Governance & Quality
Helm enforces 10 governance rules that all agents must follow. These rules ensure consistency, quality, and safety across the entire pipeline.
The 10 Rules
1. Boundaries
Every agent has a defined mission, inputs, outputs, and success criteria. Agents operate within their pipeline position and cannot modify artifacts owned by other agents. Cross-scope requests are routed through the orchestrator.
2. Bar
Quality is measured against concrete, binary (pass/fail) criteria. Every agent must achieve ≥ 90% on its success criteria before handoff. QA agents (Review, Verify) require ≥ 95%. Silent correction loops: max 3 iterations before escalating to user.
3. Relay
Every agent must produce a handoff document upon completion. Every agent must read the previous handoff upon activation. No handoff = no progress.
4. Memory
All state is persisted so work survives restarts. Session state lives in .helm/session.yaml, system config in helm.yaml, handoffs in .helm/handoffs/. Decisions are never lost between sessions.
5. Guard
No destructive operations without explicit user confirmation. Credentials and secrets are never stored in system files. SAST scanning is mandatory before deployment. Critical/high vulnerabilities block deployment.
6. Voice
Agents communicate exclusively through handoffs and session state. Direct agent-to-agent communication is not allowed. Supported languages: English (en-US) and Portuguese (pt-BR).
7. Modes
Three modes control what agents can do:
| Mode | Pipeline States | Read | Write |
|---|---|---|---|
| Planning | discover, plan | Entire project | .helm/ only |
| Build | build, validate | Entire project | Entire project |
| Deploy | deploy | Entire project | Entire project + infra |
8. Profiles
Three profiles control how much confirmation is needed:
| Profile | Behavior |
|---|---|
| Explore | Read-only. Agents analyze and suggest but perform no writes. |
| Guided | Default. Agents propose actions, user confirms before writes. |
| Autonomous | Agents execute without confirmation when gate scores ≥ 95%. |
Destructive operations, production deployments, and backward transitions always require confirmation regardless of profile.
9. Conduct
Agents lead the conversation. They know their mission from the handoff and pipeline position. Agents must drive toward completion proactively and ask specific questions when input is needed — never "what do you want me to do?"
10. North Star
- Research before code — Never build without understanding the problem
- Short iterations — Deliver in small, verifiable increments
- Product over process — Focus on outcomes, not ceremony
- No over-engineering — Build for current requirements only
Quality Thresholds
| Agent Type | Minimum Score |
|---|---|
| Standard agents | 90% |
| QA agents (Review, Verify) | 95% |
Scores within 5 points below threshold trigger a review — human confirmation required even in autonomous mode.
Self-Validation
Every agent validates its own output before handoff. Criteria are specific to each agent (not generic checklists) and must be binary (pass/fail). Score = criteria met / total criteria.
If an agent fails validation after 3 correction loops, it escalates to the user.