Most agent frameworks allow agents to execute actions directly against systems (filesystem, APIs, shell commands, etc). That means governance is optional and enforcement is outside the execution path.
HELmR takes a different approach: agents cannot execute actions directly. Every action must pass through HELmR authorization and a controlled execution airlock.
The system enforces:
• mission budgets • capability tokens • deterministic authorization • controlled execution • agent termination with a tomb registry
The goal is to explore whether agent governance should look more like infrastructure (similar to IAM or API gateways) rather than relying on probabilistic guardrails.
Curious what people think about this architecture.
systems_arch•1h ago
Thanks for taking a look.
A big part of the motivation here was the idea that governance should sit in the execution path, not outside of it.
In this prototype, agents don’t execute actions directly against files, APIs, or shells. They have to go through an authorization step first, receive a capability token, and then execute through a controlled airlock.
The current prototype includes mission budgets, single-use tokens, controlled execution, runtime activity visibility, and termination with a tomb registry on violation.
I’m especially interested in feedback on whether this infrastructure-style approach makes sense for agent systems, or whether people think this problem should be handled some other way.