Early access — May 2026

Production-grade
secure AI agents.
HIPAA-first. Regime-pluggable.

Open-source Python framework with HIPAA primitives built in. Audit log, RBAC, PHI-aware tools — in production inside Bavo and Coach Helix.

A few engineers join the private alpha first. No spam, no newsletter.

helix-agent · examples/fetch_patient_record.py
# helix.compliance.audit_log — PHI-scoped tool with auto-audit
 
from helix.compliance import audit_log, phi_aware
 
@audit_log.required(scope="phi")
@phi_aware
async def fetch_patient_record(patient_id: str):
    record = await db.patients.get(patient_id)
    return record

the gap

Nobody owns "the secure agent framework."

Every framework treats compliance as out-of-scope. Helix Agent flips that — audit logging, encryption, RBAC, BAA-aware tooling are built in.

	LangChain / AutoGen	OpenAI / Anthropic SDK	Helix Agent
compliance positioning	"your job, here's a vague docs page"	BAA available on Enterprise; no agent abstractions	secure-by-default; HIPAA primitives built in
audit log	roll your own	roll your own	tamper-evident, hash-chained, 6-yr retention
tool PHI scope	not modeled	not modeled	declared in metadata; framework enforces
BAA vendor catalog	—	per-vendor	curated, integration-safety-checked
regime pluggability	—	—	HIPAA today · SOX / PCI / GDPR architected
license	MIT / Apache 2.0	proprietary	BSL 1.1 → Apache 2.0 (2030)

what's built in

Six modules. HIPAA-grade by default.

Each module is real code, in production today inside Bavo. Names below are the actual import paths — not marketing labels.

helix.compliance.audit_log

Tamper-evident audit log.

Hash-chained, append-only, 6-year retention. Every tool call recorded with PHI scope.

@audit_log.required(scope="phi")
async def send_to_payer(...):
 
    # entry hash-chained to prior call

helix.compliance.encryption

Field-level encryption.

KMS abstraction across AWS, GCP, and BYOK. Encrypt at the field, not just the database.

from helix.compliance import field
 
ssn = field.encrypted("ssn", kms="aws")

helix.compliance.rbac

Role-based access control.

Row-level security baked into the agent runtime. Roles enforced before tool execution, not after.

from helix.compliance import role
 
@role.require("clinician")
async def approve_rx(...):

helix.compliance.tools

PHI-aware tool calling.

Tools declare their PHI scope in metadata. Framework refuses to route PHI to non-PHI-safe tools.

Tool(
  name="order_lab",
  phi_scope=["patient_id"],
)

helix.compliance.vendor

BAA-aware vendor catalog.

Curated catalog of BAA-eligible vendors. Integration safety-checked before runtime.

from helix.compliance import vendor
 
vendor.check("postmark") # → BAA: yes

helix.compliance.scrub

PHI scrubbing middleware.

Drop-in middleware for logs, traces, and error reports. PHI never leaks to observability.

from helix.compliance import scrub
 
log.info(scrub("patient e@x.com"))
# → "patient [email]"

in production today

Two products. Same framework underneath.

Bavo and Coach Helix are the proving ground. Patterns that survive both products earn their way into the framework core.

BAVO

AI patient advocate fighting insurance to approve GLP-1.

Full HIPAA scope. PHI flows through agent reasoning, document generation, and prescriber coordination. Runs on Helix Agent patterns from day one.

getbavo.com →

COACH HELIX

Real-time health and DNA agent.

Personal health and genetic data — HIPAA-equivalent privacy scope. Moving onto Helix Agent patterns over the coming months.

coach helix (private beta) →

roadmap

Where this is headed. Honest about timing.

I'd rather be late than ship vaporware. Where things stand today is highlighted; the rest ship when they're real.

NowTodayBuilding privately inside Bavo + Coach Helix.

NextIn ~3–6 monthsPrivate alpha for a few outside developers. Sharing progress in public.

Public launchIn ~6–12 monthsOpen-source release, with full documentation.

Hosted cloudIn ~1–2 yearsHelix Cloud — the managed, hosted version — launches.

who's building this

One engineer. Twenty years. Three years of agents.

I'm Nick Dat Le. I've been writing software since 2006; the last three years, mostly agents. Helix Agent is the framework underneath Bavo and Coach Helix — the products I'm building today.

I'd rather ship one opinionated, honest thing than three generic ones. That's the whole bet.

Nick Dat Lefounder · engineer · Los Angeles

questions

Common ones, answered honestly.

Is this open-source?

Yes — BSL 1.1, which converts to Apache 2.0 in 4 years. You can self-host, fork, and embed it in your product. The BSL period only prevents launching a competing hosted service. See Sentry's writeup for the precedent.

Can I use this in production today?

Inside Bavo and Coach Helix, yes — those are the two products we build on it ourselves. For outside developers, a private alpha opens in about 3–6 months. Get on the waitlist.

Why fork Hermes instead of LangChain?

Hermes is Python, MIT-licensed, and architecturally clean. LangChain's compliance positioning is "your job, here's a vague docs page." Helix flips that.

What ships in HIPAA primitives today vs. tomorrow?

Today: tamper-evident audit log, field-level encryption, RBAC, PHI-aware tool calling, BAA-aware vendor catalog, PHI scrubbing. Tomorrow: SOX / PCI / GDPR modules are architecturally pluggable but not claimed as shipping until a real customer drives them.

Who is building this?

One person — me, Nick Dat Le. Twenty years writing code, last three deep in agent systems. Currently building Bavo and Coach Helix; Helix Agent is the framework underneath both. See /about.

Production-gradesecure AI agents.HIPAA-first. Regime-pluggable.