Registry Profile
Hekate Receipts
Hekate Receipts turn a preflight decision into portable evidence: subject hash, policy hash, evidence hash, scanner version, issuer, and signature.
Portable security evidence
Receipt schema, evidence hash, signature scheme, trust bundle, and verification endpoint
agentsec.security_preflight.v1; ed25519.signer.v1 after signer env is configured
not certified
Checks
What Hekate inspects.
Schema
agentsec.security_preflight.v1 compatibility.
Signature
none.private_beta.v1 until Ed25519 signer env is configured; ed25519.signer.v1 after.
Verification
/v1/receipts/verify checks signature, issuer, evidence hash, and schema.
Evidence
Public artifacts and links.
Sample receipt
/receipts/sample
Signer setup
/docs/HEKATE_RECEIPT_SIGNER_SETUP.md
Signing status
/v1/receipts/signing-status
Trust bundle
/v1/agentsec/trust
Known risks
What is still outside the trust boundary.
Live signer
Production web signer env is still operator-controlled.
Evidence retention
Detached evidence policies must be finalized for enterprise claims.
A receipt proves Hekate issued a specific decision over a specific evidence hash. It does not guarantee external agent safety.
Review production readiness gates