hekategate.comprivate betamainnet: not certified

Security preflight for AI agents

Hekate Gate

Security preflight for AI agents before they call, trust or pay an API, MCP tool or on-chain workflow.

Before your agent crosses the threshold.

Hekate scans agent tools, MCP servers, paid APIs, payment permissions and receipt bundles, then returns allow, warn or block with a signed security receipt.

Agent proposesPolicy decidesSigner signsVerifier validatesLedger records
01Discover

agent finds API, MCP tool, or paid workflow

02Inspect

Hekate reads tools, scopes, price, proof, and policy

03Decide

allow, warn, block, or require human approval

04Record

signed receipt and audit event are sealed

allow / warn / blockdeterministic security decisions
signed receiptsevidence hash, policy hash, issuer identity
testnet-firstmainnet claims blocked until reviewed
x402 + MCPbuilt for machine-payable tools

Brand architecture

One gate, four operating instruments.

Hekate is not a single scanner. It is a security approval system with wallet policy, inspection, receipts, and public trust status working as one product.

Policy wallet

Hekate Keys

Spend limits, permission scopes, allowed recipients, network allowlists, and signer boundaries.

Scanner

Hekate Torch

MCP tools, prompt-injection paths, dangerous verbs, repo risks, and multi-tool exfiltration routes.

Evidence layer

Hekate Receipts

Signed AgentSec and Accord-compatible receipts with policy hashes, evidence hashes, and verifier identity.

Trust surface

Hekate Registry

Public status for Sage, Orrery, AlphaX, MCP tools, receipt support, and mainnet-readiness claims.

What Hekate decides

One control layer for agent risk.

Hekate turns ambiguous agent behavior into clear security decisions, policy patches, and receipts that humans and machines can verify.

Hekate Lite

Should my agent call this tool right now?

Fast preflight for MCP manifests, x402 endpoints, permission requests, tool chains, and receipt bundles.

per-call API
Hekate Gate

Should this agent be allowed into production?

Deployment review for tools, scopes, prompt-injection paths, signer isolation, spend policy, and audit evidence.

enterprise gate
Hekate for Ergo / Accord

Was this paid agent flow valid and receipt-complete?

Checks quotes, Notes, settlement proofs, Accord receipts, testnet claims, and mainnet readiness boundaries.

payment proof
Hekate principle

Agents may discover the world. They do not get to cross trust boundaries alone.

Production surface

Every risky action gets a record.

The product is designed around security evidence: what was requested, which policy applied, why the decision happened, who approved it, and how the receipt verifies later.

Hekate Gate / scans / scan_123scanner@0.1.0
Risk score87

Decision: block

Customer data can be posted externallypostgres.query -> slack.post_message
block
Tool requests scopes beyond task needrepo:write + secrets:read
approval
Paid endpoint has no independent verifierx402 challenge metadata
warn
01MCP manifest scan
02Permission diff
03Dangerous tool-chain graph
04x402 payment preflight
05Signer isolation check
06Receipt verification
07Policy patch suggestion
08Hash-chained audit event

Scanner modules

Built for the agent economy that is actually arriving.

MCP tools can mutate systems. x402 calls can move money. Hekate sits before those actions and asks the security question that agents cannot answer alone.

View registry status

Operating architecture

LLMs propose. Control planes decide.

Policy Engine

Deterministic allow, warn, block, and approval decisions from the same input and policy.

Receipt Service

Signed security receipts with evidence hashes, scanner version, policy hash, and issuer identity.

Verifier Layer

Checks payment proofs, Accord bundles, Ergo Notes, and public registry claims before trust is granted.

Audit Ledger

Append-only event chain for findings, approvals, settlements, and production readiness gates.

LLM cannot approveLLM cannot signLLM cannot override policyLLM cannot suppress findings

Roadmap

From Lite API to enterprise security gate.

The near-term build stays focused: sellable Lite checks, deterministic policy, signed receipts, developer workflows, then deeper Enterprise and Ergo/Sage verification.

01Lite API
02Policy + receipts
03CLI + GitHub Action
04Dashboard
05Ergo/Sage integration
06MCP scanner v1
07Enterprise pilots
08Registry + trust center

Final position

Before your agent crosses the threshold, Hekate Gate checks the risk.