Decide · Approve · Prove

Every agent action,
witnessed.

Your agents pay invoices, call tools, and move data. HESO checks every action against your policy in under 2 ms, holds the risky ones for a person to approve, and signs each result into a receipt anyone can verify offline. We stay out of the loop.

Start free See how it works

A thermal receipt printer printing a long receipt that curls onto the table

hesowitnessSearch actions, receipts…⌘KAM

Workspace

Approvals1

Actions

Policy

Receipts

Keys

policy v12 · signing

Approvals

1 waiting for you · 7 decided in the last minute

AllHeldAuto

Held for your approvalpolicy: over $1,000 → humanjust now

Send $4,200.00 to Clark Kent

payments.transfer · agent ap-billing · 1.8 ms eval

ApproveReject

ActionDetailAgentEvalDecision

tools.web.fetchRead a vendor invoiceap-billing0.9 msAllowed

tools.web.searchLook up a part numberops-agent0.6 msAllowed

crm.updateMove a deal to closed-woncrm-bot0.8 msAllowed

email.sendSend a status updatesupport-bot1.1 msAllowed

db.drop_tableDrop a production tableops-agent0.7 msBlocked

data.exportExport one customer rowsupport-bot1.4 msRedacted

Every decision signed · chain 7d2b…04afmedian eval 0.9 ms

Receipt preview7d2b…04af

Actionpayments.transfer

PayeeClark Kent

Amount$4,200.00

Agentap-billing

Policyhold over $1,000

Signature

ed255193a9f…e1c0

blake37d2b…04af

Chain intact

Verify offline

policy decides: < 2 ms
signs the exact bytes: Ed25519
chains each receipt: BLAKE3
anyone verifies: offline

Agents act. Logs can't prove what they did.

A log tells you what happened, according to whoever kept the log.

An agent sends a payment, calls a tool, or exports a customer record. The only trace it leaves is a log, and whoever runs that log controls it.

A log can be edited, rotated, or quietly dropped. It can’t show who approved an action or rebuild what actually ran. So when an auditor or an incident asks for proof, all you have is a claim.

An open accounting ledger with one page torn out, the ruled rows left incomplete

audit.logplaintext

09:41:52 payments.transfer payee="Clark Kent"

09:41:52 amount=$42,000.00$4,200.00

09:41:53 status=ok · approved_by=policy

readable by anyone with the file

receipt · 7d2b…04afsigned

amount$42,000.00$4,200.00

actionpayments.transfer

payeeClark Kent

ed25519

blake3

verify · signature matches the bytes

the same edit, against both records · $4,200.00 → $42,000.00

You need proof, not a nicer log.

How it works

Decide, approve, prove.

A log is only as honest as whoever keeps it — so HESO hands you proof instead: every action decided against your policy, co-signed by a person when it matters, and verifiable by anyone, offline.

01decide

Policy decides in under 2 ms

Every action your agent takes (a payment, a tool call, an HTTP request, a data export) is caught before it runs and checked against your policy. The first rule that matches decides what happens: allow it, block it, redact a sensitive field, or hold it for a person. Nothing executes until it clears.

actionpayments.transfer

amount$4,200 → "Clark Kent"

verdictHOLD< 2 ms

A matte black cube on a pale field, one corner cleanly notched like a sealed file

02approve

A person co-signs what matters

High-stakes actions stop and wait for a human. They approve right in the console, and their browser co-signs with a key that lives on their device. The cloud never sees that key, so no one can forge the sign-off, including us. Need more than one yes? Set a quorum, like 2 of 3 approvers, and each person signs only their own decision. The policy floor you set can’t be bypassed by anyone.

policyover $1,000 → ask a person

co-signapproved · device key

trustL1 · human co-signed

A matte black cylinder in near-darkness, a single bright line of light tracing its top edge

03prove

Anyone verifies it, offline

The result is a receipt: the exact bytes of the action, signed with Ed25519 and chained to the one before it with BLAKE3. Drop it into any browser and the check runs right there on the page. No network, no account, and no need to trust HESO.

ed25519

blake3

verifyoffline · any browser

A glass loupe standing on a printed strip of hex, magnifying the rows beneath it into sharp focus

Proof, not promises

Proof you can check yourself

A receipt is evidence you hold, not a status we report. The check runs in your browser, not on our servers and not on our word. Try it: edit the amount below.

receipt · signedblake3 7d2b…04af

action: payments.transfer
amount: edit→ "Clark Kent"
verdict: ALLOW

content_hash9b5b…696c

signed_hash9b5b…696c

ed255193a9f…e1c0

verify it yourself

VALID

The recomputed hash matches the signed hash, so the signature holds. This receipt is authentic, verified offline in your browser.

recomputed9b5b…696c

on record9b5b…696c

no network · no account · no HESO

to decide: allow, block, redact, or ask a human: < 2ms
signature on the exact bytes of every action: Ed25519
chain that links each receipt to the last: BLAKE3
offline verification that needs nothing from us: byte-for-byte

A receipt also exports to open formats like AERF and COSE, so other tools can read the evidence. It isn’t a private lock-in format.

The EU’s logging rules for high-risk AI land in December 2027, and a hash-chained history can’t be backfilled after the fact. The audit trail has to already exist when the deadline arrives.

Pricing

Simple pricing. You pay for scale, not for signing.

Paid tiers buy cloud scale, retention, and team features. The proof itself is on every plan.

on every planEd25519-signed receiptsoffline verificationfull local audit trail, never capped

Free

For individuals and small experiments

$0forever

hard cap · no surprise bills

1agents

1approvers

10kreceipts/mo

7 days retention · 5 req/sec

Start free

Pro

recommended

For growing teams shipping AI to production

$29/ mo

then $1 per 1,000 receipts past the floor

3agents

3approvers

100kreceipts/mo

30 days retention · 20 req/sec

Start with Pro

Team

For teams that need scale and longer retention.

$299/ mo

then $0.50 per 1,000 receipts past the floor

10agents

6approvers

1Mreceipts/mo

6 months retention · 60 req/sec

Start with Team

Custom

Unlimited scale with dedicated support and SLAs

Contact

uncapped cloud mirror

50+agents

50+approvers

∞receipts/mo

1 year retention · 150+ req/sec

Contact sales

what would your volume cost?

18,000receipts / month

Free

mirror stops here

Pro

$29

inside the floor

Team

$299

inside the floor

Only the cloud mirror is metered. You’re billed past the floor, and never blocked until the 10× runaway ceiling. The local signed chain always runs: no account, no network, never refused. Free has no overage. The mirror just stops.

also on every plan

Your customers can approve, too.

Embed the gate in your own product and a customer co-signs the actions that touch them, with the same device-held keys and the same signed receipt. It’s included on every plan with a small “powered by heso” mark. On Team it wears your colors, with no mark.

Let your customers approve

Inside your appgate · embed

Run the March campaign for $1,250?

Your agency’s agent wants to act on this account. Your call.

ed25519awaiting your approval

A governed agent is one signing identity and policy scope, not a concurrency limit.

Verify it yourself

Trust no one, including us.

Open a receipt and check it in your browser. Ed25519 and BLAKE3, verified on your own machine with nothing from HESO.

Start free Verify a receipt

free forever · 1 agent · no card

Every agent action,witnessed.

Agents act. Logs can't prove what they did.

Decide, approve, prove.

Policy decides in under 2 ms

A person co-signs what matters

Anyone verifies it, offline

Proof you can check yourself

Simple pricing. You pay for scale, not for signing.

Free

Pro

Team

Custom

Your customers can approve, too.

Trust no one, including us.

Every agent action,
witnessed.