Helix StudioGenome IDE
← Docs
Helix CLI docs
Browse Helix CLI docs

Enterprise Evaluation Guide (software-only)

This guide is for a technical buyer evaluating Helix as a deterministic, in‑silico decision system:

  • Helix Desktop/CLI produces offline‑verifiable bundles.
  • Helix Teams/Registry provides a deployable shared spine (RBAC + artifact store + proof URLs).

Time target: ~60 minutes.

What you should verify

  1. A local demo produces a deterministic bundle you can verify offline.
  2. Teams accepts an authenticated run, stores receipts/blobs, and serves a proof URL.
  3. Observability endpoints are present (/healthz, /metrics).
  4. Optional: enterprise auth boundary (OIDC JWT) works in your environment.

Prereqs

  • Python 3.11+ and pip
  • Optional (recommended for Teams evaluation): Docker + Docker Compose v2

1) Install Helix (CLI/Desktop lane)

pip install -U "helix-governance[viz,protein,schema]"
helix --version

2) Run a local demo and verify (offline)

helix demo run --demo-id crispr --outdir out/demo_crispr --zip
helix verify --deterministic --json-out out/demo_crispr_verify.json out/demo_crispr.zip

You should end with:

  • out/demo_crispr.zip (shareable bundle)
  • out/demo_crispr_verify.json (machine-readable verification receipt)

3) Start Teams/Registry

Pick one lane.

Lane A: Local process (no Docker)

Terminal 1 (initialize a DB + admin token):

mkdir -p out/teams
helix teams init --db out/teams/teams.db --workspace default --project default > out/teams/init.json

Terminal 1 (run server):

helix teams serve --db out/teams/teams.db --blobs out/teams/blobs --host 127.0.0.1 --port 8787

Terminal 2 (configure client env):

export HELIX_REGISTRY_URL=http://127.0.0.1:8787
export HELIX_REGISTRY_TOKEN="$(python - <<'PY'
import json
print(json.load(open("out/teams/init.json", encoding="utf-8"))["adminToken"])
PY
)"

Lane B: Docker Compose (closer to production posture)

Use either:

  • deploy/docker-compose.yml (build from source), or
  • deploy/docker-compose.image.yml (pull a prebuilt ghcr.io/.../helix-teams:<tag> image)

Then:

docker compose -f deploy/docker-compose.yml up -d minio helix-teams
docker compose -f deploy/docker-compose.yml run --rm helix-init > out/teams/init.json
export HELIX_REGISTRY_URL=http://127.0.0.1:8787
export HELIX_REGISTRY_TOKEN="$(python - <<'PY'
import json
print(json.load(open("out/teams/init.json", encoding="utf-8"))["adminToken"])
PY
)"

4) Run the remote lane (push a validation pack)

Extract workspace/project ids from out/teams/init.json:

python - <<'PY'
import json
d = json.load(open("out/teams/init.json", encoding="utf-8"))
print("workspace_id=", d["workspace"]["workspaceId"])
print("project_id=", d["project"]["projectId"])
PY

Then run:

helix teams push-pack \
  --server "${HELIX_REGISTRY_URL}" \
  --token "${HELIX_REGISTRY_TOKEN}" \
  --workspace-id "<WORKSPACE_ID>" \
  --project-id "<PROJECT_ID>" \
  --pack signed_plugin_trust_chain_v1 \
  --deterministic

Expected output includes:

  • runId
  • proofUrl (shareable link to the stored run + digests)

5) Observability checks

curl -fsS "${HELIX_REGISTRY_URL%/}/healthz"
curl -fsS "${HELIX_REGISTRY_URL%/}/metrics" | head

If you enable metrics auth (HELIX_TEAMS_METRICS_MIN_ROLE), include a bearer token header on the scrape.

6) Optional enterprise checks

OIDC JWT auth (RS256)

See Teams v0 docs for env vars:

  • HELIX_TEAMS_OIDC_ISSUER, HELIX_TEAMS_OIDC_AUDIENCE
  • one of: HELIX_TEAMS_OIDC_JWKS_PATH / HELIX_TEAMS_OIDC_JWKS_URL / HELIX_TEAMS_OIDC_DISCOVERY_URL

Seat reporting

helix teams seats --server "${HELIX_REGISTRY_URL}" --token "${HELIX_REGISTRY_TOKEN}" --json

Audit export (offline, deterministic bundle)

Teams records append-only audit events for mutating actions; export is a signed, deterministic bundle via:

  • helix teams audit-export ... (see Teams v0 docs)