Registry Profile
Hekate Lite
Hekate Lite returns allow, warn, or block before an agent calls, trusts, or pays a risky API, MCP tool, permission grant, or paid-agent workflow.
Agent-callable preflight API
MCP preflight, x402 preflight, permissions diff, tool-chain risk, receipt verification, Sage/Ergo checks
agentsec.security_preflight.v1; Ed25519 signer ready when HEKATE_RECEIPT_* env is configured
not certified
Checks
What Hekate inspects.
Inline MCP/tool manifest scanner with dangerous verb, signer, secret, external-output, and tool-chain checks.
Price, network, recipient, HTTPS hygiene, sensitive input, and receipt-support checks.
Requested scopes compared to declared task with minimal-scope recommendations.
AgentSec-compatible receipt verification and trust bundle discovery.
Evidence
Public artifacts and links.
/.well-known/hekate.json
/openapi.json
/examples
/security/readiness
Known risks
What is still outside the trust boundary.
Live web receipts remain none.private_beta.v1 until HEKATE_RECEIPT_ED25519_PRIVATE_KEY_PEM is configured.
Public web runtime does not fetch arbitrary remote manifests; submit manifests inline.
Mainnet claims are blocked until real custody, proof, and external review exist.
Private-beta preflight signal. Not a guarantee of agent safety, legal/compliance review, mainnet certification, or enterprise production certification.
Review production readiness gates