Pi.dev coding agent as no sandbox by default.

Reddit r/LocalLLaMA / 4/25/2026

💬 OpinionDeveloper Stack & InfrastructureSignals & Early TrendsTools & Practical Usage

Read original →

共有:

Key Points

The post criticizes Pi.dev’s coding agent behavior for potentially running dangerous commands without asking for permission, citing an example like deleting a file under /tmp.
It points to optional “extensions” provided by the pi-mono repository, including a permission gate extension and a sandbox extension, as ways to add safety controls.
The author reviews that Pi.dev’s philosophy explicitly avoids permission popups and instead expects users to run the agent in a container or implement their own confirmation/safety flows via extensions.
The author acknowledges they initially assumed the agent would be confined to its working directory like other coding agents, and clarifies they should have read the documentation more carefully.
The takeaway for readers is to evaluate and enable the safety/lifecycle extensions (or use containerization) before relying on the agent in environments with strict security requirements.

I love Pi, but minimal mean minimal.

I realized it when it rm -f /tmp/somefile.log without asking for permission.

There a extension to prevent the most dangerous command.

https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/examples/extensions/permission-gate.ts

Or there actual sandbox : https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent/examples/extensions/sandbox

Might be worth checking all the other Safety one too : https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent/examples/extensions#lifecycle--safety

---EDIT---

I get many of you disagree with their choice, but when i developer say they made something "opinionated", that mean they made choice they know most wont like.

I realise i'm the one who didnt inform myself enough and read the doc and stuff...

Not asking for permission is part of their Philosophy https://pi.dev,

No permission popups. Run in a container, or build your own confirmation flow with extensions inline with your environment and security requirements.

https://mariozechner.at/posts/2025-11-30-pi-coding-agent/#toc_13

But for some reason, i still though it would have been confine to its working directory like most coding agent.

I should have read more, but that why i'm pointing at it now for other like me :)

submitted by /u/mantafloppy
[link] [comments]

💡 Insights using this article

This article is featured in our daily AI news digest — key takeaways and action items at a glance.

📅 4/25DailyView insight →

Black Hat USA

AI Business

The 2AM Discipline: What an AI Agent Does When There's Nothing Left But the Clock (Day 63)

Dev.to

Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.

Dev.to

Trippy Balls

Dev.to

Built a multi-model AI platform with real-time WebRTC voice, persistent cross-model memory, and a full generation suite - free account gets 1 min voice/month

Reddit r/artificial

Pi.dev coding agent as no sandbox by default.

Key Points

💡 Insights using this article

Related Articles

Black Hat USA

The 2AM Discipline: What an AI Agent Does When There's Nothing Left But the Clock (Day 63)

Big Tech firms are accelerating AI investments and integration, while regulators and companies focus on safety and responsible adoption.

Trippy Balls

Built a multi-model AI platform with real-time WebRTC voice, persistent cross-model memory, and a full generation suite - free account gets 1 min voice/month

関連おすすめサービス

Notta搭載AI議事録イヤホン ZENCHORD1

AI搭載ボイスレコーダー Plaud

画像高画質化AIツール Aiarty Image Enhancer