Pi Coding Agent

Every signal accepted for Pi Coding Agent. Each links to the run that produced it. The Pi Coding Agent profile carries the current evergreen state.

June 2026

2026-06-03 · Pi Coding Agent

OAuth browser-launch URI validation closes command-injection path

Runtime
- An operator authenticating against a third-party or attacker-influenced OAuth server was exposed to shell command injection via the verification URI; upgrading past ba6e529 removes that exposure.
- Verification path: confirm the build includes ba6e529 (non-HTTP(S) URIs rejected, browser launched via spawn() not shell exec()).
Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0
2026-06-03 · Pi Coding Agent

Git package install path-traversal rejection

Runtime
- An operator installing a git-sourced package from an untrusted URL was exposed to files being written outside the package install root via traversal sequences; upgrading past a98e087 blocks this at parse and resolution time.
- Verification path: confirm a98e087 is present; a crafted git URL with '../' is rejected with 'Refusing to use path outside package install root'.
Run: 2026-06-03-weekly-digest-2026-05-28_2026-06-03-frontier-v0

May 2026

2026-05-12 · Pi Coding Agent

Package scope migration to earendil-works; harness SDK stream config

Platform
- Operators with global Pi installs should run `pi update --self` once @earendil-works/pi-coding-agent is published to migrate from the old @mariozechner scope.
- Operators with Pi pinned in CI, Dockerfiles, or package.json by the old @mariozechner/pi-coding-agent name should update their references to @earendil-works/pi-coding-agent.
Run: 2026-05-12-partial-cycle-pi-coding-agent-2026-05-07_2026-05-12-frontier-v0
2026-05-07 · OpenClaw · Agent Zero · Hermes Agent · Pi Coding Agent · Gemini CLI · OpenHands

Accessibility is a frontier capability, not marketing polish

Platform
- Everyday adoption depends on setup recovery, visible progress, voice/chat surfaces, readable UI, OAuth clarity, and fewer dead ends.
Run: 2026-05-07-commit-harvest-2026-04-23_2026-05-07-frontier-v1
2026-05-07 · Pi Coding Agent · Hermes Agent · OpenClaw · Codex · Gemini CLI · OpenHands

Integrations are volatile; the operating loop has to be durable

Platform
- Provider lists, plugin systems, transports, and model profiles will keep changing.
Run: 2026-05-07-commit-harvest-2026-04-23_2026-05-07-frontier-v1
2026-05-06 · Codex · Claude Code · Gemini CLI · Pi Coding Agent

Authority semantics are explicit but fragmented.

Control Plane
- Permission profiles, workspace trust, env loading, hooks, MCP behavior, extension schemas, and provider transports differ by worker and release.
- Bitter capability profiles should record worker-native permission and trust semantics instead of assuming a uniform authorization model.
Run: 2026-05-06-manual-2026-04-22_2026-05-06-frontier-v0
2026-05-06 · Codex · Claude Code · Gemini CLI · Hermes Agent · Pi Coding Agent

Plugin, extension, and skill ecosystems are becoming the integration surface.

Platform
- The practical power of worker CLIs increasingly depends on plugins, hooks, extensions, skills, and transport modules, not just the base model.
- Adapter receipts should include enabled plugin/extension/skill surfaces and should distinguish worker-local skills from Bitter-owned memory.
Run: 2026-05-06-manual-2026-04-22_2026-05-06-frontier-v0
2026-05-06 · Pi Coding Agent · Gemini CLI · Codex

Worker integrations are not durable doctrine.

Platform
- Pi removed built-in Gemini CLI and Antigravity support while adding many providers; Gemini preview/nightly channels differ materially; Codex alpha releases and app-server surfaces move quickly.
- Keep worker adapters thin, versioned, source-contracted, and replaceable. The stable Bitter asset is the run contract and receipt chain.
Run: 2026-05-06-manual-2026-04-22_2026-05-06-frontier-v0

← All signals