|
polymarket
Package polymarket provides a HELM connector for the Polymarket prediction market.
|
Package polymarket provides a HELM connector for the Polymarket prediction market. |
|
sandbox
Package sandbox provides a bridge between the legacy sandbox.Runner interface and the modern SandboxActuator contract.
|
Package sandbox provides a bridge between the legacy sandbox.Runner interface and the modern SandboxActuator contract. |
|
sandbox/daytona
Package daytona implements the SandboxActuator for Daytona sandboxes.
|
Package daytona implements the SandboxActuator for Daytona sandboxes. |
|
sandbox/e2b
Package e2b implements the SandboxActuator for E2B sandboxes.
|
Package e2b implements the SandboxActuator for E2B sandboxes. |
|
sandbox/opensandbox
Package opensandbox implements the SandboxActuator for Alibaba OpenSandbox.
|
Package opensandbox implements the SandboxActuator for Alibaba OpenSandbox. |
|
siem/datadog_logs
Package datadog_logs implements an OTel SpanExporter that translates helm-oss governance spans into Datadog Logs Intake events posted to /api/v2/logs.
|
Package datadog_logs implements an OTel SpanExporter that translates helm-oss governance spans into Datadog Logs Intake events posted to /api/v2/logs. |
|
siem/elastic_ecs
Package elastic_ecs implements an OTel SpanExporter that translates helm-oss governance spans into ECS-shaped documents posted to the Elasticsearch _bulk API.
|
Package elastic_ecs implements an OTel SpanExporter that translates helm-oss governance spans into ECS-shaped documents posted to the Elasticsearch _bulk API. |
|
siem/loki
Package loki implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Grafana Loki push events.
|
Package loki implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Grafana Loki push events. |
|
siem/splunk_hec
Package splunk_hec implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Splunk HTTP Event Collector (HEC) events.
|
Package splunk_hec implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Splunk HTTP Event Collector (HEC) events. |
|
siem/sumo
Package sumo implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Sumo Logic HTTP source events.
|
Package sumo implements an OTel SpanExporter that translates helm-oss governance spans (carrying OTel GenAI semconv attributes plus the helm.* governance namespace) into Sumo Logic HTTP source events. |
|
slack
Package slack provides a HELM connector for the Slack Web API.
|
Package slack provides a HELM connector for the Slack Web API. |
|
Package constitution provides Constitutional AI integration for HELM governance.
|
Package constitution provides Constitutional AI integration for HELM governance. |
|
Package context — Portable context and documentation bundles.
|
Package context — Portable context and documentation bundles. |
|
Receipts and Audit Types
|
Receipts and Audit Types |
|
actuators
Package actuators — Wallet, Message, FileMovement, Physical actuator contracts.
|
Package actuators — Wallet, Message, FileMovement, Physical actuator contracts. |
|
economic
Package economic — Extended economic primitives.
|
Package economic — Extended economic primitives. |
|
Package credentials - Google OAuth 2.1 provider implementation
|
Package credentials - Google OAuth 2.1 provider implementation |
|
hsm
Package hsm provides Hardware Security Module abstraction for HELM.
|
Package hsm provides Hardware Security Module abstraction for HELM. |
|
keystore
Package keystore provides the canonical key management interface for HELM.
|
Package keystore provides the canonical key management interface for HELM. |
|
mtls
Package mtls provides automatic mTLS certificate provisioning for HELM.
|
Package mtls provides automatic mTLS certificate provisioning for HELM. |
|
sdjwt
Package sdjwt implements SD-JWT (Selective Disclosure JWT) per RFC 9901.
|
Package sdjwt implements SD-JWT (Selective Disclosure JWT) per RFC 9901. |
|
shredding
Package shredding provides GDPR crypto-shredding for HELM.
|
Package shredding provides GDPR crypto-shredding for HELM. |
|
tee
Package tee provides Trusted Execution Environment (TEE) remote attestation for HELM.
|
Package tee provides Trusted Execution Environment (TEE) remote attestation for HELM. |
|
Package delegation implements multi-agent governance delegation for HELM.
|
Package delegation implements multi-agent governance delegation for HELM. |
|
Package delivery implements progressive delivery strategies for HELM releases.
|
Package delivery implements progressive delivery strategies for HELM releases. |
|
Package disclosure defines the public contracts for HELM's disclosure and redaction.
|
Package disclosure defines the public contracts for HELM's disclosure and redaction. |
|
Package edge provides a minimal Guardian runtime for resource-constrained environments (IoT, mobile, embedded, browser via WASM).
