Docs

Hekate Gate is agent-native by default: API docs, discovery files, security policy, registry status, and LLM-readable context are all public.

Integration surfaces

Public preflight demo
Server-side demo endpoint for MCP/tool manifest checks. Returns allow, warn, or block with findings, safe-call policy, and demo receipt.
Copy-paste examples
Public JSON fixtures and curl commands for every Hekate Lite private-beta endpoint.
REST API
OpenAPI 3.1 machine-readable REST schemas for Hekate Gate and AgentSec-compatible endpoints.
TypeScript SDK (@mc/sdk)
MissionControlClient with one-call runMission(), full typing for every endpoint, plus verifyWebhookSignature for receivers.
MCP server (@mc/mcp)
JSON-RPC 2.0 stdio server exposing 8 tools to any MCP-compatible client (Claude Desktop, Cursor, autonomous agents).

Product loop APIs

POST /api/beta
Private beta lead capture. Validates email, company, agent stack, and use case; logs request; optionally sends webhook and Resend email when env vars are configured.
POST /api/demo/preflight
Server-side demo scanner for MCP/tool manifest JSON. Rate-limited and safe for public demo traffic.
POST /api/events
Lightweight analytics event capture for form starts, submissions, demo checks, and CTA clicks. Optional webhook forwarding.

Hekate Lite private beta API

GET /v1/health
Public product status, mode, endpoint list, and claim boundary for the web private beta.
POST /v1/mcp/preflight
Agent-callable MCP/tool-surface scanner. Returns allow, warn, or block with findings, safe-call policy, policy patch, and receipt.
POST /v1/x402/preflight
Checks price, network, recipient allowlist, HTTPS hygiene, sensitive inputs, and receipt support before an agent pays.
POST /v1/permissions/diff
Compares requested OAuth/API scopes against the declared task and suggests minimal scopes.
POST /v1/tool-chain/risk
Detects dangerous chains such as untrusted fetch to shell execution or customer data to public channels.
POST /v1/receipts/verify
Verifies AgentSec-compatible Hekate receipts. Public web receipts are private-beta unless an Ed25519 signer is configured.
GET /v1/receipts/signing-status
Public, secret-free receipt signing status for Hekate web receipts: Ed25519 ready, HMAC beta, or private-beta unsigned.
GET /.well-known/agentsec-jwks.json
JWKS-shaped verifier key surface for portable AgentSec-compatible receipt verification.
POST /v1/ergo/sage/preflight
Checks Sage quote price, rail, reserve_box_id, task_hash, deadline, receipt support, and mainnet boundary.
POST /v1/ergo/note/check
Checks Ergo Note rail, reserve binding, task_hash, value >= price, expiry, spent/redeemed status, and settlement reference.
POST /v1/ergo/sage/receipts/verify
Checks Agreement, Verification Receipt, Settlement Receipt, chain anchor, task_hash consistency, and mainnet claim.

Optional environment variables

HEKATE_LEADS_WEBHOOK_URL
Optional webhook destination for private beta leads. HEKATE_LEADS_WEBHOOK_SECRET signs payloads with x-hekate-signature.
RESEND_API_KEY
Optional email notification provider. Combine with HEKATE_LEADS_FROM and HEKATE_LEADS_TO.
HEKATE_EVENTS_WEBHOOK_URL
Optional webhook destination for lightweight analytics events. HEKATE_EVENTS_WEBHOOK_SECRET signs payloads.
Receipt signer setup
Operator runbook for moving public web receipts from none.private_beta.v1 to ed25519.signer.v1.
HEKATE_RECEIPT_ED25519_PRIVATE_KEY_PEM
Optional Ed25519 private key for portable web receipt signatures. Without it, public web receipts stay explicitly private-beta.
HEKATE_RECEIPT_KEY_ID
Optional public key id exposed by /v1/agentsec/trust after Ed25519 signing is enabled.
HEKATE_RECEIPT_SIGNER_ID
Optional signer identity embedded in newly issued Hekate receipts.
HEKATE_RECEIPT_HMAC_SECRET
Optional beta HMAC signer for server-verified receipts when Ed25519 custody is not connected yet.

Discovery files

/.well-known/hekate.json
Canonical Hekate Gate discovery file for agents, catalogs, and agent-native clients.
/.well-known/agentsec.json
AgentSec-compatible legacy technical discovery file for existing integrations.
/llms.txt
LLM-readable index (Jeremy Howard spec). Use for RAG ingestion and LLM citation engines.
/llms-full.txt
Full content for LLM consumption. ~11 KB. Already has canonical claims pre-formatted for citation.
/AGENTS.md
Autonomous-agent integration guide. REST + SDK + MCP examples; constraints; webhook verification; cost-aware planning.
/.well-known/agentic-market.json
Custom x402-style discovery advertisement for Mission Control's own surface.
/.well-known/ai-plugin.json
Legacy ChatGPT plugin manifest. Useful for older agent stacks.
/.well-known/security.txt
RFC 9116 security disclosure policy.

Background reading

Pricing
Private beta packaging for Hekate Lite, Gate Preflight, and Enterprise.
Security
Security posture, disclosure contact, claim boundaries, and production readiness gates.
Production readiness
Mainnet and enterprise readiness gates for receipt signing, custody, facilitator proof, x402 settlement proof, and external review.
Production readiness runbook
Plain-text readiness command, operator env list, conformance sequence, and claim boundaries.
Security review handoff
External reviewer packet covering scan logic, custody, facilitator verification, receipts, audit evidence, and claim boundaries.
Status
Private beta readiness by component, including discovery, receipts, registry, and mainnet certification.
Receipt signer setup runbook
Plain-text operator steps for Ed25519 receipt signing, Vercel env vars, trust endpoint checks, and conformance tests.
Private beta
Request private beta access with one real agent workflow.
Registry
Public signed registry status history, claim boundary, hashes, and verifier metadata.
Registry profiles JSON
Machine-readable Hekate Registry profiles for Hekate Lite, Sage, Orrery, AlphaX, receipts, and verifiers.
Registry status history
Public timeline of registry claim boundaries, readiness gates, and evidence snapshots.
Strategic roadmap
Helicopter-view roadmap for turning Hekate into the agent economy trust layer.
Ergo and Sage integration
How Hekate preflights Sage quotes, Ergo Notes, and Accord receipt bundles for paid-agent flows.
Sage registry profile
Public status, expected receipt bundle, sample request, and mainnet claim boundary for Sage.
Sage verified flow
Case study for quote preflight, Ergo Note checks, Accord receipt verification, and Hekate receipt evidence.
Ergo ecosystem pitch
Public positioning and pilot asks for Hekate as the trust gate in the Ergo Agent Economy.
Ergo ecosystem pitch markdown
Plain-text shareable pitch for Ergo/Sage/community outreach.
About Mission Control
The thesis, what we ship, what we believe.
Glossary
30 plain-English definitions of x402, governance, audit, verification terms.
Use cases
20 ready-to-run mission templates with sample request payloads.
Compare
Mission Control vs Bazaar, x402 vs Stripe, Policy Engine vs LLM guardrails.
Blog
Long-form posts on architecture, x402, and operations.