GitHub
Star on GitHubIt called an API you didn't expect
Your agent reaches a production database, a payment API, an admin endpoint. One hallucinated tool call is the difference between a demo and an incident.
Govern every tool call
your AI agent makes
Helio is an open-source MCP governance proxy for Claude, ChatGPT, Cursor, LangChain, CrewAI, and any agent that speaks MCP. Every tool call flows through Helio - policies, approvals, spend limits, audit log. No changes to your agent code or MCP servers.
Terminal
$ npx @gethelio/proxy init
▸ Scaffolding project in ./helio
Created helio.yaml
Created policies/default.yaml
✓ Done. Run npx @gethelio/proxy start to launch the proxy.
$ npx @gethelio/proxy start
Loading config from helio.yaml...
Registered 2 policy rules
✓ Proxy listening on :3100
✓ Dashboard at http://localhost:3100
Waiting for connections...
▸ Scaffolding project in ./helio
Created helio.yaml
Created policies/default.yaml
✓ Done. Run npx @gethelio/proxy start to launch the proxy.
$ npx @gethelio/proxy start
Loading config from helio.yaml...
Registered 2 policy rules
✓ Proxy listening on :3100
✓ Dashboard at http://localhost:3100
Waiting for connections...
Works with the agents you already use
- Claude
- ChatGPT
- Cursor
- LangChain
- LangGraph
- CrewAI
- AutoGen
- Any MCP-compatible agent
Why AI agents need governance
Things can go wrong the moment an agent gets real tools.
It spent money you didn't authorize
Agentic loops burn through API credits, spin up resources, and trigger billable transactions in seconds. Without spend caps, you find out from the invoice.
It modified data you can't undo
When something goes wrong, you need a complete record: what the agent did, what reasoning led there, what policy matched, who approved. Without an audit trail, you're guessing.
Five minutes from npx to governed
A YAML file. A proxy. No agent code changes.
MCP Client
Agent
Helio
Governance proxy
- Policy engine
- Evidence grounding
- Approval workflows
- Rate & spend limits
- Audit trail
- Self-repair feedback
MCP Server
Tools
MCP Client
Agent
Helio
Governance proxy
- Policy engine
- Evidence grounding
- Approval workflows
- Rate & spend limits
- Audit trail
- Self-repair feedback
MCP Server
Tools
Optional
Python SDK
thin · annotates calls
sideband
Helio sits between your agent and your tools as a transparent MCP proxy. Every call passes through.
1
Install
Scaffold helio.yaml and a starter ruleset that blocks common dangers.
$ npx @gethelio/proxy init2
Configure
Write rules in YAML - what to block, what needs approval, what to rate-limit.
# helio.yaml rules: - match: "tools/payments/*" action: require_approval - match: "tools/db/write" action: deny
3
Run
Start the proxy. Your dashboard ships with it - no separate install.
$ npx @gethelio/proxy start ✓ Proxy live on :3100 ✓ Dashboard at localhost:3100
What a working helio.yaml looks like:
helio.yaml
version: '1' upstream: url: 'http://localhost:3001/mcp' # Your existing MCP server listen: port: 3000 # Helio listens here policies: default: allow rules: # Block destructive operations - match: tool: 'delete_*' action: deny feedback: message: 'Destructive operations are disabled' # Rate limit expensive API calls - match: tool: 'search_*' action: rate_limit limits: max_calls: 100 window: 1h key: tool # Spend limit on payment tools - match: tool: 'create_payment' action: spend_limit limits: max_spend: field: '$.amount' limit: 5000 currency: 'GBP' window: 24h audit: storage: sqlite retention: 90d include_responses: true dashboard: enabled: true port: 3100 api_secret: '${HELIO_DASHBOARD_SECRET}'
Production-grade governance for AI agents
Declarative policies, human-in-the-loop approvals, evidence grounding, and a complete audit trail without changing your agent code or MCP servers.
Policy Engine
Declarative YAML rules that control which tools agents can call. Match by path, method, or custom attributes.
Approval Workflow
Route sensitive actions to humans via Slack, email, or dashboard. Configurable timeouts and escalation paths.
Audit Trail
Every tool call logged with full context - who requested it, what policy matched, whether it was approved, and the result.
Transaction Controls
Rate limits, spend caps, and budget alerts. Prevent runaway agents from burning through API credits.
Evidence Grounding
Capture the reasoning context that led to each tool call. Audit not just what happened, but why.
Protocol Native
Sits between any MCP client and server as a transparent proxy. No agent code changes required.
How Helio compares
Most options live inside a runtime or a vendor platform. Helio is a protocol-level proxy that works with any MCP agent you've already built.
Helio
Guild AI
JetStream
Cerbos
Platform-native
Features
Primary Buyer
Developer
Enterprise
Enterprise
Developer
Varies
Time to Value
5 minutes
Weeks
Weeks
Hours
Built-in
Open Source
Apache 2.0
Apache 2.0
Works with Existing Agents
Single platform
Approval Workflows
Partial
Transaction Controls
Basic
Basic
Full Audit Trail
Within runtime
Within runtime
Decision logs
Within platform
Cross-platform
Helio
Features
Primary Buyer
Developer
Time to Value
5 minutes
Open Source
Apache 2.0
Works with Existing Agents
Approval Workflows
Transaction Controls
Full Audit Trail
Cross-platform
See what your AI agents are actually doing
Open source, local-first, free. Scaffolds your config - one more command boots the proxy and dashboard.
$ npx @gethelio/proxy init