Helmr: A Self-Hosted Coding Agent Runtime Platform

Helmr is an open-source self-hosted coding agent runtime platform designed to let development teams run AI coding agents safely on their own infrastructure. Key features include isolated execution environments via Firecracker, deep GitHub integration, human approval nodes, full task lifecycle management, and support for data sovereignty. This post breaks down its core aspects, architecture, security, and use cases.

Unlike cloud-based AI coding services, Helmr enables teams to run agent tasks in their own AWS accounts and GitHub environments, ensuring data control and compliance. It uses Go for the control plane and worker nodes, TypeScript for the task SDK, and Firecracker microVMs for isolation—balancing performance, security, and flexibility.

Helmr's core capabilities include:

1. Isolated Execution: Firecracker microVMs provide independent file systems and resource limits (CPU/memory) to prevent cross-task interference and contain malicious code.
2. GitHub Integration: Auto-checkout repos, GitHub App-based permissions, PR operations, and real-time workspace sync.
3. Approval Nodes: Pause tasks at critical steps (e.g., code changes) for human review before proceeding.
4. Run History: Full audit trails of task status, logs, events, and resource usage via the console UI.

Helmr's architecture consists of four main components:

• Control Plane: Go-based service handling task scheduling, state management, PostgreSQL persistence, and API services.
• Worker: Go-based node that receives tasks, starts Firecracker VMs, manages task lifecycle, and reports logs.
• SDK: TypeScript toolkit with task definition DSL, sandbox config API, image builder, and runtime client.
• Console UI: Web interface for task management, monitoring, log viewing, and approval operations.

Security:

• Key management: Secrets are injected at runtime from Vault; local sources (env/file) are blocked in remote runs.
• Checkpoint encryption: Requires HELMR_CHECKPOINT_ENCRYPTION_KEY for secure storage/transfer.
• Approval points: Sensitive actions (e.g., GitHub writes) need human confirmation.
• Payload-secret separation: Secrets never enter task payloads stored in the database.

Dev Experience:

• Nix toolchain for consistent dependencies (Go, Bun, PostgreSQL).
• Local dev commands: make dev (start control plane/console), make test/lint/build for testing.
• Console access at http://127.0.0.1:3000/dev/login for local sessions.

Deployment:

• Local: For task development/validation using local file systems.
• Remote: Production use with GitHub workspaces. Example commands: helmr deploy PATH/TO/TASK_PROJECT helmr run review-pr --repo OWNER/REPO --ref main --payload-json '{"prNumber":123}' --secret OPENAI_API_KEY=vault:OPENAI_API_KEY

Use Cases:

• Automated PR review with human approval.
• Batch code refactoring (e.g., dependency upgrades).
• Auto-generated documentation from code changes.
• Pre-commit security scans.

Comparison: Helmr stands out with:

• Self-hosted priority (data in own infrastructure).
• Firecracker-based isolation (lightweight yet secure).
• Built-in approval workflows.
• TypeScript-native task development.

Status: Early active development (API may change); Apache 2.0 licensed. Ideal for contributors, early adopters, and self-hosted evaluations. Future: Expected to become a key enterprise solution for AI coding agent deployment.