diff --git a/Dockerfile.helm-runner b/Dockerfile.helm-runner
new file mode 100644
index 00000000..03eb5c6f
--- /dev/null
+++ b/Dockerfile.helm-runner
@@ -0,0 +1,17 @@
+FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:ae09ecc3d754bc1726cbda3e2599cc7839e09fe1cc547ce173cf669b645be3cc
+
+ARG HELM_VERSION=3.15.4
+ARG TARGETARCH=amd64
+
+RUN microdnf install -y ca-certificates curl gzip tar && microdnf clean all
+RUN curl -fsSLo /tmp/helm.tar.gz "https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz" \
+ && curl -fsSLo /tmp/helm.tar.gz.sha256sum "https://get.helm.sh/helm-v${HELM_VERSION}-linux-${TARGETARCH}.tar.gz.sha256sum" \
+ && cd /tmp \
+ && sha256sum -c helm.tar.gz.sha256sum \
+ && tar -xzf helm.tar.gz \
+ && install -m 0755 "linux-${TARGETARCH}/helm" /usr/local/bin/helm \
+ && rm -rf /tmp/helm.tar.gz /tmp/helm.tar.gz.sha256sum "/tmp/linux-${TARGETARCH}"
+
+USER 1001
+WORKDIR /tmp/work
+ENTRYPOINT ["/usr/local/bin/helm"]
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index aaf40380..7e084601 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -16,7 +16,7 @@
 set -euo pipefail
 DEPLOY_START=$(date +%s)
 VALUES_FILE="/tmp/pulse-deploy-values-$$.yaml"
-trap 'rm -f /tmp/pulse-ui-build.log /tmp/pulse-ui-push.log "$VALUES_FILE"' EXIT
+trap 'rm -f /tmp/pulse-ui-build.log /tmp/pulse-ui-push.log /tmp/pulse-helm-runner.digest "$VALUES_FILE"' EXIT
 
 # ─── Configuration ───────────────────────────────────────────────────────────
 
@@ -26,6 +26,8 @@ NAMESPACE="openshiftpulse"
 RELEASE="pulse"
 UI_IMAGE="${PULSE_UI_IMAGE:-quay.io/amobrem/openshiftpulse}"
 AGENT_IMAGE="${PULSE_AGENT_IMAGE:-quay.io/amobrem/pulse-agent}"
+HELM_RUNNER_IMAGE="${PULSE_HELM_RUNNER_IMAGE:-quay.io/amobrem/pulse-helm-runner}"
+HELM_RUNNER_IMAGE_REF="${PULSE_HELM_RUNNER_IMAGE_REF:-}"
 UI_TAG=""
 AGENT_TAG=""
 _WS_TOKEN_OVERRIDE="${PULSE_AGENT_WS_TOKEN:-}"
@@ -252,6 +254,10 @@ fi
 if [[ -z "$AGENT_TAG" ]]; then
   AGENT_TAG=$(git_tag "$AGENT_REPO")
 fi
+if [[ -n "$HELM_RUNNER_IMAGE_REF" && ! "$HELM_RUNNER_IMAGE_REF" =~ ^[^[:space:]@]+@sha256:[a-fA-F0-9]{64}$ ]]; then
+  error "PULSE_HELM_RUNNER_IMAGE_REF must be an immutable digest reference (repo@sha256:...)"
+  exit 1
+fi
 
 info "UI tag: $UI_TAG"
 info "Agent tag: $AGENT_TAG"
@@ -305,6 +311,7 @@ if [[ "$DRY_RUN" == "true" ]]; then
   echo "  Namespace:     $NAMESPACE"
   echo "  UI image:      ${UI_IMAGE}:${UI_TAG}"
   echo "  Agent image:   ${AGENT_IMAGE}:${AGENT_TAG}"
+  echo "  Helm runner:   ${HELM_RUNNER_IMAGE_REF:-${HELM_RUNNER_IMAGE}:${UI_TAG} (digest resolved after push)}"
   if [[ -n "${ANTHROPIC_VERTEX_PROJECT_ID:-}" ]]; then
     echo "  AI backend:    Vertex AI (${ANTHROPIC_VERTEX_PROJECT_ID} / ${CLOUD_ML_REGION:-us-east5})"
   elif [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then
@@ -333,10 +340,15 @@ fi
   pnpm run build
   info "UI built (dist/)"
 
-  info "Building UI and Agent images in parallel..."
+  info "Building UI, Agent, and Helm runner images..."
   podman build --platform linux/amd64 -t "${UI_IMAGE}:${UI_TAG}" "$PROJECT_DIR" &>/tmp/pulse-ui-build.log &
   UI_BUILD_PID=$!
 
+  if [[ -z "$HELM_RUNNER_IMAGE_REF" ]]; then
+    podman build --platform linux/amd64 -t "${HELM_RUNNER_IMAGE}:${UI_TAG}" -f "$PROJECT_DIR/Dockerfile.helm-runner" "$PROJECT_DIR"
+    info "Helm runner image built"
+  fi
+
   cd "$AGENT_REPO"
   # Default Dockerfile is the full single-stage build.
   # Use Dockerfile.fast only when the pre-built deps image is available in-cluster.
@@ -355,6 +367,7 @@ fi
   info "Pushing images..."
   podman tag "${UI_IMAGE}:${UI_TAG}" "${UI_IMAGE}:latest"
   podman tag "${AGENT_IMAGE}:${AGENT_TAG}" "${AGENT_IMAGE}:latest"
+  [[ -z "$HELM_RUNNER_IMAGE_REF" ]] && podman tag "${HELM_RUNNER_IMAGE}:${UI_TAG}" "${HELM_RUNNER_IMAGE}:latest"
 
   podman push "${UI_IMAGE}:${UI_TAG}" &>/tmp/pulse-ui-push.log &
   UI_PUSH_PID=$!
@@ -363,6 +376,15 @@ fi
   podman push "${AGENT_IMAGE}:latest"
   info "Pushed ${AGENT_IMAGE}:${AGENT_TAG} + latest"
 
