# Hekate Gate > Hekate Gate is security preflight for AI agents before they call, trust or pay an API, MCP tool or on-chain workflow. Hekate Lite is the x402/API/MCP preflight endpoint for agents. Hekate Gate one-liner: Before your agent crosses the threshold. AgentSec remains the technical namespace for schemas, routes, scopes, and receipt compatibility. Mission Control remains the underlying governance and orchestration architecture. Mission Control is built around five non-negotiable architectural rules: 1. **Agent proposes, policy decides, signer signs, verifier validates, ledger records.** No exceptions. 2. **LLMs never sign payments.** A pattern audit (`tools/audit.ts`) refuses any code that imports an LLM client into the payment or wallet modules. 3. **Idempotent x402 payments.** Every paid call carries a payment-identifier; duplicate retries return the cached settlement. 4. **Hash-chained audit.** Every state transition, policy decision, payment, and verification is a SHA-256-chained `AuditEvent`. `verifyChain(missionId)` re-derives every hash and reports the first broken index. 5. **Route explanations.** Every routing decision logs a human-readable rationale (score reasons + alternatives considered). ## Product - [Landing](https://hekategate.com/): Hekate Gate hero, Lite, platform, checks, trust, and roadmap. - [About](https://hekategate.com/about): thesis, what we ship, what we believe. - [Team](https://hekategate.com/team): the people behind Mission Control. - [Docs](https://hekategate.com/docs): integration surfaces + discovery files. - [Examples](https://hekategate.com/examples): copy-paste JSON fixtures and curl commands for Hekate Lite endpoints. - [Strategic roadmap](https://hekategate.com/docs/HEKATE_STRATEGIC_ROADMAP.md): helicopter-view product and execution plan for Hekate Gate. - [Ergo and Sage integration](https://hekategate.com/integrations/ergo-sage): Hekate preflight for Sage quotes, Ergo Notes, and Accord receipt bundles. - [Sage verified flow](https://hekategate.com/case-studies/sage-verified-flow): case study for quote preflight, Ergo Note checks, Accord receipt verification, and Hekate receipt evidence. - [Ergo ecosystem pitch](https://hekategate.com/ecosystem/ergo-agent-economy): public pitch for Hekate as the trust gate in the Ergo Agent Economy. - [Pricing](https://hekategate.com/pricing): Private beta packaging for Hekate Lite, Gate Preflight, and Enterprise. - [Blog](https://hekategate.com/blog): AI agent security, MCP review, x402 payment safety, signed receipts, and production readiness. - [Demo](https://hekategate.com/demo): public server-side preflight demo for MCP/tool manifest risk checks. - [Contact](https://hekategate.com/contact): private beta request form and security inbox routing. - [Sample receipt](https://hekategate.com/receipts/sample): field anatomy for Hekate signed security receipts. - [Receipt signer setup](https://hekategate.com/receipts/signer-setup): operator runbook for Ed25519 `ed25519.signer.v1` web receipts. - [Receipt signing status](https://hekategate.com/v1/receipts/signing-status): public machine-readable status for Hekate web receipt signatures. - [Production readiness](https://hekategate.com/security/readiness): gates for receipt signer, custody, facilitator verifier, x402 proof, and external review. - [Registry profiles JSON](https://hekategate.com/registry/profiles.json): machine-readable Hekate Registry profiles. - [Registry status history](https://hekategate.com/registry/status-history): public status timeline for registry evidence and claim boundaries. - [Sage registry profile](https://hekategate.com/registry/sage): public Sage status, endpoints, expected receipt bundle, and mainnet claim boundary. - [Sample Sage receipt bundle](https://hekategate.com/examples/sage-verified-flow/receipt-bundle.json): public sample Agreement, Verification Receipt, Settlement Receipt, and Hekate receipt bundle. Product-loop API routes: - `POST /api/beta`: private beta lead capture with optional webhook/Resend delivery. - `POST /api/demo/preflight`: server-side demo scanner for MCP/tool manifests. - `POST /api/events`: lightweight funnel event capture with optional webhook delivery. Public Hekate Lite private-beta endpoints: - `GET /v1/health`: product status and claim boundary. - `POST /v1/mcp/preflight`: MCP/tool-surface allow, warn, or block check. - `POST /v1/x402/preflight`: x402 endpoint, price, network, recipient, and receipt-support check. - `POST /v1/permissions/diff`: requested scope minimization. - `POST /v1/tool-chain/risk`: dangerous multi-tool path detection. - `POST /v1/receipts/verify`: AgentSec-compatible receipt verification. - `POST /v1/ergo/sage/preflight`: Sage quote price, rail, reserve, task hash, receipt support, and mainnet boundary check. - `POST /v1/ergo/note/check`: Ergo Note rail, reserve binding, value, expiry, spent/redeemed status, and settlement reference check. - `POST /v1/ergo/sage/receipts/verify`: Sage/Accord Agreement, Verification Receipt, Settlement Receipt, chain anchor, and task-hash consistency check. ## Pillar articles - [What Is AI Agent Security Preflight?](https://hekategate.com/blog/ai-agent-security-preflight): why agents need allow, warn, block checks before tools, data, money, and production actions. - [MCP Security Risks](https://hekategate.com/blog/mcp-security-risks): how to review MCP tools, scopes, dangerous verbs, tool chains, and prompt-injection paths. - [x402 Security for AI Agents](https://hekategate.com/blog/x402-security-for-ai-agents): policy checks before an autonomous agent pays an API. - [Signed Security Receipts for AI Agents](https://hekategate.com/blog/signed-security-receipts-for-ai-agents): portable evidence for preflight decisions, policy hashes, evidence hashes, and verifier identity. - [Hekate Gate for the Ergo Agent Economy](https://hekategate.com/blog/hekate-gate-ergo-agent-economy): how Sage, Ergo Notes, Accord receipts, and Hekate preflight connect into a paid-agent trust layer. ## Comparison pages - [Hekate Gate vs LLM guardrails](https://hekategate.com/compare/hekate-gate-vs-llm-guardrails): action approval vs model behavior guardrails. - [Hekate Gate vs MCP gateway](https://hekategate.com/compare/hekate-gate-vs-mcp-gateway): security preflight vs tool routing and mediation. - [Hekate Gate vs direct x402](https://hekategate.com/compare/hekate-gate-vs-direct-x402): payment policy and evidence vs direct payment wire flow. ## Use cases (20 ready-to-run)