From af9efddb63705ddbd8531f7217aab84d662ec582 Mon Sep 17 00:00:00 2001 From: keirsalterego Date: Mon, 8 Jun 2026 12:30:28 +0530 Subject: [PATCH 1/2] docs: action-layer positioning, recent updates, security email --- SECURITY.md | 2 +- profile/README.md | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index f0625e1..1fe2556 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,7 +13,7 @@ Versions prior to `v0.1.0` are not supported and should not be deployed. Do not open a public GitHub issue for security reports. -Email: `sec.vyrox@proton.me` +Email: `security@vyrox.dev` Subject line format: diff --git a/profile/README.md b/profile/README.md index 257f3aa..31528fd 100644 --- a/profile/README.md +++ b/profile/README.md @@ -11,19 +11,20 @@

## What It Does -Vyrox is the slightly overcaffeinated AI SOC analyst that reads the alert queue, squints at it, and then asks a human before touching anything dangerous. +Vyrox is the action layer that sits between your EDR and your team. It reads the alert queue, squints at it, acts on the real threats, and writes down exactly what it did so you can prove it later. It still asks a human before touching anything dangerous. ``` -[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action] +[EDR Alert] --> [Ingest] --> [Heuristics] --> [LLM triage] --> [Human Approval] --> [Action] --> [Audit] ``` -1. **Ingest** - CrowdStrike and SentinelOne webhooks arrive like they pay rent here. +1. **Ingest** - CrowdStrike, SentinelOne, Microsoft Defender, and a generic JSON adapter all arrive like they pay rent here. 2. **Triage** - Deterministic heuristics handle most of the obvious nonsense. 3. **Escalate** - Ambiguous cases get a second opinion from the LLM. 4. **Approve** - HIGH/CRITICAL alerts surface with enough context to make a sane decision. 5. **Execute** - Approved actions hit the hardened Rust proxy, because chaos deserves guardrails. +6. **Prove** - Every action lands in a SHA-256 hash-chained, tamper-evident audit log you own. The boring slide that wins the audit. -The important bit: **no autonomous containment**. Humans approve before anything gets isolated, killed, or dramatically overreacted to. +The important bit: **no autonomous containment** today. A human approves before anything gets isolated, killed, or dramatically overreacted to. Autonomy is opt-in and on the roadmap, never a default. ## Repositories @@ -43,7 +44,7 @@ The heuristics stay proprietary because that is the actual product, and shipping ## Quick Links - Website: [vyrox.dev](https://vyrox.dev) -- Security issues: sec.vyrox@proton.me +- Security issues: security@vyrox.dev - PGP key: [vyrox.dev/.well-known/pgp-key.txt](https://vyrox.dev/.well-known/pgp-key.txt) - Report vulnerabilities: [SECURITY.md](https://github.com/vyrox-security/.github/blob/main/SECURITY.md) @@ -51,6 +52,8 @@ The heuristics stay proprietary because that is the actual product, and shipping Alpha. Breaking things. Moving fast. Wearing a hard hat. +Recently shipped: multi-EDR ingestion (CrowdStrike, SentinelOne, Microsoft Defender, generic JSON), a SHA-256 hash-chained tamper-evident audit log, and an MIT-licensed Rust containment proxy you can read in an afternoon. + ## Contributors From 61528ee1c06d08834533b763966d3a3b059dcdb1 Mon Sep 17 00:00:00 2001 From: keirsalterego Date: Wed, 10 Jun 2026 11:51:36 +0530 Subject: [PATCH 2/2] docs(profile): fix simulator licence to MIT; trust framing; website link - Repo table: vyrox-simulator licence corrected Proprietary -> MIT (its own README and LICENSE say MIT) - Open-core rationale: what customers buy is the inspectable action layer and its tamper-evident record; heuristics stay private as detection content - Community README: website link made live (was 'coming soon') --- README.md | 2 +- profile/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 038e5ae..4ca0540 100644 --- a/README.md +++ b/README.md @@ -90,4 +90,4 @@ See CONTRIBUTING.md for full contribution process, style expectations, and merge This repository is distributed under Vyrox organisation terms for public community files. See LICENCE in the relevant target repository for component-specific licence terms. -Website: vyrox.dev (coming soon) \ No newline at end of file +Website: [vyrox.dev](https://vyrox.dev) \ No newline at end of file diff --git a/profile/README.md b/profile/README.md index 31528fd..adc295b 100644 --- a/profile/README.md +++ b/profile/README.md @@ -32,14 +32,14 @@ The important bit: **no autonomous containment** today. A human approves before |------|-------------|---------|-------| | [vyrox-proxy](https://github.com/vyrox-security/vyrox-proxy) | Rust containment proxy for the important kind of panic | MIT | ![vyrox-proxy stars](https://img.shields.io/github/stars/vyrox-security/vyrox-proxy?style=flat-square) | | [vyrox-docs](https://github.com/vyrox-security/vyrox-docs) | Architecture docs for the stuff everyone pretends not to read | Proprietary | ![vyrox-docs stars](https://img.shields.io/github/stars/vyrox-security/vyrox-docs?style=flat-square) | -| [vyrox-simulator](https://github.com/vyrox-security/vyrox-simulator) | Alert simulation, because production is a terrible place to improvise | Proprietary | ![vyrox-simulator stars](https://img.shields.io/github/stars/vyrox-security/vyrox-simulator?style=flat-square) | +| [vyrox-simulator](https://github.com/vyrox-security/vyrox-simulator) | Alert simulation, because production is a terrible place to improvise | MIT | ![vyrox-simulator stars](https://img.shields.io/github/stars/vyrox-security/vyrox-simulator?style=flat-square) | | [vyrox-landing](https://github.com/vyrox-security/vyrox-landing) | Public marketing site with just enough polish to be dangerous | Proprietary | ![vyrox-landing stars](https://img.shields.io/github/stars/vyrox-security/vyrox-landing?style=flat-square) | ## Why Open Core The proxy is MIT because if software can isolate a production host, the public should at least be able to audit the melodrama. -The heuristics stay proprietary because that is the actual product, and shipping detection logic publicly would be a very generous gift to the other team. +The heuristics stay proprietary because shipping detection logic publicly would be a very generous gift to the other team. The thing customers actually buy is the part you CAN inspect: the action layer and the tamper-evident record it leaves behind. ## Quick Links