Registry Profile

Hekate Lite

Hekate Lite returns allow, warn, or block before an agent calls, trusts, or pays a risky API, MCP tool, permission grant, or paid-agent workflow.

Status

private beta

Category

Agent-callable preflight API

Gate

MCP preflight, x402 preflight, permissions diff, tool-chain risk, receipt verification, Sage/Ergo checks

Receipt

agentsec.security_preflight.v1; Ed25519 signer ready when HEKATE_RECEIPT_* env is configured

Mainnet

not certified

Checks

What Hekate inspects.

MCP

Inline MCP/tool manifest scanner with dangerous verb, signer, secret, external-output, and tool-chain checks.

x402

Price, network, recipient, HTTPS hygiene, sensitive input, and receipt-support checks.

Permissions

Requested scopes compared to declared task with minimal-scope recommendations.

Receipts

AgentSec-compatible receipt verification and trust bundle discovery.

Evidence

Public artifacts and links.

Discovery

/.well-known/hekate.json

OpenAPI

/openapi.json

Examples

/examples

Readiness

/security/readiness

Known risks

What is still outside the trust boundary.

Signer env

Live web receipts remain none.private_beta.v1 until HEKATE_RECEIPT_ED25519_PRIVATE_KEY_PEM is configured.

Remote MCP fetch

Public web runtime does not fetch arbitrary remote manifests; submit manifests inline.

Mainnet

Mainnet claims are blocked until real custody, proof, and external review exist.

Claim boundary

Private-beta preflight signal. Not a guarantee of agent safety, legal/compliance review, mainnet certification, or enterprise production certification.

Review production readiness gates