Security center

Security posture for Hekate Gate.

Hekate is built as a security control plane, so the public claims stay intentionally narrow: preflight checks, policy gates, signed receipts, and audit evidence.

Current status

Private beta, testnet-first.

Hekate Gate is not yet claiming mainnet certification or enterprise production certification. Those claims require real custody, real facilitator verification, and external security review.

Disclosure

security@hekategate.com

Send vulnerability reports, disclosure coordination, and security review requests to the dedicated security inbox. Do not include private keys, seed phrases, or customer secrets.

Claim boundaries

Security language stays narrow until evidence catches up.

We provide

Preflight checks, policy gates, signed receipts, hash-linked audit evidence, and clear remediation paths.

We do not claim

A guarantee of agent safety, full prompt-injection prevention, legal approval, or mainnet production certification.

Mainnet status

Not certified. Mainnet claims require real custody, real facilitator verification, real settlement proofs, and external review.

Enterprise status

Private beta. Enterprise production claims require SSO/RBAC hardening, incident runbooks, retention controls, and review evidence.

Controls

What is already designed into the platform.

Policy gate

Deterministic allow, warn, block, and approval decisions. No LLM in the approval path.

Signer isolation

Production mode requires remote custody and verifier-key pinning before mainnet claims.

Receipt integrity

Security receipts carry evidence hashes, policy hashes, scanner version, and signer identity.

Audit chain

Findings, approvals, payments, and evidence-retention events are append-only and hash chained.

Discovery boundary

Public discovery advertises private beta and mainnet not certified until external review passes.

Dependency posture

High/critical dependency gate is enforced; moderate Next/PostCSS risk is tracked explicitly.

Production gates

What has to be real before stronger claims.

Custody

KMS, HSM, MPC, or managed-wallet custody gateway configured and tested.

Facilitator

Verifier URL pinned, settlement proof available, and replay checks passing.

x402 proof

Real payment proof or testnet settlement proof attached to evidence bundle.

Receipts

Receipt signature verifies against trust material and retained evidence hash.

Review

External security review complete before any mainnet or enterprise certification language.

Receipt verification

Preflight evidence should be portable.

Production receipts bind subject hash, policy hash, evidence hash, scanner version, issuer, and signature. Verifiers should fail closed when any field, signature, schema, or trust key does not match.

View sample receiptConfigure Ed25519 signerProduction readiness
Disclosure handling

Security reports go to a dedicated inbox.

Send vulnerability reports, disclosure coordination, and external security review notes to security@hekategate.com. Please do not include private keys, seed phrases, or customer secrets.

Contact security
Claim boundary

Hekate reduces ambiguity before agents call, trust, pay, or deploy. It does not guarantee agent safety, replace legal review, or replace an external security audit.