+  if [[ -z "$HELM_RUNNER_IMAGE_REF" ]]; then
+    podman push --digestfile /tmp/pulse-helm-runner.digest "${HELM_RUNNER_IMAGE}:${UI_TAG}"
+    [[ -s /tmp/pulse-helm-runner.digest ]] || { error "Helm runner push did not produce a digest"; exit 1; }
+    podman push "${HELM_RUNNER_IMAGE}:latest"
+    HELM_RUNNER_DIGEST=$(cat /tmp/pulse-helm-runner.digest)
+    HELM_RUNNER_IMAGE_REF="${HELM_RUNNER_IMAGE}@${HELM_RUNNER_DIGEST}"
+    info "Pushed Helm runner ${HELM_RUNNER_IMAGE_REF}"
+  fi
+
   if wait $UI_PUSH_PID; then
     podman push "${UI_IMAGE}:latest"
     info "Pushed ${UI_IMAGE}:${UI_TAG} + latest"
@@ -433,15 +455,22 @@ fi
 # Generate values file (keeps secrets out of process listings)
 AI_BACKEND="none"
 AI_VALUES=""
+AI_VALUES_COMPAT=""
 if [[ -n "${ANTHROPIC_VERTEX_PROJECT_ID:-}" ]]; then
   AI_VALUES="  vertexAI:
     projectId: ${ANTHROPIC_VERTEX_PROJECT_ID}
     region: ${CLOUD_ML_REGION:-us-east5}
     existingSecret: gcp-sa-key"
+  AI_VALUES_COMPAT="  vertexAI:
+    projectId: ${ANTHROPIC_VERTEX_PROJECT_ID}
+    region: ${CLOUD_ML_REGION:-us-east5}
+    existingSecret: gcp-sa-key"
   AI_BACKEND="vertex"
 elif [[ -n "${ANTHROPIC_API_KEY:-}" ]]; then
   AI_VALUES="  anthropicApiKey:
     existingSecret: anthropic-api-key"
+  AI_VALUES_COMPAT="  anthropicApiKey:
+    existingSecret: anthropic-api-key"
   AI_BACKEND="anthropic"
 fi
 
@@ -474,6 +503,9 @@ openshiftpulse:
       enabled: $MONITORING_ENABLED
     alertmanager:
       enabled: $MONITORING_ENABLED
+  helmInstall:
+    runnerImage: "$HELM_RUNNER_IMAGE_REF"
+    serviceAccountName: openshiftpulse-helm-installer
   agent:
     enabled: true
     serviceName: $AGENT_DEPLOY
@@ -487,9 +519,24 @@ agent:
   rbac:
     allowWriteOperations: ${AGENT_ALLOW_WRITES:-false}
     allowSecretAccess: ${AGENT_ALLOW_SECRETS:-false}
+  mcp:
+    enabled: false
   wsAuth:
     existingSecret: $WS_SECRET
 $AI_VALUES
+openshift-sre-agent:
+  enabled: true
+  image:
+    repository: $AGENT_IMAGE
+    tag: "$AGENT_TAG"
+  rbac:
+    allowWriteOperations: ${AGENT_ALLOW_WRITES:-false}
+    allowSecretAccess: ${AGENT_ALLOW_SECRETS:-false}
+  mcp:
+    enabled: false
+  wsAuth:
+    existingSecret: $WS_SECRET
+$AI_VALUES_COMPAT
 YAML
 chmod 600 "$VALUES_FILE"
 
diff --git a/deploy/helm/openshiftpulse/templates/deployment.yaml b/deploy/helm/openshiftpulse/templates/deployment.yaml
index 5b78be1a..950eec4b 100644
--- a/deploy/helm/openshiftpulse/templates/deployment.yaml
+++ b/deploy/helm/openshiftpulse/templates/deployment.yaml
@@ -114,8 +114,6 @@ spec:
             echo "Agent WS token: injected at template time"
           fi
           {{- end }}
-          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token 2>/dev/null || echo "")
-          sed -i "s|__SA_TOKEN__|${SA_TOKEN}|g" /tmp/nginx.conf
           exec nginx -c /tmp/nginx.conf -g 'daemon off;'
         ports:
         - containerPort: 8080
@@ -123,6 +121,9 @@ spec:
         - name: nginx-config
           mountPath: /etc/nginx/nginx.conf
           subPath: nginx.conf
+        - name: nginx-config
+          mountPath: /opt/app-root/src/config.js
+          subPath: config.js
         {{- if .Values.agent.enabled }}
         - name: agent-token
           mountPath: /etc/nginx/agent-token
diff --git a/deploy/helm/openshiftpulse/templates/nginx-config.yaml b/deploy/helm/openshiftpulse/templates/nginx-config.yaml
index 8a0f0b4c..15c65bb7 100644
--- a/deploy/helm/openshiftpulse/templates/nginx-config.yaml
+++ b/deploy/helm/openshiftpulse/templates/nginx-config.yaml
@@ -6,6 +6,13 @@ metadata:
   labels:
     {{- include "openshiftpulse.labels" . | nindent 4 }}
 data:
+  config.js: |
+    window.__OPENSHIFTPULSE_CONFIG__ = {
+      helmInstall: {
+        runnerImage: {{ .Values.helmInstall.runnerImage | quote }},
+        serviceAccountName: {{ .Values.helmInstall.serviceAccountName | quote }}
+      }
+    };
   nginx.conf: |
     worker_processes auto;
     error_log /dev/stderr warn;
@@ -44,11 +51,10 @@ data:
           proxy_pass https://kubernetes.default.svc/;
           proxy_ssl_verify on;
           proxy_ssl_trusted_certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt;
-          set $k8s_token $http_x_forwarded_access_token;
-          if ($k8s_token = '') {
-            set $k8s_token '__SA_TOKEN__';
+          if ($http_x_forwarded_access_token = '') {
+            return 401 '{"error":"X-Forwarded-Access-Token header is required"}';
           }
-          proxy_set_header Authorization "Bearer $k8s_token";
+          proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection $connection_upgrade;
           proxy_http_version 1.1;
@@ -60,11 +66,10 @@ data:
           proxy_pass https://{{ .Values.monitoring.prometheus.host }}/;
           proxy_ssl_verify on;
           proxy_ssl_trusted_certificate /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt;
-          set $prom_token $http_x_forwarded_access_token;
-          if ($prom_token = '') {
-            set $prom_token '__SA_TOKEN__';
+          if ($http_x_forwarded_access_token = '') {
+            return 401 '{"error":"X-Forwarded-Access-Token header is required"}';
           }
-          proxy_set_header Authorization "Bearer $prom_token";
+          proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
           proxy_read_timeout 60s;
         }
         {{- else }}
@@ -84,11 +89,10 @@ data:
           proxy_pass https://{{ .Values.monitoring.alertmanager.host }}/;
           proxy_ssl_verify on;
           proxy_ssl_trusted_certificate /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt;
-          set $am_token $http_x_forwarded_access_token;
-          if ($am_token = '') {
-            set $am_token '__SA_TOKEN__';
+          if ($http_x_forwarded_access_token = '') {
+            return 401 '{"error":"X-Forwarded-Access-Token header is required"}';
           }
-          proxy_set_header Authorization "Bearer $am_token";
+          proxy_set_header Authorization "Bearer $http_x_forwarded_access_token";
           proxy_read_timeout 60s;
         }
         {{- else }}
diff --git a/deploy/helm/openshiftpulse/values.yaml b/deploy/helm/openshiftpulse/values.yaml
index 3a277fc4..e69b4e2f 100644
--- a/deploy/helm/openshiftpulse/values.yaml
+++ b/deploy/helm/openshiftpulse/values.yaml
@@ -36,6 +36,12 @@ monitoring:
   selfMonitor:
     enabled: true
 
