Helios field manual

Operator runbook · MCP and provenance

Connect, compile, and debug the boundary.

Configure a supported agent, trace raw evidence into cited pages, handle quotas and conflicts without loops, and prove that an export can reconstruct the vault.

This page never calls Helios APIs. Every terminal response is a labeled simulation with placeholder ids.

  1. Raw idCanonical source address
  2. Page sourcesExact provenance edge
  3. Trust gateHuman authority
  4. Export hashPortable verification
The operator path links a raw id to page provenance, human trust, and export verification.

See the response before you run the call.

Choose a preset to inspect a representative MCP exchange. The transcript is local, deterministic, and contains no real vault id or key.

SIMULATED · no network requests
$ vault_list {}

Choose a preset above to replace this local transcript.

No request is sent. No key is collected or stored.
Use the client's MCP tool interface for real calls.

These labels describe tool invocations, not shell commands provided by Helios. Keep real credentials in the supported client's environment or protected configuration.

Six checks from empty vault to reuse.

Progress is stored only in this browser under helios-onboarding-checklist-v1. No vault content, key, filename, or account identifier is recorded.

Operator progress

0 of 6 complete

Configure Streamable HTTP with a scoped Bearer key.

Production endpoint: https://usehelios.co/mcp. Set the raw hk_… value in HELIOS_API_KEY; do not put the word Bearer in the variable itself.

Codex

The CLI and TOML forms both preserve an environment-variable reference rather than writing the raw token into the MCP entry.

terminal · placeholders only
export HELIOS_API_KEY='hk_live_…'
codex mcp add helios \
  --url https://usehelios.co/mcp \
  --bearer-token-env-var HELIOS_API_KEY
codex mcp get helios
~/.codex/config.toml
[mcp_servers.helios]
url = "https://usehelios.co/mcp"
bearer_token_env_var = "HELIOS_API_KEY"

Claude Code

Use a project .mcp.json variable reference, set the environment before launch, approve the project server, then run /mcp to inspect status.

.mcp.json · no real key
{
  "mcpServers": {
    "helios": {
      "type": "http",
      "url": "https://usehelios.co/mcp",
      "headers": {
        "Authorization": "Bearer ${HELIOS_API_KEY}"
      }
    }
  }
}

The CLI header form resolves the variable before saving it. Prefer this project configuration or protect the generated local config and use a short-lived key.

GitHub Copilot CLI

Copilot supports remote HTTP plus explicit headers, but saves the resolved header to ~/.copilot/mcp-config.json. Keep that file private.

terminal · placeholders only
export HELIOS_API_KEY='hk_live_…'
copilot mcp add --transport http \
  --header "Authorization: Bearer $HELIOS_API_KEY" \
  --tools "*" \
  helios https://usehelios.co/mcp
copilot mcp get helios
Claude account connectors and Claude Desktop remain unsupported.

The account-brokered connector flow requires authless access or MCP OAuth discovery. Helios currently validates static vault Bearer keys and does not advertise OAuth metadata. Use Claude Code's HTTP/header configuration.

Fifteen verified MCP tools.

Search by purpose, argument, or tool name. The catalog itself remains visible when JavaScript is disabled.

15 of 15 tools

vault_list

List the vaults visible to the active key. Always begin here to establish scope.

required: none {}

vault_query

Return the strongest compiled evidence section and deterministic scores for a concrete question.

required: vaultId, question

vault_remember

Write a cited seedling page. Agent-authored pages do not receive human trust automatically.

required: vaultId, title, body, type

vault_source_add

Add one non-empty UTF-8 text source, up to 1 MiB, under a safe single filename.

required: vaultId, filename, content

vault_ingest_source

Start metered hosted compilation on Pro or Team. Acceptance is asynchronous.

required: vaultId, rawId

vault_new_sources

List raw sources still waiting in the new or uncompiled queue.

required: vaultId

vault_source_read

Read extracted text for the exact raw id before client-agent compilation.

required: vaultId, rawId

vault_read_raw

Backwards-compatible alias for vault_source_read.

required: vaultId, rawId

vault_validate

Validate required OKF pages and index links before review or release.

required: vaultId

vault_audit

Audit provenance, links, indexes, privacy scope, and raw references.

required: vaultId

vault_search

Run deterministic lexical search across visible compiled pages.

required: vaultId, q

vault_read_page

Read one visible vault-relative Markdown page.

required: vaultId, path

vault_log

Read the append-only operating journal; paginate with an optional cursor.

required: vaultId · optional: cursor

vault_pulse

Read validation, freshness, queue, backup, and capability signals.

required: vaultId

vault_propose_promotion

Request human review for a page. This tool never promotes it.

required: vaultId, path
Three read-only resources complete the connection.

vault://{vaultId}/index.md is the deterministic index, vault://{vaultId}/log.md is the journal rendered as Markdown, and vault://{vaultId}/AGENTS.md is the canonical live agent contract.

Carry the raw id across every provenance edge.

A filename is human context. The returned raw id is the canonical address used for reading, ingest, page sources, and internal citations.

  1. ADDSource intake

    vault_source_add returns raw metadata. Save its id as rawId.

  2. READExact evidence

    Pass vaultId + rawId to vault_source_read.

  3. WRITECited seedling

    Put the raw id in sources and the page's internal citation.

  4. REVIEWHuman check

    Reader resolves the raw edge so a human can compare the page with evidence.

  5. QUERYGrounded reuse

    vault_query returns the maintained evidence page and section.

vault_remember · example arguments
{
  "vaultId": "01…",
  "title": "OAuth rotation runbook",
  "type": "Source Summary",
  "sources": ["RAW_ID"],
  "body": "# Extracted\n\nRotate keys every 90 days.\n\n# Inferred\n\n(inferred) Schedule a reminder.\n\n# Citations\n\n- [Internal source](raw/RAW_ID/oauth-runbook.md)"
}
Do not fabricate raw/FILENAME or borrow another source's id.

