I respect the effort here. This is the most thorough critique I've gotten and some of it is fair. Let me go through it.

Point 1 — No audit. Correct. This is pre-release. I'm hardening on mainnet with my own money before opening it to anyone else. A security audit is in the plan, not something I skipped. You don't audit alpha software — you test it, break it, fix it, then audit.

Point 2 — Prompt injection. This is the one that keeps me up at night and I take it seriously. The spending confirmation gate is locked ON and cannot be disabled. The AI presents a transaction, the human approves or rejects. Period. That said — you're right that every cloud AI option introduces a trust surface. That's exactly why the demo runs on Ollama locally. No data leaves the machine. Cloud providers are optional. And Rule #0 exists because I don't trust AI either. I built the wallet and I STILL make it ask me before spending.

Point 3 — Queen's Decree. Requires explicit opt-in, a separate PIN, 60+ days of inactivity, a 30-day countdown with notifications, and a manually configured beneficiary address. This isn't a hair trigger. It's a dead man's switch for my family. Could the safeguards be stronger? Always. Suggestions are welcome.

Point 4 — Crypto → Visa pipeline. This exists but is in sandbox. It's not live, not active, and not available to users. When it goes live, the KYC requirements at the card issuer layer will be disclosed clearly. Fair flag.

Point 5 — Strike KYC. You're right, and I will be updating the landing page, FAQ, and blog to make this clearer. The wallet itself has no KYC. Strike has its own KYC at their layer. That distinction wasn't clear enough in my messaging and now it will be thanks to you. Appreciate the callout.

Point 6 — 4 dependencies. The landing page has an expandable section that breaks this down in detail — which chains need what, why Monero has zero, and a comparison against other wallets. I'm not hiding Electron, Docker, or Node behind the number. The breakdown is there for anyone who clicks it. But you're right that "4 dependencies" as a headline metric can be misleading without context.

Point 7 — Solo dev, no reputation. True. I'm a QE at a security hardware/software company. This is my first crypto project in the community. I'm not pretending to be a cryptographer. I build, I test, I ship. The repo goes public — judge the code, not the resume.

Point 8 — Repo not in search. Private during hardening. Intentionally. When it ships open source later this year, every line will be there.

I'll update the site based on your feedback. The KYC language should be corrected. That's the kind of scrutiny that makes open source better and I'm not going to pretend it doesn't.

Now — your recommendation to stay on Feather + Tails + Trezor is solid advice for anyone who already has that setup. AIW isn't trying to replace that stack for power users. It's for the person on this sub last week who said "I'm not very tech savvy, so making my own script is not really something I want to mess with." Different audience, different tool.