|
Package edge provides a minimal Guardian runtime for resource-constrained environments (IoT, mobile, embedded, browser via WASM). |
|
Package edgegovernance defines the public contracts for HELM's local-first edge governance.
|
Package edgegovernance defines the public contracts for HELM's local-first edge governance. |
|
Package effectgraph evaluates entire PlanSpec DAGs through the Guardian in a single pass, producing per-node verdicts before any execution begins.
|
Package effectgraph evaluates entire PlanSpec DAGs through the Guardian in a single pass, producing per-node verdicts before any execution begins. |
|
Package effects defines the public contract for the HELM effects gateway.
|
Package effects defines the public contract for the HELM effects gateway. |
|
Package envelope provides the kernel enforcement gate for the Autonomy Envelope.
|
Package envelope provides the kernel enforcement gate for the Autonomy Envelope. |
|
Package escalation provides the Escalation Manager — the runtime engine that handles human-in-the-loop judgment for acts classified as JUDGMENT_REQUIRED.
|
Package escalation provides the Escalation Manager — the runtime engine that handles human-in-the-loop judgment for acts classified as JUDGMENT_REQUIRED. |
|
ceremony
Package ceremony implements RFC-005 Approval Ceremony for HITL interactions.
|
Package ceremony implements RFC-005 Approval Ceremony for HITL interactions. |
|
Package evaluation defines the public contracts for the HELM Evaluation / Oracle layer.
|
Package evaluation defines the public contracts for the HELM Evaluation / Oracle layer. |
|
Package events provides the canonical event type catalog for the HELM runtime.
|
Package events provides the canonical event type catalog for the HELM runtime. |
|
Package evidence provides the Evidence Registry — the runtime engine that manages EvidenceContracts and verifies evidence submissions against them.
|
Package evidence provides the Evidence Registry — the runtime engine that manages EvidenceContracts and verifies evidence submissions against them. |
|
Package evidencepack provides deterministic evidence pack building, archiving, and storage for HELM.
|
Package evidencepack provides deterministic evidence pack building, archiving, and storage for HELM. |
|
retention
Package retention implements evidence pack retention policies.
|
Package retention implements evidence pack retention policies. |
|
Package executor provides EvidencePack production.
|
Package executor provides EvidencePack production. |
|
Package exportadmin manages enterprise evidence export requests.
|
Package exportadmin manages enterprise evidence export requests. |
|
Package federation implements L3 multi-org trust establishment, federation protocol, and cross-org policy inheritance for HELM.
|
Package federation implements L3 multi-org trust establishment, federation protocol, and cross-org policy inheritance for HELM. |
|
Package forensics defines the public contracts for HELM audit forensics.
|
Package forensics defines the public contracts for HELM audit forensics. |
|
Package forge implements the Forge mutation authority (ADR-004).
|
Package forge implements the Forge mutation authority (ADR-004). |
|
Package gateway defines the public auth contracts for the HELM MCP Gateway.
|
Package gateway defines the public auth contracts for the HELM MCP Gateway. |
|
genesis
|
|
|
ceremony
Package ceremony provides the VGL (Verified Genesis Loop) state machine and ceremony orchestrator for HELM OSS single-operator deployments.
|
Package ceremony provides the VGL (Verified Genesis Loop) state machine and ceremony orchestrator for HELM OSS single-operator deployments. |
|
Package governance provides the Deterministic CEL Profile (cel-dp-v1).
|
Package governance provides the Deterministic CEL Profile (cel-dp-v1). |
|
otel.go provides OpenTelemetry instrumentation for the Guardian pipeline.
|
otel.go provides OpenTelemetry instrumentation for the Guardian pipeline. |
|
Package identity implements agent identity certificates for HELM.
|
Package identity implements agent identity certificates for HELM. |
|
did
Package did implements W3C Decentralized Identifier (DID) support for HELM agents.
|
Package did implements W3C Decentralized Identifier (DID) support for HELM agents. |
|
did/method/jwk
Package jwk implements the did:jwk DID method driver.
|
Package jwk implements the did:jwk DID method driver. |
|
did/method/key
Package key implements the did:key DID method driver.
|
Package key implements the did:key DID method driver. |
|
iatp
Package iatp implements the Inter-Agent Trust Protocol handshake for HELM.
|
Package iatp implements the Inter-Agent Trust Protocol handshake for HELM. |
|
integrations
|
|
|
capgraph
Package capgraph compiles Integration Manifests into a Capability Graph IR.
|
Package capgraph compiles Integration Manifests into a Capability Graph IR. |
|
manifest
Package manifest defines the Integration Manifest v1 schema for HELM's Integration Fabric.
