Registry Profile

Hekate Receipts

Hekate Receipts turn a preflight decision into portable evidence: subject hash, policy hash, evidence hash, scanner version, issuer, and signature.

Status

private beta

Category

Portable security evidence

Gate

Receipt schema, evidence hash, signature scheme, trust bundle, and verification endpoint

Receipt

agentsec.security_preflight.v1; ed25519.signer.v1 after signer env is configured

Mainnet

not certified

Checks

What Hekate inspects.

Schema

agentsec.security_preflight.v1 compatibility.

Signature

none.private_beta.v1 until Ed25519 signer env is configured; ed25519.signer.v1 after.

Verification

/v1/receipts/verify checks signature, issuer, evidence hash, and schema.

Evidence

Public artifacts and links.

Sample receipt

/receipts/sample

Signer setup

/docs/HEKATE_RECEIPT_SIGNER_SETUP.md

Signing status

/v1/receipts/signing-status

Trust bundle

/v1/agentsec/trust

Known risks

What is still outside the trust boundary.

Live signer

Production web signer env is still operator-controlled.

Evidence retention

Detached evidence policies must be finalized for enterprise claims.

Claim boundary

A receipt proves Hekate issued a specific decision over a specific evidence hash. It does not guarantee external agent safety.

Review production readiness gates