An AI coding agent (claude-coding-agent) has opened a pull request that introduces a dependency with a known CVE and lacks human attestation. This page is a guided demo: pick a persona, review the PR, submit it to the HELM merge gate, see the deterministic decision, then take the next-step action that belongs to your role.
Four steps. Each persona sees the same PR differently and takes different next-step actions. Try at least two personas to feel the architecture.
Four roles in the same engineering organization. Each has different authority and different responsibilities post-decision.
Same PR for everyone — but the framing card shows how your role reads what's happening.
The deterministic merge gate evaluates 4 checks. The eval is the same regardless of persona — HELM is not opinion-based.
After the decision, your persona panel on the right shows what you can actually do next. Interactive ones expand inline.
The PR introduces a known-CVE dependency under AI authorship with no human attestation and insufficient test coverage. HELM is configured to treat AI-authored PRs as requiring elevated scrutiny when any of the security / attestation / coverage gates fail. All three failed; merge gate intervened. The codebase remains safe.
The same evaluation pattern lives in every workflow KAiM governs. Bring us your highest-risk code-merge path — production deploys, infrastructure changes, security-sensitive merges. We map it to actor / action / authority / policy / evidence / escalation, then show how HELM gates it.