Route receipts
Important actions — locking a route, saving proof, blocking unsafe prompts, validating memory writes — produce signed receipts for verification.
CortexTPSTrust
Security
Cute on the surface. Serious underneath.
Prompt shield
User prompts, model output, website text, and place data are treated as untrusted input. Unsafe instructions are stripped or blocked before they can affect what gets executed.
Safe links
External links are sanitized at render. Unsafe protocols and raw provider HTML are never executed by the app.
Server truth
The client shows plans. The server decides what can be locked, saved, or remembered. Client state alone never grants authority.
Responsible disclosure
If you find a security issue, use the form on this page. Reports are received, logged, and triaged.
Report a security issue
Responsible disclosure. Reports are received, logged, and triaged.