This repository contains the source for Traceix Cortex Agents. Security fixes are applied to the latest released version(s) and the current default branch.

If you’re unsure whether your version is supported, report it anyway — we’ll point you to the right place.

Do not open a public GitHub Issue for security vulnerabilities.

If you believe you’ve found a security issue, please report it privately:

• Use the repository’s Security tab → Report a vulnerability (preferred), if available.
• If private reporting is not available, contact the maintainers privately through Traceix support channels.

When reporting, include:

• A clear description of the vulnerability and impact
• Steps to reproduce (proof-of-concept if possible)
• Affected OS/version (Windows 10/11/Server, etc.)
• Agent/installer version or commit SHA
• Any relevant logs (redact secrets)

Please do not include:

• API keys, tokens, passwords, auth headers
• Private configs from real environments
• Sensitive customer data If you must share logs, redact first.

After receiving a report, maintainers will:

1. Acknowledge receipt as soon as possible
2. Validate and assess severity
3. Work on a fix and prepare a release
4. Coordinate disclosure timing when appropriate

Thanks for helping keep Cortex Agents safe.