slavex is pre-1.0; security fixes are applied to the latest master.

Please report security issues privately — do not open a public issue.

• Email: aich.1998@gmail.com, or
• Use GitHub's private vulnerability reporting (the repo's Security → Report a vulnerability).

We aim to acknowledge reports within 72 hours and to share a fix or mitigation timeline after triage. Please give us a reasonable window to address the issue before public disclosure.

• The "brain" invokes the Cursor CLI agent locally in read-only mode (cursor-agent --mode ask --print); during normal gameplay it does not write files or run shell commands.
• No secrets or API keys are committed to this repository.
• The backend is intended for local development. If you expose it on a network, treat /api/command as untrusted input and run it behind appropriate isolation.