CortexTPSTrust

Developers

Build against movement, receipts, and verified state — not vibes.

API principle

CortexTPS endpoints treat every request as untrusted until validated. Actions are idempotent, scoped to the caller, and produce receipts.

Receipts

Route locks, proof saves, prompt shield blocks, and memory writes generate receipt hashes tied to a policy version. Receipts let callers verify a server action happened without exposing internals.

Integrations

Integrations request capabilities, not raw authority. The server validates whether a capability is allowed in the current state of the room.

Public endpoints

POST /api/public/privacy-request · POST /api/public/security-report · GET /api/public/trust-health

Trust endpoints

POST /api/public/privacy-requestPOST /api/public/security-reportGET  /api/public/trust-health

All endpoints are JSON. Successful writes return a tracking ID and a short receipt prefix. The trust-health endpoint exposes only boolean-style status flags — never secret values.