Ground truth for your codebase — and your coding agents
How true are your docs?
Hekkos extracts what your repos actually contain, scores every doc against it, and opens the fix as a pull request.
Engineers get cited answers grounded in the real code — and your coding agents get the same verified context as tools over MCP.
Why not just let your agent read the code? →2 doc claims out of date with the code
-
README.mddocuments the--retry-limitflag — removed in this diff (cmd/serve/main.go:88) ·a1b2c3d4e5f6 - new route
POST /api/v1/exportsisn’t documented anywhere yet ·0f1e2d3c4b5a
critical · warning · info
Comment-only — I won’t block your merge. Reply /hekkos ack a1b2c3d4e5f6 or /hekkos ack README.md to accept.
From connected to first fix in three steps
No configuration marathon. Connect a repo and Hekkos does the rest — you review the output, not the setup.
Connect the GitHub App
Least-privilege access to the repos you choose. Installing the GitHub App needs org-owner rights — or sends an approval request to your admin. GitHub is the first connected source today, with more coming. The first scan sets a silent baseline — no wall of day-one noise.
Hekkos maps & scores every doc
It extracts the real surface of your code and gives each repo a Real-State Trust score. You see, at a glance, which docs are lying.
Review the first fix as a PR
Drift is opened as a pull request you review like any other — and the same verified context answers questions in chat and over MCP.
A live map of what your code actually is
Hekkos connects to your sources — today, the GitHub App — and parses every repo into the real surface of your codebase. That map — not the docs, not a model’s recollection — is the ground truth everything else is built on.
Six languages, six domains
Routes, env vars, functions, types, and flags across Go, TypeScript/JavaScript, Python, Rust, Java, and Ruby — plus Terraform, Kubernetes/Compose config, SQL schema, dependencies, and OpenAPI specs. One queryable map per org.
Parsed, not guessed
AST-first extraction with confidence tiers — facts corroborated across independent files rank higher, and low-confidence findings never block a merge or drive a PR. Static analysis of what’s committed; nothing needs to be running.
File-and-line provenance
Every extracted fact knows exactly where it came from. Every answer built on it carries the citation.
Measure every doc against it — then fix them
Stale context doesn’t get flagged for a human to deal with someday. It gets measured, scored, and repaired — as pull requests your team reviews like any other.
Drift, measured
Every doc claim is diffed against the real map. Drift gets a severity, and each repo gets a Real-State Trust score — Coverage × Accuracy. Not "do docs exist?" — "are they true?"
Fixed as PRs — human-safe
Hekkos writes the corrected doc and opens one pull request. Sections you marked manual are preserved byte-for-byte, PR drift reviews are a single self-updating comment (never a comment wall), and the merge gate is opt-in per repo. Dismiss or ack with /hekkos commands.
Noise-proof by design
Docs carry authority tiers — canonical, reference, historical — so an old plan or superseded spec never reads as current-state drift. The first scan sets a silent baseline. What surfaces is worth acting on.
A standards engine underneath
Per-doc-type section schemas — write your own or adopt from the curated catalogue (README, AGENTS.md, CONTRIBUTING, SECURITY, ADRs, templates). Most sections render deterministically from extracted facts; only explicitly "generated" sections ever touch a model. Draft and validate in Doc Studio before anything lands in a repo.
See the repair working
Insights shows acceptance by document type, why suggestions get dismissed, and where Real-State Trust stands — so you can tell whether the loop is actually paying off, not just running.
Cited answers for your team. Tools for your agents.
The point of ground truth is that everything downstream can rely on it — an engineer asking how something works, or a coding agent about to act on it. Included on every plan: each answer, from the web chat or an agent, draws from your org’s monthly allowance.
Ask the real code
Chat grounded in the actual code, not just the docs — every answer cites its sources, shows both sides on a doc-vs-code conflict, and refuses rather than guesses. Paste a ticket or spec to see how it could be built with what you already have.
Tools for your agents
query_knowledge, ask_real_state, get_real_state, list_drift, validate_doc and more — the same org-scoped, permission-checked surface as the web app, as MCP tools for Cursor, Claude Code, or any MCP client.
Agent-written docs that pass review
Agents can fetch your org’s doc standard, scaffold a conformant draft, and validate it — so machine-written docs land right the first time.
Auth in hekkos-org/api uses GitHub OAuth, issuing a short-lived JWT as an httpOnly session cookie. Every request re-validates membership against org_members, so a removed member loses access immediately — no stale-token window.
Why not just let the agent read the code?
Because it reads one repo, on demand, with no memory — it fixes nothing for whoever asks next, and you pay, every time, for context the org already had.
On-demand isn’t continuous
An agent re-derives your codebase from scratch inside every context window — paying full price for context the org already had. Hekkos extracts it once, deterministically, keeps the map current on every merge, and serves it over MCP: the cached answer, reused by every run.
One repo isn’t your org
An agent sees the repo it’s working in. Hekkos holds the cross-repo map — and the org’s doc standard — for everything you ship.
Reading isn’t repairing
An agent that notices a stale README moves on — or worse, is misled by it and ships plausible, wrong code you pay to generate, then review, then rewrite. Hekkos opens the fix as a pull request, so every human and agent after it starts from truth.
Onboarding without the interviews
Every stale runbook turns a new hire’s first weeks into meetings with senior engineers — two salaries paying for one answer, again. With docs held to a standard and verified against the real code, ramping engineers ask Hekkos and get cited answers.
Maintenance that isn’t engineer-hours
Keeping docs current by hand is skilled time spent on chores. Hekkos does the deterministic parts with no model cost at all, and the rest lands as a PR to review — minutes, not afternoons.
It never shows up as a line item — it shows up as tokens spent re-learning your own codebase, plausible-but-wrong code in review, and senior engineers answering the same question twice. Back-of-the-envelope: a 20-engineer org where each person loses just 30 minutes a week to a wrong or missing doc is ~40 engineer-hours a month — a quarter of a salary — before agents multiply how often those docs get read. Your numbers will differ; they’re rarely smaller.
Built for orgs that read the fine print
The short version is below; the full posture — isolation, encryption, retention, testing, and our honest compliance status — is at hekkos.com/security.
Tenant-isolated by design
Every query is scoped to your org and respects per-document access. Your docs are never mixed with anyone else’s — verified by cross-org tests.
Never trained on without consent
Your content stays org-scoped and is never pooled or used for training unless you explicitly consent. Any cross-org export is operator-restricted and audited.
Scrubbed and short-lived
Secrets are redacted from anything Hekkos stores, and stored content expires automatically after 180 days.
Hardened — or fully yours
Encrypted secrets (AES-256-GCM), signature-verified webhooks, an adversarial security audit with fixes verified end-to-end. Or self-host with a local model — air-gap friendly, license verified offline, nothing leaves your infrastructure.
Pricing is coming soon
We’re putting the finishing touches on our plans. In the meantime, tell us what you’re building and we’ll help you get started.
Contact usGive your team — and your agents — ground truth
Start free — the full product, no credit card.