Security
Security posture notes for production, audit, and evidence-oriented deployments.
Tenant scope
- Public reads and writes are expected to carry explicit tenant scope.
- Admin or multi-tenant views require explicit authority and reviewable scope.
- Caches that can serve facts must include tenant scope in the key.
Data protection
- Secrets, tokens, prompts, PII, and tenant payloads should not be written into public logs, docs, telemetry, or ledger metadata.
- Sensitive deployments should use encryption at rest and explicit key-handling procedures.
- Telemetry and evidence exports should be redacted before publication.
Guarded admission
- Validation, provenance, taint, schema, and tenant failures should fail closed.
- Generative output should not become durable fact without deterministic admission.
- Rejected writes should preserve enough non-sensitive context to explain the failure.
Audit continuity
- Ledger verification should replay hash continuity and checkpoint coverage over a consistent state snapshot.
- Evidence packs should include the command or procedure used to reproduce the verification result.
- Schema changes need migration review, rollback behavior, and compatibility tests before public claims are updated.
Responsible disclosure
- Report security issues privately to security@cortexpersist.com.
- Do not include live secrets, customer payloads, or private tenant data in reports.
- Include affected route, version or commit, reproduction steps, and expected impact when possible.
Assurance boundary
- This page describes technical posture, not a SOC 2, ISO 27001, legal compliance, or regulator certification claim.
- Compliance conclusions require deployment-specific controls, current legal review, and independent audit scope.