Duplicate filenames can exist. Use the exact raw id returned for this source; the filename is only the final human-readable path segment.

Treat status codes as control flow.

Hosted compilation claims a raw source before dispatch. The safe response to a quota or conflict is explicit; blind retries waste time and can hide the real state.

Plan, quota, conflict, and retry behavior
Operation or stateExpected behaviorOperator response
vault_source_addAccepts one non-empty UTF-8 string up to 1 MiB with a safe filename; returns the raw id.Keep the returned id. Source storage is not proof of compilation.
Hobby hosted ingest402 quota_exceeded; Hobby includes zero hosted ingests.Do not retry. Use vault_source_read + vault_remember, or upgrade intentionally.
Pro or Team hosted ingestA 202 started response means the asynchronous job was accepted and metered.Follow vault_log and vault_pulse; do not treat acceptance as finished pages.
Source is ingesting or ingestedA duplicate start returns 409 ingest_conflict.Do not dispatch again. Inspect current state and existing output.
Source is failedThe failed state may be claimed for a retry, subject to plan quota.Review the error in Log, fix the cause, then retry once. Only failed sources are retry candidates.
Page quota exhaustedPage-creating writes return the plan's quota error rather than silently writing beyond entitlement.Correct unnecessary writes or change plan; do not loop vault_remember.

Hosted path

Asynchronous by design

Compilation may create two or three cited seedling candidates in 0-Inbox/. Completion is visible in the journal and UI queues, not inferred from the start response.

Client-agent path

Evidence remains explicit

The agent reads raw text, marks extracted and inferred claims, writes with exact sources, validates, queries, and requests human review.

Promotion is a human state transition.

Agent authority stops at a review request. That boundary remains true whether compilation happened in a connected client or the hosted pipeline.

Agent

Write a seedling

Draft a cited page, clearly distinguish extracted evidence from inference, and validate the vault.

Agent

Request review

Call vault_propose_promotion with the exact vault-relative page path.

Human gate

Compare evidence

Open Reader or Pulse, follow the raw citation, correct unsupported claims, and decide the trust state.

Shared reuse

Retrieve later

A later agent queries the maintained page under the same live contract and visibility rules.

Agents may propose; humans promote.

A 403 forbidden or human_gate on a trust-changing action is the boundary working as intended, not a reason to grant a broader agent key.

The archive proves what can leave.

Use Settings or GET /v1/vaults/:vaultId/export. The tar.gz carries reconstructable pages, visible raw evidence, complete logs, the agent contract, and checksummed inventories.

vault-export.tar.gz
├── index.md
├── AGENTS.md
├── log.md
├── log.json
├── export-manifest.json
├── raw-files/
│   ├── manifest.json
│   └── … original bytes
└── wiki/
    └── … reconstructed Markdown

Verify before calling it portable.

  • Markdown fidelity: original frontmatter and body bytes are reconstructed.
  • Raw fidelity: every visible raw source is exported byte-for-byte.
  • Complete record: log.json is not limited by API pagination; log.md stays human-readable.
  • Machine inventory: export-manifest.json records SHA-256, byte length, provenance sources, raw files, and generated artifacts.
  • Fail closed: export fails if a required raw object is missing or no longer matches its recorded size and hash.
  • Visibility boundary: private paths are excluded by the current endpoint and identified in the manifest.

Read the export contract →

Resolve the named boundary first.

Helios keeps API error codes as MCP tool errors. Read the code, verify scope, and change one condition before retrying.

MCP troubleshooting symptoms and actions
SymptomMeaningAction
401 unauthenticatedThe endpoint did not receive a valid active key.Confirm the value begins hk_, is active, and exists in the environment that launched the client. Codex's variable contains only the raw key.
402 quota_exceededThe plan or monthly meter does not include this operation.On Hobby, switch to source-read + remember. Otherwise inspect usage before changing plan or retrying.
409 ingest_conflictThe raw source is already compiling or already ingested.Inspect Pulse and Log. Do not start a duplicate; retry only after a reported failed state.
403 forbidden or human_gateThe role is too weak, the path is private, or the action requires a signed-in human.Use an agent-role key for source/write tools. Do not broaden an agent key to bypass trust; humans promote in the UI.
404 not_foundThe URL, vault scope, raw id, or page path does not resolve for this key.Use exactly https://usehelios.co/mcp, start with vault_list, and use ids returned by Helios.
Connected, but no toolsThe client may be using legacy SSE, stale environment, or an unapproved project server.Configure Streamable HTTP/type: "http", inspect client MCP status, approve when prompted, and restart after environment changes.
422 secret_detectedSource or page text matched credential material at the API boundary.Remove or redact the credential. Never weaken scanning to ingest a secret.
422 raw_text_unavailableA non-text upload has no client-readable extracted text.Use a textual source for client-agent compilation or a paid hosted compiler that supports the format.
Citation opens the wrong source or no sourceThe page used a filename guess, fabricated canonical path, or another source's id.Read raw metadata again and rewrite sources plus raw/RAW_ID/FILENAME with the exact returned raw id.
Claude connector cannot authenticateClaude account connectors and Desktop require an authless endpoint or MCP OAuth discovery.Use Claude Code today. OAuth consent, account linking, scoped issuance, refresh, and revocation must exist before remote connector support.
Rotate on suspected exposure.

Revoke the old key in Helios Settings, mint an expiring replacement, update the protected client environment, and restart the client. Do not paste the old value into logs or support material.