Architecture Philosophy
- Fail-closed by default.
- Deterministic policy enforcement.
- Permit-scoped authorization.
- Tamper-evident logging.
Security Overview
TruCore is designed as security-first infrastructure for autonomous finance. This page describes our public commitments without exposing private implementation details.
Last updated: 2026-04-06
Operational Controls
- CI enforced.
- CSP reporting.
- Admin audit logs.
- Rate limiting.
- Noindex on sensitive routes.
Data Handling
- Minimal PII collection.
- No resale of data.
- Admin-gated metrics only.
Release Discipline
- Versioned releases (v0.x.y).
- Tagged and logged.
- Production smoke before tag.
Found an issue or need disclosure details? Visit Responsible Disclosure.