+# In-cluster Helm installs use a project-owned runner image. Leave empty to
+# fail closed rather than execute a mutable third-party image.
+helmInstall:
+  runnerImage: ""
+  serviceAccountName: openshiftpulse-helm-installer
+
 # Resource limits
 resources:
   app:
diff --git a/deploy/helm/pulse/Chart.lock b/deploy/helm/pulse/Chart.lock
index d155a254..14535a86 100644
--- a/deploy/helm/pulse/Chart.lock
+++ b/deploy/helm/pulse/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
   version: 4.7.0
 - name: openshift-sre-agent
   repository: file://../../../../pulse-agent/chart
-  version: 2.6.0
-digest: sha256:a9ce7715a3e0c6ae6513674f5de98df4be4d79627d42a96091fe7d620fa69d17
-generated: "2026-04-28T18:09:47.246482-07:00"
+  version: 1.13.0
+digest: sha256:0408c4a4e57404efbda9a53cf921bb4cde8634b182e14bdb7c87cdc8d760aca5
+generated: "2026-06-09T16:58:30.041978735+02:00"
diff --git a/deploy/helm/pulse/Chart.yaml b/deploy/helm/pulse/Chart.yaml
index da880374..bead4301 100644
--- a/deploy/helm/pulse/Chart.yaml
+++ b/deploy/helm/pulse/Chart.yaml
@@ -16,7 +16,7 @@ dependencies:
     repository: "file://../openshiftpulse"
 
   - name: openshift-sre-agent
-    version: "2.7.1"
+    version: "1.13.0"
     repository: "file://../../../../pulse-agent/chart"
     alias: agent
     condition: agent.enabled
diff --git a/deploy/helm/pulse/charts/openshift-sre-agent-1.13.0.tgz b/deploy/helm/pulse/charts/openshift-sre-agent-1.13.0.tgz
new file mode 100644
index 00000000..22272bb4
Binary files /dev/null and b/deploy/helm/pulse/charts/openshift-sre-agent-1.13.0.tgz differ
diff --git a/deploy/helm/pulse/charts/openshift-sre-agent-2.6.0.tgz b/deploy/helm/pulse/charts/openshift-sre-agent-2.6.0.tgz
deleted file mode 100644
index d1f4bd51..00000000
Binary files a/deploy/helm/pulse/charts/openshift-sre-agent-2.6.0.tgz and /dev/null differ
diff --git a/deploy/helm/pulse/charts/openshiftpulse-4.7.0.tgz b/deploy/helm/pulse/charts/openshiftpulse-4.7.0.tgz
index 64bc938b..365cb601 100644
Binary files a/deploy/helm/pulse/charts/openshiftpulse-4.7.0.tgz and b/deploy/helm/pulse/charts/openshiftpulse-4.7.0.tgz differ
diff --git a/deploy/helm/pulse/values.yaml b/deploy/helm/pulse/values.yaml
index be679669..27631caf 100644
--- a/deploy/helm/pulse/values.yaml
+++ b/deploy/helm/pulse/values.yaml
@@ -24,6 +24,10 @@ openshiftpulse:
       enabled: true
       host: alertmanager-main.openshift-monitoring.svc:9094
 
+  helmInstall:
+    runnerImage: ""
+    serviceAccountName: openshiftpulse-helm-installer
+
   agent:
     enabled: true
     # Auto-derived from release name if empty: <release>-openshift-sre-agent
@@ -65,6 +69,9 @@ agent:
     allowWriteOperations: false
     allowSecretAccess: false
 
+  mcp:
+    enabled: false
+
   database:
     type: postgresql
     postgresql:
@@ -79,3 +86,10 @@ agent:
   wsAuth:
     existingSecret: "pulse-ws-token"
     secretKey: "token"
+
+# Compatibility for stale packaged dependencies that were not aliased as
+# `agent`. Keep this until the archived dependency is refreshed everywhere.
+openshift-sre-agent:
+  enabled: true
+  mcp:
+    enabled: false
diff --git a/deploy/test-helm.sh b/deploy/test-helm.sh
index 51cdd1ad..8cee36cc 100755
--- a/deploy/test-helm.sh
+++ b/deploy/test-helm.sh
@@ -40,7 +40,14 @@ AGENT_VALUES=(
   --set agent.enabled=true
   --set agent.image.repository=quay.io/test/agent
   --set agent.image.tag=test
+  --set agent.wsAuth.existingSecret=pulse-ws-token
   --set agent.anthropicApiKey.existingSecret=test-secret
+  # Compatibility for stale packaged dependencies before helm dependency update.
+  --set openshift-sre-agent.enabled=true
+  --set openshift-sre-agent.image.repository=quay.io/test/agent
+  --set openshift-sre-agent.image.tag=test
+  --set openshift-sre-agent.wsAuth.existingSecret=pulse-ws-token
+  --set openshift-sre-agent.anthropicApiKey.existingSecret=test-secret
 )
 
 # 1. Helm lint
@@ -53,8 +60,7 @@ fi
 
 # 2. Template renders without errors
 echo "--- Template rendering ---"
-RENDERED=$(helm template pulse "$CHART_DIR" "${COMMON[@]}" "${AGENT_VALUES[@]}" 2>&1)
-if [[ $? -eq 0 ]]; then
+if RENDERED=$(helm template pulse "$CHART_DIR" "${COMMON[@]}" "${AGENT_VALUES[@]}" 2>&1); then
   pass "Template renders (agent enabled)"
 else
   fail "Template renders (agent enabled)"
@@ -118,10 +124,10 @@ else
 fi
 
 # 10. Agent disabled renders without errors
-RENDERED_NO_AGENT=$(helm template pulse "$CHART_DIR" "${COMMON[@]}" \
+if RENDERED_NO_AGENT=$(helm template pulse "$CHART_DIR" "${COMMON[@]}" \
   --set openshiftpulse.agent.enabled=false \
-  --set agent.enabled=false 2>&1)
-if [[ $? -eq 0 ]]; then
+  --set agent.enabled=false \
+  --set openshift-sre-agent.enabled=false 2>&1); then
   pass "Template renders (agent disabled)"
 else
   fail "Template renders (agent disabled)"
@@ -149,6 +155,32 @@ else
   fail "RollingUpdate strategy missing"
 fi
 