|
Package manifest defines the Integration Manifest v1 schema for HELM's Integration Fabric. |
|
receipts
Package receipts defines the IntegrationReceipt envelope — the standard proof-of-execution for every operation routed through the Integration Gateway.
|
Package receipts defines the IntegrationReceipt envelope — the standard proof-of-execution for every operation routed through the Integration Gateway. |
|
Package intent provides the Intent Studio for structured intent capture.
|
Package intent provides the Intent Studio for structured intent capture. |
|
Package intentcompiler transforms IntentTickets and raw task descriptions into enriched PlanSpec DAGs ready for effect graph evaluation.
|
Package intentcompiler transforms IntentTickets and raw task descriptions into enriched PlanSpec DAGs ready for effect graph evaluation. |
|
Package intervention defines the public contracts for HELM's Human Intervention Fabric.
|
Package intervention defines the public contracts for HELM's Human Intervention Fabric. |
|
Package kernel provides content-addressed blob storage for raw records.
|
Package kernel provides content-addressed blob storage for raw records. |
|
consistency
Package consistency implements causal consistency primitives for HELM.
|
Package consistency implements causal consistency primitives for HELM. |
|
cpi
Package cpi provides the Canonical Policy Index — a deterministic policy stack validator for the HELM kernel.
|
Package cpi provides the Canonical Policy Index — a deterministic policy stack validator for the HELM kernel. |
|
Package kms provides key management for credential encryption.
|
Package kms provides key management for credential encryption. |
|
Package lease manages the lifecycle of execution leases — bounded, time-limited allocations of sandbox resources for approved effect graphs.
|
Package lease manages the lifecycle of execution leases — bounded, time-limited allocations of sandbox resources for approved effect graphs. |
|
Package ledger — Immutable Append-Only Ledgers.
|
Package ledger — Immutable Append-Only Ledgers. |
|
llm
|
|
|
gateway
Package gateway provides the Local Inference Gateway (LIG).
|
Package gateway provides the Local Inference Gateway (LIG). |
|
Package manifest provides tool argument and output validation for the PEP (Policy Enforcement Point) boundary.
|
Package manifest provides tool argument and output validation for the PEP (Policy Enforcement Point) boundary. |
|
aip.go implements the Agent Identity Protocol (AIP) for verifiable delegation verification in the MCP gateway.
|
aip.go implements the Agent Identity Protocol (AIP) for verifiable delegation verification in the MCP gateway. |
|
Package memory — CKS-specific read/query logic.
|
Package memory — CKS-specific read/query logic. |
|
Package metrics provides a Prometheus-compatible metrics endpoint.
|
Package metrics provides a Prometheus-compatible metrics endpoint. |
|
Package observability — Unified Audit Timeline.
|
Package observability — Unified Audit Timeline. |
|
Package orgdna defines the public normative types for the HELM OrgDNA standard.
|
Package orgdna defines the public normative types for the HELM OrgDNA standard. |
|
Package otel provides OpenTelemetry integration for HELM governance telemetry.
|
Package otel provides OpenTelemetry integration for HELM governance telemetry. |
|
Package pack — Formal compatibility matrix specification.
|
Package pack — Formal compatibility matrix specification. |
|
packs
|
|
|
antispoof
Package antispoof provides a red-team pack that tests channel security by simulating spoofing attacks against AntiSpoofValidator implementations.
|
Package antispoof provides a red-team pack that tests channel security by simulating spoofing attacks against AntiSpoofValidator implementations. |
|
install
Package install provides the OSS, tenant-free runtime for installing, uninstalling, and rolling back HELM add-on packs from the core and community channels.
|
Package install provides the OSS, tenant-free runtime for installing, uninstalling, and rolling back HELM add-on packs from the core and community channels. |
|
Package pdp defines the Policy Decision Point abstraction.
|
Package pdp defines the Policy Decision Point abstraction. |
|
policy
|
|
|
lint
Package lint provides static analysis for HELM policy bundles.
|
Package lint provides static analysis for HELM policy bundles. |
|
reconcile
Package reconcile owns runtime policy reconciliation.
|
Package reconcile owns runtime policy reconciliation. |
|
suggest
Package suggest generates policy recommendations from ProofGraph analysis.
|
Package suggest generates policy recommendations from ProofGraph analysis. |
|
verify
Package verify provides policy verification using formal methods.
|
Package verify provides policy verification using formal methods. |
|
wasm
Executor runs compiled WASM policy modules using wazero with deterministic, sandboxed execution.
|
Executor runs compiled WASM policy modules using wazero with deterministic, sandboxed execution. |
|
Multi-language policy front-end registry.
