Production readiness

Private beta can ship. Mainnet claims need evidence.

Hekate stays deliberately narrow until the operational proof exists: signed receipts, real custody, real facilitator verification, settlement proof, and external security review.

Allowed now

Private beta, testnet-first.

Hekate can describe preflight checks, policy gates, signed receipts when configured, and audit evidence. Public copy must continue to say mainnet not certified.

Blocked until review

No mainnet or enterprise certification language.

Mainnet and enterprise claims require conformance outputs, external review results, and no unresolved critical or high findings.

Gates

What has to be real.

Receipt signer

Configure HEKATE_RECEIPT_* env and verify ed25519.signer.v1 receipts.

Custody gateway

Use KMS, HSM, MPC, or managed-wallet signing with HMAC-pinned request and response verification.

Facilitator verifier

Pin the verifier URL, require HMAC-signed responses, and attach supported settlement proof.

x402 or testnet proof

Run conformance against a real x402 proof or testnet settlement proof before claims.

External review

Resolve all critical and high findings before mainnet or enterprise language.

Commands

Redacted evidence for reviewers.

npm run hekate:readiness
npm run hekate:receipt-signer:conformance
curl https://hekategate.com/v1/receipts/signing-status
npm run custody:conformance
npm run facilitator:conformance
npm run security:ci
Claim boundary

`npm run hekate:readiness` can say public beta is ready while mainnet and enterprise claims remain blocked. That is the correct state until the operator-controlled proof exists.