+# 14. User token proxy must fail closed instead of falling back to service-account token
+if has "$RENDERED" "__SA_TOKEN__"; then
+  fail "nginx config still contains service-account token fallback"
+else
+  pass "nginx config has no service-account token fallback"
+fi
+
+if has "$RENDERED" "X-Forwarded-Access-Token header is required"; then
+  pass "nginx returns 401 when forwarded access token is missing"
+else
+  fail "nginx missing-token 401 guard not rendered"
+fi
+
+if has "$RENDERED" "sed -i \"s|__SA_TOKEN__"; then
+  fail "deployment still injects service-account token into nginx"
+else
+  pass "deployment does not inject service-account token into nginx"
+fi
+
+# 15. MCP server must not render by default
+if has "$RENDERED" "app.kubernetes.io/component: mcp-server"; then
+  fail "MCP server renders by default"
+else
+  pass "MCP server disabled by default"
+fi
+
 # Summary
 echo ""
 echo "==========================="
diff --git a/public/config.js b/public/config.js
new file mode 100644
index 00000000..a3a8511b
--- /dev/null
+++ b/public/config.js
@@ -0,0 +1 @@
+window.__OPENSHIFTPULSE_CONFIG__ = window.__OPENSHIFTPULSE_CONFIG__ || {};
diff --git a/public/index.html b/public/index.html
index 9b7d1a9c..d7c35261 100644
--- a/public/index.html
+++ b/public/index.html
@@ -3,9 +3,10 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="description" content="OpenShift Pulse — Next-generation OpenShift Console" />
-    <title>OpenShift Pulse</title>
-    <link rel="icon" type="image/svg+xml" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32'%3E%3Cdefs%3E%3ClinearGradient id='bg' x1='0' y1='0' x2='1' y2='1'%3E%3Cstop offset='0%25' stop-color='%232563eb'/%3E%3Cstop offset='100%25' stop-color='%237c3aed'/%3E%3C/linearGradient%3E%3ClinearGradient id='ln' x1='0' y1='0' x2='1' y2='0'%3E%3Cstop offset='0%25' stop-color='%2360a5fa'/%3E%3Cstop offset='50%25' stop-color='%23ffffff'/%3E%3Cstop offset='100%25' stop-color='%23a78bfa'/%3E%3C/linearGradient%3E%3C/defs%3E%3Crect width='32' height='32' rx='7' fill='url(%23bg)'/%3E%3Cpolyline points='4,16.5 9,16.5 11,16.5 13,12 15,21 17,7 19,25 21,13 23,16.5 25,16.5 28,16.5' fill='none' stroke='url(%23ln)' stroke-width='1.8' stroke-linecap='round' stroke-linejoin='round'/%3E%3Ccircle cx='17' cy='7' r='1.2' fill='white' opacity='0.5'/%3E%3C/svg%3E" />
+	    <meta name="description" content="OpenShift Pulse — Next-generation OpenShift Console" />
+	    <title>OpenShift Pulse</title>
+	    <script src="/config.js"></script>
+	    <link rel="icon" type="image/svg+xml" href="data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 32 32'%3E%3Cdefs%3E%3ClinearGradient id='bg' x1='0' y1='0' x2='1' y2='1'%3E%3Cstop offset='0%25' stop-color='%232563eb'/%3E%3Cstop offset='100%25' stop-color='%237c3aed'/%3E%3C/linearGradient%3E%3ClinearGradient id='ln' x1='0' y1='0' x2='1' y2='0'%3E%3Cstop offset='0%25' stop-color='%2360a5fa'/%3E%3Cstop offset='50%25' stop-color='%23ffffff'/%3E%3Cstop offset='100%25' stop-color='%23a78bfa'/%3E%3C/linearGradient%3E%3C/defs%3E%3Crect width='32' height='32' rx='7' fill='url(%23bg)'/%3E%3Cpolyline points='4,16.5 9,16.5 11,16.5 13,12 15,21 17,7 19,25 21,13 23,16.5 25,16.5 28,16.5' fill='none' stroke='url(%23ln)' stroke-width='1.8' stroke-linecap='round' stroke-linejoin='round'/%3E%3Ccircle cx='17' cy='7' r='1.2' fill='white' opacity='0.5'/%3E%3C/svg%3E" />
     <style>
       /* Prevent white flash before CSS loads */
       html, body { margin: 0; padding: 0; background-color: #020617; color: #e2e8f0; }
diff --git a/rspack.config.ts b/rspack.config.ts
index 8c0d52bd..ef72aeb1 100644
--- a/rspack.config.ts
+++ b/rspack.config.ts
@@ -4,6 +4,7 @@ import ReactRefreshPlugin from '@rspack/plugin-react-refresh';
 import { execSync } from 'child_process';
 import { readFileSync } from 'fs';
 import path from 'path';
+import { fetchHelmRepoIndex } from './src/dev/helmRepoProxy';
 
 const pkg = JSON.parse(readFileSync(path.resolve(__dirname, 'package.json'), 'utf-8'));
 