|
Multi-language policy front-end registry. |
|
cedar
Package cedar provides the Cedar policy front-end for HELM policy bundles.
|
Package cedar provides the Cedar policy front-end for HELM policy bundles. |
|
rego
Package rego provides the OPA/Rego policy front-end for HELM policy bundles.
|
Package rego provides the OPA/Rego policy front-end for HELM policy bundles. |
|
Package policyloader provides GOV-002: external policy bundle loading.
|
Package policyloader provides GOV-002: external policy bundle loading. |
|
Package proofgraph implements the cryptographic ProofGraph DAG for HELM.
|
Package proofgraph implements the cryptographic ProofGraph DAG for HELM. |
|
aigp
Package aigp implements the AI Governance Proof (AIGP) Proof-Carrying Decision export format for HELM's ProofGraph.
|
Package aigp implements the AI Governance Proof (AIGP) Proof-Carrying Decision export format for HELM's ProofGraph. |
|
anchor
Package anchor provides transparency log anchoring for HELM's ProofGraph.
|
Package anchor provides transparency log anchoring for HELM's ProofGraph. |
|
attribution
Package attribution implements causal fault attribution for multi-agent failures using the ProofGraph.
|
Package attribution implements causal fault attribution for multi-agent failures using the ProofGraph. |
|
cloudevents
Package cloudevents implements CloudEvents v1.0 encoding for ProofGraph nodes.
|
Package cloudevents implements CloudEvents v1.0 encoding for ProofGraph nodes. |
|
condensation
Package condensation implements the HELM Proof Condensation engine.
|
Package condensation implements the HELM Proof Condensation engine. |
|
consensus
Package consensus implements Byzantine-fault-tolerant consensus for ProofGraph node batches.
|
Package consensus implements Byzantine-fault-tolerant consensus for ProofGraph node batches. |
|
crdt
Package crdt implements CRDT-based distributed replication for the ProofGraph.
|
Package crdt implements CRDT-based distributed replication for the ProofGraph. |
|
graphql
Package graphql provides a GraphQL query engine for the HELM ProofGraph.
|
Package graphql provides a GraphQL query engine for the HELM ProofGraph. |
|
Package provenance implements provenance-tagged context building for indirect prompt injection defense.
|
Package provenance implements provenance-tagged context building for indirect prompt injection defense. |
|
Package rbac implements role-based access control for HELM enterprise deployments.
|
Package rbac implements role-based access control for HELM enterprise deployments. |
|
Package receipts contains receipt-level test fixtures and integration checks.
|
Package receipts contains receipt-level test fixtures and integration checks. |
|
policies
Package policies provides per-EffectType receipt policy enforcement.
|
Package policies provides per-EffectType receipt policy enforcement. |
|
connectors
Package connectors provides connector release registry types, storage, lifecycle management, and verification for the HELM execution firewall.
|
Package connectors provides connector release registry types, storage, lifecycle management, and verification for the HELM execution firewall. |
|
skills
Package skills provides skill bundle registry types, storage, lifecycle management, and compatibility validation for the HELM execution firewall.
|
Package skills provides skill bundle registry types, storage, lifecycle management, and compatibility validation for the HELM execution firewall. |
|
Package releasegovernance defines the public contracts for HELM's release governance.
|
Package releasegovernance defines the public contracts for HELM's release governance. |
|
compare.go implements execution trace comparison for governance determinism verification.
|
compare.go implements execution trace comparison for governance determinism verification. |
|
Package runtime — ToolWrapper + ErrorTaxonomy.
|
Package runtime — ToolWrapper + ErrorTaxonomy. |
|
budget
Package budget provides compute budget types and enforcement for WASI sandbox execution.
|
Package budget provides compute budget types and enforcement for WASI sandbox execution. |
|
sandbox
Package sandbox — Credential Broker for sandboxed execution.
|
Package sandbox — Credential Broker for sandboxed execution. |
|
Package runtimeadapters provides the compatibility and interception layer for non-native agent runtimes (MCP, OpenClaw, generic HTTP tool callers).
|
Package runtimeadapters provides the compatibility and interception layer for non-native agent runtimes (MCP, OpenClaw, generic HTTP tool callers). |
|
a2a
Package a2a provides the HELM runtime adapter for Agent-to-Agent (A2A) protocol messages.
|
Package a2a provides the HELM runtime adapter for Agent-to-Agent (A2A) protocol messages. |
|
generic_http
Package generic_http provides the HELM runtime adapter for arbitrary HTTP tool callers.
