GitHubPlain text over magic
Config is YAML you can read. Decisions are paths through rules you can trace. Nothing happens that you can't grep for.
The bet we're making
Helio is a bet on where AI agents are headed. We think the next few years will see agents move from chatbots into operators. The interesting question stops being how smart is the model and becomes who is allowed to do what.
Model providers won't fully answer that question. Their job is governing what their model says, not what your business does. The platforms agents touch (Stripe, Salesforce, your database) won't answer it either. They see one tool call at a time, with no context for whether it should have happened.
Someone has to build the layer in between. That layer should be open source, run on your own infrastructure, and treat governance the way modern teams treat code: declarative, versionable, reviewable. That's what we're building.
How we build
Six operating principles. They guide engineering decisions more than they guide marketing.
Boring is good
Predictable beats clever. Rules apply in the order you wrote them. No ML in the hot path, no inference, no surprises during incidents.
Local-first
You run Helio on your own infrastructure. Tool calls don't leave your network unless you choose to send them. We don't ingest your traffic.
Refuse, but explain
When Helio blocks an action it tells the agent what failed and what would unblock it. Errors should teach, not stonewall.
Compatibility over reinvention
MCP exists. We didn't invent a new protocol. The agents and the tools you already wired up should just work the day you drop Helio in.
One license, no tiers
Apache 2.0 covers everything: the proxy, the dashboard, the policy engine. No open-core upsell. No features held hostage for an enterprise contract.
Where the project is today
Helio is in beta. The proxy runs. The dashboard ships with it. A starter ruleset covers the common dangers (drops, refunds, deletes, deploys). We're adding integrations, sharpening defaults, and writing down lessons from teams already putting agents in production. If you find a bug, file an issue. If you want a rule we don't have, send a PR.