@@ -138,31 +139,9 @@ export default defineConfig({
           res.end('Missing url parameter');
           return;
         }
-        // Validate URL: must be http(s), no internal/link-local addresses
         try {
-          const parsed = new URL(repoUrl);
-          if (!['http:', 'https:'].includes(parsed.protocol)) {
-            res.writeHead(400, { 'Content-Type': 'text/plain' });
-            res.end('URL must use http or https protocol');
-            return;
-          }
-          const host = parsed.hostname.replace(/^\[|\]$/g, ''); // strip IPv6 brackets
-          if (/^(10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.|127\.|0\.|169\.254\.|localhost$|::1$|::ffff:|fd[0-9a-f]{2}:|fe80:)/i.test(host)) {
-            res.writeHead(403, { 'Content-Type': 'text/plain' });
-            res.end('Internal/private addresses are not allowed');
-            return;
-          }
-        } catch {
-          res.writeHead(400, { 'Content-Type': 'text/plain' });
-          res.end('Invalid URL');
-          return;
-        }
-        try {
-          const target = repoUrl.endsWith('/index.yaml') ? repoUrl : `${repoUrl.replace(/\/$/, '')}/index.yaml`;
-          const response = await fetch(target, { signal: AbortSignal.timeout(30000) });
-          if (!response.ok) throw new Error(`${response.status}`);
-          const text = await response.text();
-          res.writeHead(200, { 'Content-Type': 'text/plain', 'Access-Control-Allow-Origin': '*' });
+          const text = await fetchHelmRepoIndex(repoUrl);
+          res.writeHead(200, { 'Content-Type': 'text/plain' });
           res.end(text);
         } catch (err: unknown) {
           res.writeHead(502, { 'Content-Type': 'text/plain' });
diff --git a/src/dev/__tests__/helmRepoProxy.test.ts b/src/dev/__tests__/helmRepoProxy.test.ts
new file mode 100644
index 00000000..b8d3b9ff
--- /dev/null
+++ b/src/dev/__tests__/helmRepoProxy.test.ts
@@ -0,0 +1,112 @@
+import { PassThrough } from 'node:stream';
+import { readFileSync } from 'node:fs';
+import type { IncomingMessage } from 'node:http';
+import { describe, expect, it, vi } from 'vitest';
+import { fetchHelmRepoIndex, resolveAndValidateHelmRepoUrl } from '../helmRepoProxy';
+
+function makeResponse(statusCode: number, headers: IncomingMessage['headers'] = {}, body = ''): IncomingMessage {
+  const stream = new PassThrough() as IncomingMessage;
+  stream.statusCode = statusCode;
+  stream.headers = headers;
+  setImmediate(() => stream.end(body));
+  return stream;
+}
+
+describe('resolveAndValidateHelmRepoUrl', () => {
+  it('rejects hostnames that resolve to loopback addresses', async () => {
+    await expect(resolveAndValidateHelmRepoUrl('https://metadata.example/index.yaml', {
+      lookup: vi.fn().mockResolvedValue([{ address: '127.0.0.1', family: 4 }]),
+    })).rejects.toThrow(/Internal\/private/);
+  });
+
+  it('rejects hostnames that resolve to cloud metadata addresses', async () => {
+    await expect(resolveAndValidateHelmRepoUrl('https://repo.example/index.yaml', {
+      lookup: vi.fn().mockResolvedValue([{ address: '169.254.169.254', family: 4 }]),
+    })).rejects.toThrow(/Internal\/private/);
+  });
+
+  it('rejects private IPv6 literals', async () => {
+    await expect(resolveAndValidateHelmRepoUrl('https://[::1]/index.yaml')).rejects.toThrow(/Internal\/private/);
+  });
+
+  it('rejects reserved IPv4 and IPv6 ranges', async () => {
+    const blockedAddresses = [
+      { address: '192.0.2.10', family: 4 as const },
+      { address: '198.51.100.10', family: 4 as const },
+      { address: '203.0.113.10', family: 4 as const },
+      { address: 'fe90::1', family: 6 as const },
+      { address: '2001:db8::1', family: 6 as const },
+      { address: 'ff02::1', family: 6 as const },
+    ];
+
+    for (const resolvedAddress of blockedAddresses) {
+      await expect(resolveAndValidateHelmRepoUrl('https://repo.example/index.yaml', {
+        lookup: vi.fn().mockResolvedValue([resolvedAddress]),
+      })).rejects.toThrow(/Internal\/private/);
+    }
+  });
+
+  it('accepts public resolved addresses and appends index.yaml', async () => {
+    const result = await resolveAndValidateHelmRepoUrl('https://charts.example.com', {
+      lookup: vi.fn().mockResolvedValue([{ address: '93.184.216.34', family: 4 }]),
+    });
+
+    expect(result.url.toString()).toBe('https://charts.example.com/index.yaml');
+    expect(result.addresses).toEqual([{ address: '93.184.216.34', family: 4 }]);
+  });
+
+  it('accepts public IPv6 literals', async () => {
+    const result = await resolveAndValidateHelmRepoUrl('https://[2606:2800:220:1:248:1893:25c8:1946]');
+
+    expect(result.url.toString()).toBe('https://[2606:2800:220:1:248:1893:25c8:1946]/index.yaml');
+    expect(result.addresses).toEqual([{ address: '2606:2800:220:1:248:1893:25c8:1946', family: 6 }]);
+  });
+
+  it('rejects URLs with embedded credentials', async () => {
+    await expect(resolveAndValidateHelmRepoUrl('https://user:pass@charts.example.com', {
+      lookup: vi.fn().mockResolvedValue([{ address: '93.184.216.34', family: 4 }]),
+    })).rejects.toThrow(/credentials/);
+  });
+});
+
+describe('fetchHelmRepoIndex', () => {
+  it('revalidates redirect destinations before following them', async () => {
+    const request = vi.fn().mockResolvedValue(makeResponse(302, { location: 'http://metadata.example' }));
+    const lookup = vi.fn(async (hostname: string) => {
+      if (hostname === 'metadata.example') return [{ address: '127.0.0.1', family: 4 as const }];
+      return [{ address: '93.184.216.34', family: 4 as const }];
+    });
+
+    await expect(fetchHelmRepoIndex('http://charts.example', { lookup, request })).rejects.toThrow(/Internal\/private/);
+    expect(request).toHaveBeenCalledOnce();
+    expect(lookup).toHaveBeenCalledWith('metadata.example');
+  });
+
+  it('enforces redirect limits', async () => {
+    const request = vi.fn().mockResolvedValue(makeResponse(302, { location: 'http://charts.example/next' }));
+    const lookup = vi.fn().mockResolvedValue([{ address: '93.184.216.34', family: 4 }]);
+
+    await expect(fetchHelmRepoIndex('http://charts.example', {
+      lookup,
+      request,
+      maxRedirects: 1,
+    })).rejects.toThrow(/Too many redirects/);
+    expect(request).toHaveBeenCalledTimes(2);
+  });
+
+  it('rejects oversized chart index responses', async () => {
+    const request = vi.fn().mockResolvedValue(makeResponse(200, {}, 'abcdef'));
+    const lookup = vi.fn().mockResolvedValue([{ address: '93.184.216.34', family: 4 }]);
+
+    await expect(fetchHelmRepoIndex('http://charts.example', {
+      lookup,
+      request,
+      maxBytes: 3,
+    })).rejects.toThrow(/too large/);
+  });
+
+  it('does not configure wildcard CORS for the dev helm repo proxy', () => {
+    const rspackConfig = readFileSync(new URL('../../../rspack.config.ts', import.meta.url), 'utf8');
+    expect(rspackConfig).not.toContain('Access-Control-Allow-Origin');
+  });
+});
diff --git a/src/dev/helmRepoProxy.ts b/src/dev/helmRepoProxy.ts
new file mode 100644
index 00000000..35e4b74b
--- /dev/null
+++ b/src/dev/helmRepoProxy.ts
@@ -0,0 +1,229 @@
+import dns from 'node:dns/promises';
+import http from 'node:http';
+import https from 'node:https';
+import net from 'node:net';
+import type { IncomingMessage } from 'node:http';
+
+export interface ResolvedAddress {
+  address: string;
+  family: 4 | 6;
+}
+
+interface ResolveOptions {
+  lookup?: (hostname: string) => Promise<ResolvedAddress[]>;
+}
+
+interface FetchOptions extends ResolveOptions {
+  timeoutMs?: number;
+  maxBytes?: number;
+  maxRedirects?: number;
+  request?: (resolved: ResolvedHelmRepoUrl, options: Required<Pick<FetchOptions, 'timeoutMs' | 'maxBytes'>>) => Promise<IncomingMessage>;
+}
+
+export interface ResolvedHelmRepoUrl {
+  url: URL;
+  addresses: ResolvedAddress[];
+}
+
+const DEFAULT_TIMEOUT_MS = 30_000;
+const DEFAULT_MAX_BYTES = 5 * 1024 * 1024;
+const DEFAULT_MAX_REDIRECTS = 3;
+
+function normalizeHelmIndexUrl(repoUrl: string): URL {
+  const parsed = new URL(repoUrl);
+  if (!['http:', 'https:'].includes(parsed.protocol)) {
+    throw new Error('URL must use http or https protocol');
+  }
+  if (parsed.username || parsed.password) {
+    throw new Error('Repository URL credentials are not allowed');
+  }
+  if (!parsed.pathname.endsWith('/index.yaml')) {
+    parsed.pathname = `${parsed.pathname.replace(/\/$/, '')}/index.yaml`;
+  }
+  return parsed;
+}
+
+function hostnameForValidation(url: URL): string {
