Thin Python SDK for the Helio MCP governance proxy
Project description
Helio Python SDK
Thin Python client for the Helio MCP governance proxy. Communicates with the proxy's sideband HTTP API to report evidence and context. The SDK never makes governance decisions — that is always the proxy's job.
Install
pip install helio-client
helio-clientis only the PyPI distribution name — the string youpip install. This package is the Helio Python SDK; the distribution name differs solely because the barehelioname on PyPI is held by an unrelated abandoned project. It changes nothing about how you use the SDK — the import path stayshelio(from helio import HelioContext), and these docs refer to it as the Helio Python SDK throughout.
Quick Start
The proxy prints a per-boot SDK token to stderr on startup (SDK token (pass as HELIO_SDK_TOKEN env var to your SDK clients): ...). Export it in the environment where your SDK client runs — the client reads HELIO_SDK_TOKEN automatically and attaches it as Authorization: Bearer <token> on every sideband call. Without it, requests to the proxy sideband are rejected with 401.
export HELIO_SDK_TOKEN=<token-from-proxy-startup-logs>
from helio import HelioContext
with HelioContext(proxy_url="http://127.0.0.1:3200") as ctx:
# Declare what evidence this session needs
ctx.require_evidence("orders.lookup")
# Mark tool output as evidence under the required key
ctx.mark_evidence("get_order", "orders.lookup", {"orderId": 42})
# Set arbitrary session context
ctx.set("agent_id", "support-bot")
# Check what evidence the proxy has
report = ctx.get_evidence_state()
print(report.satisfied) # ['orders.lookup']
print(report.missing) # []
API
HelioContext
High-level wrapper with local requirement tracking.
| Method | Description |
|---|---|
mark_evidence(tool_name, evidence_key, data, ttl=300) |
Report evidence from a tool output |
require_evidence(keys) |
Declare local requirements (informational) |
set(key, value) |
Set arbitrary session context |
get_evidence_state() |
Get evidence state with satisfied/missing comparison |
HelioClient
Low-level HTTP client mapping to the sideband API.
| Method | Endpoint | Description |
|---|---|---|
mark_evidence(tool_name, evidence_key, data, ttl=300) |
POST /evidence |
Report evidence |
set_context(key, value) |
POST /context |
Set session context |
get_session_state() |
GET /session/:session_id/state |
Fetch combined state |
HelioError
All SDK methods raise HelioError on failure instead of raw HTTP exceptions. The error includes an actionable message and an optional status_code attribute.
from helio import HelioContext, HelioError
try:
with HelioContext() as ctx:
ctx.mark_evidence("tool", "key", "data")
except HelioError as e:
print(e) # "POST /evidence failed: HTTP 400"
print(e.status_code) # 400
Caught error types:
- Connection errors — proxy unreachable (
"Cannot connect to proxy at ...") - Timeout errors — proxy did not respond in time (
"Proxy request timed out: ...") - HTTP errors — proxy returned 4xx/5xx (
"POST /evidence failed: HTTP 400") - Serialization errors — request payload is not JSON-serializable for POST calls (for example,
{"v": object()}), normalized toHelioErrorwith endpoint context ("Failed to serialize POST /evidence payload as JSON: ..."). - Evidence allowlist errors —
POST /evidencemay returncode=evidence_key_not_in_policy_allowlistwhenevidence_keydoes not match any policyevidence.requireskey. The SDK includes the rejected key and configured-key preview inHelioErrorfor quick diagnosis. - Malformed sideband responses — invalid JSON or missing fields from
GET /session/:session_id/stateare normalized toHelioError("... returned malformed response payload").
Configuration
| Parameter | Default | Description |
|---|---|---|
proxy_url |
http://127.0.0.1:3200 |
Sideband API base URL |
session_id |
Auto-generated UUID | Correlation key for evidence/context |
timeout |
5.0 |
HTTP request timeout in seconds |
Constraints
- Under 500 lines — governance logic belongs in the proxy, not the SDK
- Thin client only — no caching, no policy evaluation, no decision-making
- Python 3.10+ required
License
Apache 2.0
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file helio_client-0.5.0.tar.gz.
File metadata
- Download URL: helio_client-0.5.0.tar.gz
- Upload date:
- Size: 15.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
870cf1516c3d367a3e6e091dd6a718ef05ae432083ed242e6f1e6a059606ad76
|
|
| MD5 |
4b7a012fce8f74ceb32ddf5423516031
|
|
| BLAKE2b-256 |
546a0a639b0760ae48be6611eb34d11ae6bc980db9b22437130fed660187c8ff
|
Provenance
The following attestation bundles were made for helio_client-0.5.0.tar.gz:
Publisher:
release.yml on gethelio/helio
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
helio_client-0.5.0.tar.gz -
Subject digest:
870cf1516c3d367a3e6e091dd6a718ef05ae432083ed242e6f1e6a059606ad76 - Sigstore transparency entry: 1838668810
- Sigstore integration time:
-
Permalink:
gethelio/helio@07140563f49d69c0dafeeeee654e417619222a04 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/gethelio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@07140563f49d69c0dafeeeee654e417619222a04 -
Trigger Event:
push
-
Statement type:
File details
Details for the file helio_client-0.5.0-py3-none-any.whl.
File metadata
- Download URL: helio_client-0.5.0-py3-none-any.whl
- Upload date:
- Size: 9.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b4b7362aa726e971e7a9e6feed08b9ab8660bc84e1ffad709fd040b80eb823a2
|
|
| MD5 |
313a8d496e2a97cbd44b5a938a9c3211
|
|
| BLAKE2b-256 |
be9eb1832f42d8f5573f21a07f5f0aba299e7bdf6170a5b380c824ce09572410
|
Provenance
The following attestation bundles were made for helio_client-0.5.0-py3-none-any.whl:
Publisher:
release.yml on gethelio/helio
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
helio_client-0.5.0-py3-none-any.whl -
Subject digest:
b4b7362aa726e971e7a9e6feed08b9ab8660bc84e1ffad709fd040b80eb823a2 - Sigstore transparency entry: 1838668915
- Sigstore integration time:
-
Permalink:
gethelio/helio@07140563f49d69c0dafeeeee654e417619222a04 -
Branch / Tag:
refs/tags/v0.5.0 - Owner: https://github.com/gethelio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@07140563f49d69c0dafeeeee654e417619222a04 -
Trigger Event:
push
-
Statement type: