Helix StudioGenome IDE
← Docs
Helix CLI docs
Browse Helix CLI docs

Teams v0 (artifact store + run registry + RBAC)

Teams v0 turns Helix’s trust engine into a workspace: every run produces immutable, signed receipts that are searchable and shareable.

What exists today (minimal scaffold)

  • Content-addressed artifact store: blobs are stored by SHA-256; server enforces hash on upload when provided and never overwrites an existing digest.
  • Run registry (SQLite): runs point to verdict + summary digests (and optional artifact digests).
  • RBAC (bearer tokens): roles are viewer, runner, approver, admin.
  • Audit log: mutating actions write an append-only audit row (DB table).
  • Shareable proof link: each run has a read-only proof URL (/r/<run_id>?token=...) that renders verdict status + digests + summary.

This is intentionally small: it’s the spine you can harden into a real Teams product (workspaces/projects/RBAC UI, job queue, retention enforcement, SSO).

Quickstart (local dev)

Initialize a Teams DB and create an admin token + a default workspace/project:

helix teams init --db out/teams/teams.db --workspace default --project default

Start the server:

helix teams serve --db out/teams/teams.db --blobs out/teams/blobs --host 127.0.0.1 --port 8787

Issue a runner token (offline helper; for real deployments this would be a managed admin workflow):

helix teams token --db out/teams/teams.db --user runner1 --role runner

Run a validation pack as a “remote lane” and upload the receipts:

helix teams push-pack \
  --server http://127.0.0.1:8787 \
  --token <RUNNER_TOKEN> \
  --workspace-id <WORKSPACE_ID> \
  --project-id <PROJECT_ID> \
  --pack signed_plugin_trust_chain_v1 \
  --deterministic

The command prints a proofUrl you can open in a browser and share.

Acceptance gate (Teams contract)

Teams becomes sellable when a deployment can:

  1. run the public validation packs via the remote lane
  2. store receipts/artifacts in the artifact store
  3. register runs in the registry
  4. verify receipts against the published reference validation bundle

Treat the published reference bundle as non-negotiable platform contract tests for every Teams deployment.