+  const hostname = url.hostname;
+  return hostname.startsWith('[') && hostname.endsWith(']') ? hostname.slice(1, -1) : hostname;
+}
+
+function ipv4ToNumber(address: string): number | null {
+  const parts = address.split('.').map((part) => Number(part));
+  if (parts.length !== 4 || parts.some((part) => !Number.isInteger(part) || part < 0 || part > 255)) {
+    return null;
+  }
+  return (((parts[0] << 24) >>> 0) + (parts[1] << 16) + (parts[2] << 8) + parts[3]) >>> 0;
+}
+
+function ipv4InCidr(address: number, base: string, prefix: number): boolean {
+  const baseNumber = ipv4ToNumber(base);
+  if (baseNumber === null) return true;
+  const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
+  return (address & mask) === (baseNumber & mask);
+}
+
+function isPrivateIpv4(address: string): boolean {
+  const value = ipv4ToNumber(address);
+  if (value === null) return true;
+
+  const blockedRanges: Array<[string, number]> = [
+    ['0.0.0.0', 8],
+    ['10.0.0.0', 8],
+    ['100.64.0.0', 10],
+    ['127.0.0.0', 8],
+    ['169.254.0.0', 16],
+    ['172.16.0.0', 12],
+    ['192.0.0.0', 24],
+    ['192.0.2.0', 24],
+    ['192.88.99.0', 24],
+    ['192.168.0.0', 16],
+    ['198.18.0.0', 15],
+    ['198.51.100.0', 24],
+    ['203.0.113.0', 24],
+    ['224.0.0.0', 4],
+    ['240.0.0.0', 4],
+  ];
+  return blockedRanges.some(([base, prefix]) => ipv4InCidr(value, base, prefix));
+}
+
+function parseIpv6Hextets(address: string): number[] | null {
+  const withoutZone = address.toLowerCase().split('%')[0];
+  if (withoutZone.includes('.')) return null;
+  const parts = withoutZone.split('::');
+  if (parts.length > 2) return null;
+
+  const parsePart = (part: string): number[] | null => {
+    if (!part) return [];
+    const hextets = part.split(':').map((chunk) => Number.parseInt(chunk, 16));
+    return hextets.every((hextet) => Number.isInteger(hextet) && hextet >= 0 && hextet <= 0xffff) ? hextets : null;
+  };
+
+  const left = parsePart(parts[0]);
+  const right = parsePart(parts[1] ?? '');
+  if (!left || !right) return null;
+
+  if (parts.length === 1) {
+    return left.length === 8 ? left : null;
+  }
+
+  const fillLength = 8 - left.length - right.length;
+  if (fillLength < 1) return null;
+  return [...left, ...Array(fillLength).fill(0), ...right];
+}
+
+function isPrivateIpv6(address: string): boolean {
+  const lower = address.toLowerCase();
+  if (lower.startsWith('::ffff:')) {
+    const mapped = lower.slice('::ffff:'.length);
+    return net.isIP(mapped) === 4 ? isPrivateIpv4(mapped) : true;
+  }
+  const hextets = parseIpv6Hextets(lower);
+  if (!hextets) return true;
+
+  const [first, second] = hextets;
+  if (hextets.every((hextet) => hextet === 0)) return true;
+  if (hextets.slice(0, 7).every((hextet) => hextet === 0) && hextets[7] === 1) return true;
+  if ((first & 0xfe00) === 0xfc00) return true;
+  if ((first & 0xffc0) === 0xfe80) return true;
+  if (first === 0x2001 && second === 0x0db8) return true;
+  if ((first & 0xff00) === 0xff00) return true;
+  return false;
+}
+
+export function isBlockedAddress(address: string): boolean {
+  const family = net.isIP(address);
+  if (family === 4) return isPrivateIpv4(address);
+  if (family === 6) return isPrivateIpv6(address);
+  return true;
+}
+
+export async function resolveAndValidateHelmRepoUrl(
+  repoUrl: string,
+  options: ResolveOptions = {},
+): Promise<ResolvedHelmRepoUrl> {
+  const url = normalizeHelmIndexUrl(repoUrl);
+  const hostname = hostnameForValidation(url);
+  const literalFamily = net.isIP(hostname);
+  const addresses = literalFamily
+    ? [{ address: hostname, family: literalFamily as 4 | 6 }]
+    : await (options.lookup ?? ((hostnameToResolve) => dns.lookup(hostnameToResolve, { all: true, verbatim: true }) as Promise<ResolvedAddress[]>))(hostname);
+
+  if (addresses.length === 0) {
+    throw new Error('Repository hostname did not resolve');
+  }
+  if (addresses.some((addr) => isBlockedAddress(addr.address))) {
+    throw new Error('Internal/private addresses are not allowed');
+  }
+
+  return { url, addresses };
+}
+
+function readBody(res: IncomingMessage, maxBytes: number): Promise<string> {
+  return new Promise((resolve, reject) => {
+    let total = 0;
+    const chunks: Buffer[] = [];
+
+    res.on('data', (chunk: Buffer) => {
+      total += chunk.length;
+      if (total > maxBytes) {
+        res.destroy(new Error('Chart index response is too large'));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    res.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+    res.on('error', reject);
+  });
+}
+
+async function fetchOnce(resolved: ResolvedHelmRepoUrl, options: Required<Pick<FetchOptions, 'timeoutMs' | 'maxBytes'>>): Promise<IncomingMessage> {
+  const target = resolved.url;
+  const firstAddress = resolved.addresses[0];
+  const client = target.protocol === 'https:' ? https : http;
+
+  return new Promise((resolve, reject) => {
+    const req = client.request(target, {
+      method: 'GET',
+      timeout: options.timeoutMs,
+      lookup: (_hostname, _opts, callback) => {
+        callback(null, firstAddress.address, firstAddress.family);
+      },
+      headers: {
+        Accept: 'application/x-yaml,text/yaml,text/plain,*/*',
+      },
+    }, resolve);
+
+    req.on('timeout', () => req.destroy(new Error('Timed out fetching chart index')));
+    req.on('error', reject);
+    req.end();
+  });
+}
+
+export async function fetchHelmRepoIndex(repoUrl: string, options: FetchOptions = {}): Promise<string> {
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const maxBytes = options.maxBytes ?? DEFAULT_MAX_BYTES;
+  const maxRedirects = options.maxRedirects ?? DEFAULT_MAX_REDIRECTS;
+  let currentUrl = repoUrl;
+
+  for (let redirects = 0; redirects <= maxRedirects; redirects += 1) {
+    const resolved = await resolveAndValidateHelmRepoUrl(currentUrl, options);
+    const response = await (options.request ?? fetchOnce)(resolved, { timeoutMs, maxBytes });
+    const statusCode = response.statusCode ?? 0;
+
+    if (statusCode >= 300 && statusCode < 400 && response.headers.location) {
+      currentUrl = new URL(response.headers.location, resolved.url).toString();
+      response.resume();
+      continue;
+    }
+
+    if (statusCode < 200 || statusCode >= 300) {
+      response.resume();
+      throw new Error(`${statusCode}`);
+    }
+
+    return readBody(response, maxBytes);
+  }
+
+  throw new Error('Too many redirects fetching chart index');
+}
diff --git a/src/kubeview/config/runtime.ts b/src/kubeview/config/runtime.ts
new file mode 100644
index 00000000..6ab0b293
--- /dev/null
+++ b/src/kubeview/config/runtime.ts
@@ -0,0 +1,21 @@
+interface HelmInstallRuntimeConfig {
+  runnerImage?: string;
+  serviceAccountName?: string;
+}
+
+interface OpenShiftPulseRuntimeConfig {
+  helmInstall?: HelmInstallRuntimeConfig;
+}
+
+declare global {
+  interface Window {
+    __OPENSHIFTPULSE_CONFIG__?: OpenShiftPulseRuntimeConfig;
+  }
+}
+
+export function getHelmInstallRuntimeConfig(): Required<HelmInstallRuntimeConfig> {
+  return {
+    runnerImage: window.__OPENSHIFTPULSE_CONFIG__?.helmInstall?.runnerImage ?? '',
+    serviceAccountName: window.__OPENSHIFTPULSE_CONFIG__?.helmInstall?.serviceAccountName ?? 'openshiftpulse-helm-installer',
+  };
+}
diff --git a/src/kubeview/views/create/HelmTab.tsx b/src/kubeview/views/create/HelmTab.tsx
index 59b09812..2ecdfc64 100644
--- a/src/kubeview/views/create/HelmTab.tsx
+++ b/src/kubeview/views/create/HelmTab.tsx
@@ -1,9 +1,8 @@
 import { useState } from 'react';
 import { useQuery, useQueryClient } from '@tanstack/react-query';
 import { cn } from '@/lib/utils';
-import { Search, Ship, Loader2, Plus, Trash2, ExternalLink, RefreshCw } from 'lucide-react';
+import { Search, Ship, Loader2, Plus, Trash2, RefreshCw } from 'lucide-react';
 import { useUIStore } from '../../store/uiStore';
-import { useNavigateTab } from '../../hooks/useNavigateTab';
 import { K8S_BASE as BASE } from '../../engine/gvr';
 import DeployProgress from '../../components/DeployProgress';
 import { ConfirmDialog } from '../../components/feedback/ConfirmDialog';
@@ -11,6 +10,8 @@ import { FormField } from './FormField';
 import type { Secret } from '../../engine/types';
 import { Card } from '../../components/primitives/Card';
 import { showErrorToast } from '../../engine/errorToast';
+import { getHelmInstallRuntimeConfig } from '../../config/runtime';
+import { buildHelmInstallResources } from './helmInstall';
 