|
Package generic_http provides the HELM runtime adapter for arbitrary HTTP tool callers. |
|
grpc
Package grpc provides the HELM runtime adapter for gRPC services.
|
Package grpc provides the HELM runtime adapter for gRPC services. |
|
mcp
Package mcp provides the HELM runtime adapter for Model Context Protocol (MCP) clients.
|
Package mcp provides the HELM runtime adapter for Model Context Protocol (MCP) clients. |
|
websocket
Package websocket provides the HELM runtime adapter for WebSocket connections.
|
Package websocket provides the HELM runtime adapter for WebSocket connections. |
|
Package saga implements multi-step transactional workflows with compensating actions for HELM governed execution.
|
Package saga implements multi-step transactional workflows with compensating actions for HELM governed execution. |
|
Package sandbox provides containerized execution for tool invocations.
|
Package sandbox provides containerized execution for tool invocations. |
|
Package scheduler provides automation scheduling for the HELM runtime.
|
Package scheduler provides automation scheduling for the HELM runtime. |
|
security
|
|
|
Package shadow implements static shadow-AI discovery — scanning a directory tree for unauthorized or un-governed agent SDK usage, MCP configurations, and API key patterns that indicate AI agent deployments not routed through HELM.
|
Package shadow implements static shadow-AI discovery — scanning a directory tree for unauthorized or un-governed agent SDK usage, MCP configurations, and API key patterns that indicate AI agent deployments not routed through HELM. |
|
Package signals implements the canonical typed signal ingestion layer for HELM.
|
Package signals implements the canonical typed signal ingestion layer for HELM. |
|
Package skills implements the Forge skill evolution system with governed promotion ladder.
|
Package skills implements the Forge skill evolution system with governed promotion ladder. |
|
Package slo implements service level objective tracking for HELM governance.
|
Package slo implements service level objective tracking for HELM governance. |
|
Package store implements append-only evidence storage with content addressing and hash chaining for audit trails.
|
Package store implements append-only evidence storage with content addressing and hash chaining for audit trails. |
|
objstore
Package objstore provides a content-addressed object store interface for storing evidence packs and other binary artifacts.
|
Package objstore provides a content-addressed object store interface for storing evidence packs and other binary artifacts. |
|
objstore/fs
Package fs implements the ObjectStore interface using the local filesystem.
|
Package fs implements the ObjectStore interface using the local filesystem. |
|
Package surface defines the public contracts for the HELM Surface Compiler.
|
Package surface defines the public contracts for the HELM Surface Compiler. |
|
Package tape provides the VCR Tape primitive per §5.
|
Package tape provides the VCR Tape primitive per §5. |
|
Package tenants implements multi-tenant isolation for HELM enterprise deployments.
|
Package tenants implements multi-tenant isolation for HELM enterprise deployments. |
|
ensemble.go implements multi-scanner voting for defense-in-depth.
|
ensemble.go implements multi-scanner voting for defense-in-depth. |
|
Package tooling provides canonical tool binding infrastructure.
|
Package tooling provides canonical tool binding infrastructure. |
|
Package tracing provides distributed tracing and observability primitives for HELM's AI execution firewall.
|
Package tracing provides distributed tracing and observability primitives for HELM's AI execution firewall. |
|
Package trust — Pack Certification Levels.
|
Package trust — Pack Certification Levels. |
|
registry
Package registry provides an event-sourced, lamport-indexed Trust Registry for HELM.
|
Package registry provides an event-sourced, lamport-indexed Trust Registry for HELM. |
|
Package truth defines the public contracts for HELM's Versioned Truth Registry.
|
Package truth defines the public contracts for HELM's Versioned Truth Registry. |
|
util
|
|
|
Package vcredentials implements W3C Verifiable Credential Data Model v2.0 for agent capability certificates.
|
Package vcredentials implements W3C Verifiable Credential Data Model v2.0 for agent capability certificates. |
|
Package verifier provides offline EvidencePack verification.
|
Package verifier provides offline EvidencePack verification. |
|
Package versioning provides semantic versioning for HELM public APIs.
|
Package versioning provides semantic versioning for HELM public APIs. |
|
Package witness implements the HELM Witness Network protocol.
|
Package witness implements the HELM Witness Network protocol. |
|
Package zkgov implements Zero-Knowledge Governance Proofs for HELM.
|
Package zkgov implements Zero-Knowledge Governance Proofs for HELM. |
|
proofmarket
Package proofmarket implements decentralized proof markets for HELM ZK governance proofs.
|
Package proofmarket implements decentralized proof markets for HELM ZK governance proofs. |
Click to show internal directories.
Click to hide internal directories.