Permission modes
New code conversations default to Ask. File writes and shell commands require approval. Edits allows file writes inside the selected project while shell commands still ask. Auto skips confirmations and is an explicit high-trust choice.
Workspace scope
File tools canonicalize paths and reject paths outside the selected project, including symlink escapes. The shell starts in that project, but a shell can access resources outside it and can use the network. Do not use Auto with an untrusted prompt or model.
Local and cloud paths
Ordinary local inference, memory, speech and image generation do not intentionally upload user content. Optional cloud engines send relevant task context to the configured provider. Model downloads contact their host.
Distribution
Public builds are Developer ID signed, notarized and stapled before distribution. Slate does not offer an unsigned download.
Reporting a vulnerability
Report security issues to info@lange-co-consulting.de with the subject “Slate security report”. Please do not include secrets or personal data unless a secure channel has been agreed. We aim to acknowledge reports within a few business days.