 /** HelmChartRepository CRD — not yet in engine/types, defined locally. */
 interface HelmChartRepository {
@@ -46,6 +47,17 @@ interface HelmRepo {
   chartCount: number;
 }
 
+async function applyResource(path: string, resource: unknown): Promise<void> {
+  const res = await fetch(`${BASE}${path}`, {
+    method: 'PATCH',
+    headers: { 'Content-Type': 'application/apply-patch+yaml' },
+    body: JSON.stringify(resource),
+  });
+  if (res.ok) return;
+  const err = await res.json().catch(() => ({ message: res.statusText }));
+  throw new Error(err.message || res.statusText);
+}
+
 function parseHelmIndex(text: string, repoName: string, repoUrl: string): HelmChart[] {
   const charts: HelmChart[] = [];
   const seen = new Set<string>();
@@ -56,8 +68,6 @@ function parseHelmIndex(text: string, repoName: string, repoUrl: string): HelmCh
   const lines = text.split('\n');
   let currentChart: Partial<HelmChart> = {};
   let inEntries = false;
-  let indent = 0;
-
   for (const line of lines) {
     if (line.match(/^entries:/)) {
       inEntries = true;
@@ -125,7 +135,6 @@ function parseHelmIndex(text: string, repoName: string, repoUrl: string): HelmCh
 
 export function HelmTab() {
   const addToast = useUIStore((s) => s.addToast);
-  const go = useNavigateTab();
   const queryClient = useQueryClient();
   const selectedNamespace = useUIStore((s) => s.selectedNamespace);
   const [search, setSearch] = useState('');
@@ -252,34 +261,33 @@ export function HelmTab() {
     }
     setInstalling(selectedChart.name);
     try {
-      const job = {
-        apiVersion: 'batch/v1',
-        kind: 'Job',
-        metadata: {
-          name: `helm-install-${sanitizedName}`,
-          namespace: ns,
-          labels: { app: 'helm-install', chart: selectedChart.name },
-        },
-        spec: {
-          backoffLimit: 0,
-          template: {
-            spec: {
-              restartPolicy: 'Never',
-              serviceAccountName: 'default',
-              containers: [{
-                name: 'helm',
-                image: 'alpine/helm:latest',
-                command: ['helm', 'install', sanitizedName, selectedChart.name, '--repo', repoUrl, '--namespace', ns, '--wait', '--timeout', '5m'],
-              }],
-            },
-          },
-        },
-      };
+      const runtimeConfig = getHelmInstallRuntimeConfig();
+      const resources = buildHelmInstallResources({
+        namespace: ns,
+        releaseName: sanitizedName,
+        chartName: selectedChart.name,
+        repoUrl,
+        runnerImage: runtimeConfig.runnerImage,
+        serviceAccountName: runtimeConfig.serviceAccountName,
+      });
+
+      await applyResource(
+        `/api/v1/namespaces/${ns}/serviceaccounts/${resources.serviceAccount.metadata.name}?fieldManager=openshiftpulse&force=true`,
+        resources.serviceAccount,
+      );
+      await applyResource(
+        `/apis/rbac.authorization.k8s.io/v1/namespaces/${ns}/roles/${resources.role.metadata.name}?fieldManager=openshiftpulse&force=true`,
+        resources.role,
+      );
+      await applyResource(
+        `/apis/rbac.authorization.k8s.io/v1/namespaces/${ns}/rolebindings/${resources.roleBinding.metadata.name}?fieldManager=openshiftpulse&force=true`,
+        resources.roleBinding,
+      );
 
       const res = await fetch(`${BASE}/apis/batch/v1/namespaces/${ns}/jobs`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify(job),
+        body: JSON.stringify(resources.job),
       });
 
