Pi

An open-source, self-extensible agent harness and coding agent CLI — a modular runtime (agent core, unified multi-provider LLM API, TUI) with no built-in permission system by default, documented containerization patterns for sandboxing instead.

67.7Kstars
8.3Kforks
MIT License
TypeScript

Pi is built as a genuinely modular agent harness rather than a single monolithic CLI: pi-ai provides a unified API across LLM providers (OpenAI, Anthropic, Google, and others), pi-agent-core handles tool calling and state management as the runtime layer, pi-coding-agent is the interactive CLI most users interact with, and pi-tui is a standalone terminal UI library with differential rendering used to build that CLI. A separate project, pi-chat, extends the same foundation to Slack/chat automation.

The project is notably candid about a security trade-off: Pi does not include a built-in permission system for restricting filesystem, process, network, or credential access, running by default with whatever permissions the launching user/process has. Rather than bolting on a partial permission layer, the project documents three explicit containerization patterns — a Gondolin extension routing tools into a local Linux micro-VM, plain Docker isolation, or OpenShell’s policy-controlled sandbox — for users who need stronger boundaries.

MIT licensed and distributed via npm (@earendil-works/pi-coding-agent), Pi describes itself as self-extensible, and has grown to 67,000+ GitHub stars with an active Discord community. The project auto-closes issues/PRs from new contributors by default, with maintainers reviewing them daily — a deliberate triage mechanism disclosed directly in the README.

What You Get

  • A unified LLM API (pi-ai) across OpenAI, Anthropic, Google, and other providers
  • An agent runtime (pi-agent-core) handling tool calling and state management independently of the CLI
  • An interactive coding agent CLI (pi-coding-agent) built on a standalone TUI library
  • Documented containerization patterns (Docker, a Linux micro-VM extension, or OpenShell) for sandboxing since Pi has no built-in permission system

Common Use Cases

  • Running a terminal-based coding agent that can call tools and manage state across a session
  • Building custom agent tooling on top of pi-agent-core or pi-ai without adopting the full coding-agent CLI
  • Sandboxing agent execution via Docker or a micro-VM extension when filesystem/network isolation is required
  • Extending Pi into other surfaces like Slack/chat automation via the companion pi-chat project

Under The Hood

Architecture Pi’s monorepo cleanly separates pi-ai (multi-provider LLM API), pi-agent-core (tool-calling and state management runtime), pi-coding-agent (the CLI), and pi-tui (a standalone terminal UI library with differential rendering) — meaning each layer can be reused independently, and the CLI itself is just one consumer of the underlying agent runtime rather than the runtime being CLI-specific. The explicit absence of a built-in permission system is itself an architectural choice: rather than a partial or false sense of security, Pi delegates isolation entirely to standard containerization tooling (Docker, micro-VMs, policy-controlled sandboxes).

Tech Stack TypeScript across all packages, distributed via npm under the @earendil-works scope, with a custom terminal UI library (pi-tui) rather than a third-party TUI framework, and multi-provider LLM support built into the core rather than the CLI layer.

Code Quality Very active, consistently maintained commit history at significant scale (67K+ stars, 8K+ forks) reflects strong real-world adoption; the project’s transparent disclosure of both its permission-system limitation and its contribution-triage policy (auto-closing new-contributor issues/PRs, reviewed daily) suggests deliberate, honest project management rather than hiding trade-offs.

What Makes It Unique Most coding agent CLIs bundle a partial permission/sandboxing layer directly into the tool; Pi instead explicitly declines to do so and documents real containerization patterns instead, avoiding the false confidence of an incomplete built-in permission system in favor of relying on well-understood, battle-tested isolation primitives (Docker, micro-VMs).

Self-Hosting

Licensing Model MIT licensed — fully open source with no license key.

Self-Hosting Restrictions Not applicable; Pi runs locally with your own LLM provider credentials.

License Key Required No. Note: Pi has no built-in permission system restricting filesystem, process, network, or credential access — it runs with the full permissions of the launching user/process unless you apply one of the documented containerization patterns yourself.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search