Hekate Keys
Spend limits, permission scopes, allowed recipients, network allowlists, and signer boundaries.
Security preflight for AI agents
Security preflight for AI agents before they call, trust or pay an API, MCP tool or on-chain workflow.
Before your agent crosses the threshold.
Hekate scans agent tools, MCP servers, paid APIs, payment permissions and receipt bundles, then returns allow, warn or block with a signed security receipt.
agent finds API, MCP tool, or paid workflow
Hekate reads tools, scopes, price, proof, and policy
allow, warn, block, or require human approval
signed receipt and audit event are sealed
Brand architecture
Hekate is not a single scanner. It is a security approval system with wallet policy, inspection, receipts, and public trust status working as one product.
Spend limits, permission scopes, allowed recipients, network allowlists, and signer boundaries.
MCP tools, prompt-injection paths, dangerous verbs, repo risks, and multi-tool exfiltration routes.
Signed AgentSec and Accord-compatible receipts with policy hashes, evidence hashes, and verifier identity.
Public status for Sage, Orrery, AlphaX, MCP tools, receipt support, and mainnet-readiness claims.
What Hekate decides
Hekate turns ambiguous agent behavior into clear security decisions, policy patches, and receipts that humans and machines can verify.
Fast preflight for MCP manifests, x402 endpoints, permission requests, tool chains, and receipt bundles.
per-call APIDeployment review for tools, scopes, prompt-injection paths, signer isolation, spend policy, and audit evidence.
enterprise gateChecks quotes, Notes, settlement proofs, Accord receipts, testnet claims, and mainnet readiness boundaries.
payment proofAgents may discover the world. They do not get to cross trust boundaries alone.
Production surface
The product is designed around security evidence: what was requested, which policy applied, why the decision happened, who approved it, and how the receipt verifies later.
Decision: block
Scanner modules
MCP tools can mutate systems. x402 calls can move money. Hekate sits before those actions and asks the security question that agents cannot answer alone.
View registry statusRoadmap
The near-term build stays focused: sellable Lite checks, deterministic policy, signed receipts, developer workflows, then deeper Enterprise and Ergo/Sage verification.
Final position