       if (!res.ok) {
diff --git a/src/kubeview/views/create/__tests__/helmInstall.test.ts b/src/kubeview/views/create/__tests__/helmInstall.test.ts
new file mode 100644
index 00000000..3b4a9151
--- /dev/null
+++ b/src/kubeview/views/create/__tests__/helmInstall.test.ts
@@ -0,0 +1,52 @@
+import { describe, expect, it } from 'vitest';
+import { buildHelmInstallResources } from '../helmInstall';
+
+describe('buildHelmInstallResources', () => {
+  it('uses a digest-pinned runner image and dedicated service account', () => {
+    const runnerImage = `quay.io/example/pulse-helm-runner@sha256:${'a'.repeat(64)}`;
+    const resources = buildHelmInstallResources({
+      namespace: 'demo',
+      releaseName: 'my-app',
+      chartName: 'nginx',
+      repoUrl: 'https://charts.example.com',
+      runnerImage,
+      serviceAccountName: 'openshiftpulse-helm-installer',
+    });
+
+    expect(resources.serviceAccount.metadata.name).toBe('openshiftpulse-helm-installer');
+    expect(resources.role.kind).toBe('Role');
+    expect(resources.role.metadata.namespace).toBe('demo');
+    expect(resources.roleBinding.subjects).toEqual([
+      { kind: 'ServiceAccount', name: 'openshiftpulse-helm-installer', namespace: 'demo' },
+    ]);
+    expect(resources.job.spec.template.spec.serviceAccountName).toBe('openshiftpulse-helm-installer');
+    expect(resources.job.spec.template.spec.containers[0].image).toBe(runnerImage);
+    expect(resources.job.spec.template.spec.containers[0].securityContext).toMatchObject({
+      allowPrivilegeEscalation: false,
+      readOnlyRootFilesystem: true,
+      runAsNonRoot: true,
+    });
+  });
+
+  it('rejects mutable runner image tags', () => {
+    expect(() => buildHelmInstallResources({
+      namespace: 'demo',
+      releaseName: 'my-app',
+      chartName: 'nginx',
+      repoUrl: 'https://charts.example.com',
+      runnerImage: 'alpine/helm:latest',
+      serviceAccountName: 'openshiftpulse-helm-installer',
+    })).toThrow(/digest-pinned/);
+  });
+
+  it('rejects malformed digest references', () => {
+    expect(() => buildHelmInstallResources({
+      namespace: 'demo',
+      releaseName: 'my-app',
+      chartName: 'nginx',
+      repoUrl: 'https://charts.example.com',
+      runnerImage: 'quay.io/example/pulse-helm-runner@sha256:abcdef',
+      serviceAccountName: 'openshiftpulse-helm-installer',
+    })).toThrow(/digest-pinned/);
+  });
+});
diff --git a/src/kubeview/views/create/helmInstall.ts b/src/kubeview/views/create/helmInstall.ts
new file mode 100644
index 00000000..1c9ee57e
--- /dev/null
+++ b/src/kubeview/views/create/helmInstall.ts
@@ -0,0 +1,137 @@
+interface BuildHelmInstallResourcesInput {
+  namespace: string;
+  releaseName: string;
+  chartName: string;
+  repoUrl: string;
+  runnerImage: string;
+  serviceAccountName: string;
+}
+
+export const HELM_RUNNER_IMAGE_DIGEST_PATTERN = /^[^\s@]+@sha256:[a-f0-9]{64}$/i;
+
+function assertDigestPinnedImage(image: string): void {
+  if (!HELM_RUNNER_IMAGE_DIGEST_PATTERN.test(image)) {
+    throw new Error('Helm runner image must be digest-pinned');
+  }
+}
+
+export function buildHelmInstallResources(input: BuildHelmInstallResourcesInput) {
+  assertDigestPinnedImage(input.runnerImage);
+
+  const labels = { app: 'helm-install', chart: input.chartName };
+  const roleName = input.serviceAccountName;
+
+  return {
+    serviceAccount: {
+      apiVersion: 'v1',
+      kind: 'ServiceAccount',
+      metadata: {
+        name: input.serviceAccountName,
+        namespace: input.namespace,
+        labels,
+      },
+    },
+    role: {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'Role',
+      metadata: {
+        name: roleName,
+        namespace: input.namespace,
+        labels,
+      },
+      rules: [
+        {
+          apiGroups: [''],
+          resources: ['configmaps', 'endpoints', 'persistentvolumeclaims', 'pods', 'secrets', 'serviceaccounts', 'services'],
+          verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete'],
+        },
+        {
+          apiGroups: ['apps'],
+          resources: ['daemonsets', 'deployments', 'replicasets', 'statefulsets'],
+          verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete'],
+        },
+        {
+          apiGroups: ['batch'],
+          resources: ['cronjobs', 'jobs'],
+          verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete'],
+        },
+        {
+          apiGroups: ['networking.k8s.io'],
+          resources: ['ingresses', 'networkpolicies'],
+          verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete'],
+        },
+        {
+          apiGroups: ['route.openshift.io'],
+          resources: ['routes'],
+          verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete'],
+        },
+      ],
+    },
+    roleBinding: {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'RoleBinding',
+      metadata: {
+        name: roleName,
+        namespace: input.namespace,
+        labels,
+      },
+      roleRef: {
+        apiGroup: 'rbac.authorization.k8s.io',
+        kind: 'Role',
+        name: roleName,
+      },
+      subjects: [
+        { kind: 'ServiceAccount', name: input.serviceAccountName, namespace: input.namespace },
+      ],
+    },
+    job: {
+      apiVersion: 'batch/v1',
+      kind: 'Job',
+      metadata: {
+        name: `helm-install-${input.releaseName}`,
+        namespace: input.namespace,
+        labels,
+      },
+      spec: {
+        backoffLimit: 0,
+        template: {
+          spec: {
+            restartPolicy: 'Never',
+            serviceAccountName: input.serviceAccountName,
+            automountServiceAccountToken: true,
+            securityContext: {
+              runAsNonRoot: true,
+              seccompProfile: { type: 'RuntimeDefault' },
+            },
+            containers: [{
+              name: 'helm',
+              image: input.runnerImage,
+              imagePullPolicy: 'IfNotPresent',
+              command: ['helm'],
+              args: ['install', input.releaseName, input.chartName, '--repo', input.repoUrl, '--namespace', input.namespace, '--wait', '--timeout', '5m'],
+              env: [
+                { name: 'HELM_CACHE_HOME', value: '/tmp/helm/cache' },
+                { name: 'HELM_CONFIG_HOME', value: '/tmp/helm/config' },
+                { name: 'HELM_DATA_HOME', value: '/tmp/helm/data' },
+              ],
+              volumeMounts: [
+                { name: 'helm-home', mountPath: '/tmp/helm' },
+                { name: 'tmp', mountPath: '/tmp/work' },
+              ],
+              securityContext: {
+                allowPrivilegeEscalation: false,
+                readOnlyRootFilesystem: true,
+                runAsNonRoot: true,
+                capabilities: { drop: ['ALL'] },
+              },
+            }],
+            volumes: [
+              { name: 'helm-home', emptyDir: {} },
+              { name: 'tmp', emptyDir: {} },
+            ],
+          },
+        },
+      },
+    },
+  };
+}