Helix–TTD Integration Memo

Conformance Checklist (Weekly Runbook)

Memory Integrity

• Qdrant container (ai-qdrant-1) running and healthy
• Collection ttd_memory_v2 exists
• Point count matches expected growth (log drift if count drops)

Consent & Oversight

• Consent-shadow log service active on :9120
• Envoy forward proxy (helix-envoy) running on :15001
• Logs contain “shadow allow/block” entries for outbound requests
• No irreversible actions (deletes, purges, shutdowns) without explicit human approval

Auditability

• helix-stats runs without error (OLLAMA_MODELS fix in place)
• Open WebUI container (ai-openwebui-1) healthy on :3000
• /_app/version.json shows correct upstream commit
• Internal deployment version label (e.g. B0.x.xx) matches compose override

Ethos Guardrails

• No hidden training on private data
• No dark pattern UI in WebUI
• No unverifiable claims in logs / release notes
• No irreversible actions performed without “consent receipts”

Essay: Integrating TTD into Helix

1. Retiring the Legacy Shell

We began by retiring the old TTD v3.6.4 Nginx container running on port 8088. It had served as a static demonstration of TTD, but no longer aligned with Helix’s live governance model. Removing it clarified the distinction between legacy proofs-of-concept and the ethos-driven system now in operation.

2. Anchoring Memory in Qdrant

TTD’s “Verifiable Memory” principle is embodied in Qdrant. The ttd_memory_v2 collection holds Helix’s memory artifacts as queryable, auditable records. Even with legacy containers removed, memory persisted, proving continuity and reproducibility. By checking the point count (33 at last audit), Helix validates not just uptime but the chain of trust across upgrades.

3. Consent as a Gate, Not a Guess

Envoy was integrated as a forward proxy with a consent-shadow service. Every outbound request is either allow-listed or shadow-logged. Nothing is blocked yet—consent is observed before it is enforced. This separation of observation and enforcement reflects TTD’s *Consent & Least Privilege* while preserving graceful degradation.

4. Auditability as Default

Scripts like helix-stats were hardened, containers pinned with explicit version tags (B0.6.33), and metadata surfaced in both upstream (/_app/version.json) and internal (Docker labels). These receipts enable replay, provenance checks, and claim validation. Auditability is not optional—it is a default property of operations.

5. Human Oversight as Guardrail

At each irreversible step—retiring a container, editing compose files, exposing ports—explicit human confirmation was required. Nothing was automatic or silent. This enforces the ethos guardrail: *No irreversible actions without human confirmation*. Helix serves human judgment, not replaces it.

6. Longevity and Interoperability

By cleaning up old services and ensuring the core stack (Open WebUI, Ollama, Qdrant, Envoy) communicates through open interfaces, Helix remains adaptable. This fulfills *Open Interfaces* and *Reliability over Hype*: no lock-in, no hidden dependencies, no brittle shortcuts.

Why It Matters

Integrating TTD into Helix demonstrates that trustworthy AI is an engineering discipline, not a slogan. Each service, port, log, and decision becomes an artifact of accountability. By treating ethos as a technical requirement, Helix operationalizes safety, fairness, and transparency rather than merely promising them.