Interesting approach to planning via extensions. I took a similar direction with enforcement. A governance loop that hooks into the agent's tool calls and blocks
execution until protocol is followed. Every 10 actions (configurable), the agent re-centers. No permission popups, but the agent literally can't skip steps.
My current fave harness. I've been using it to great effect, since it is self-extensible, and added support for it to https://github.com/rcarmo/vibes because it is so much faster than ACP.
The better web UI is now part of https://github.com/rcarmo/piclaw (which is essentially the same, but with more polish and a claw-like memory system). So you can pick if you want TS or Python as the back-end :)
The claw version’s web UI essentially has better thinking output, more visibility of tool calls, and slightly better SSE streaming. I’ve backported some of it to vibes, but if you want to borrow UI stuff, the better bits are in piclaw. I use both constantly on my phone/desktop.
I haven’t met a single person who has tried pi for a few days and not made it their daily driver. Once you taste the freedom of being able to set up your tool exactly how you like, there’s really no going back.
It’s straightforward: JavaScript is a dynamic language, which allows code (for instance, code implementing an extension to the harness) to be executed and loaded while the harness is running.
This is quite nice — I do think there’s a version of pi’s design choices which could live in a static harness, but fully covering the same capabilities as pi without a dynamic language would be difficult. (You could imagine specifying a programmable UI, etc — various ways to extend the behavior of the system, and you’d like end up with an interpreter in the harness)
At least, you’d like to have a way to hot reload code (Elixir / Erlang could be interesting)
Sure, but why implement a novel language with said feature if your concern is a harness ... not on implementing a brand new language with this feature?
I built my own harness on Elixir/Erlang[0]. It's very nice, but I see why TypeScript is a popular choice.
No serialization/JSON-RPC layer between a TS CLI and Elixir server. TS TUI libraries utilities are really nice (I rewrote the Elixir-based CLI prototype as it was slowing me down). Easy to extend with custom tools without having to write them in Elixir, which can be intimidating.
But you're right that Erlang's computing vision lends itself super well to this problem space.
One thing in its favor is that it was kind of easy and simple to extend and contribute to and share extensions. JavaScript/node is still the biggest dev environment. The same can be said for OpenClaw.
yes! I just don't understand that as well. Up until some time ago claud code's preferred install was a npm i, wasn't it? Please serious answers for why anyone would use a web language for a terminal app
Yes. It seems to be the term that stands out the most, as terms like "AI coding assistant", "agentic coding framework", etc. are too vague to really differentiate these tools.
"harness" fits pretty nicely IMO. It can be used as a single word, and it's not too semantically overloaded to be useful in this context.
A harness is a collection of stubs and drivers configured to assist with automation or testing. It's a standard term often used in QA as they've been automating things for ages before Gen Ai came on to the scene.
Pi was probably the best ad for Claude Code I ever saw.
After my max sub expired I decided to try Kimi on a more open harness, and it ended up being one of the worst (and eye opening experiences) I had with the agentic world so far.
It was completely alienating and so much 'not for me', that afterwards I went back and immediately renewed my claude sub.
> I would say that the project actively expects you to be downloading them to fill any missing gaps you might have.
Where did you get this perspective from?
> I thought pi and its tools were supposed to be minimal and extensible. So why is a subagent extension bundling six agents I never asked for that I can’t disable or remove?
Why do you think a random subagents extension is under the same philosophy as pi?
Your blog post says little about pi proper, it's essentially concerned with issues you had with the ecosystem of extensions, often made by random people who either do or do not get the philosophy? Why would that be up to pi to enforce?
Pi ships with powerful defaults but skips features like sub-agents and plan mode
Does anyone have an idea as to why this would be a feature? don't you want to have a discussion with your agent to iron out the details before moving onto the implementation (build) phase?
In any case, looks cool :)
EDIT 1: Formatting
EDIT 2: Thanks everyone for your input. I was not aware of the extensibility model that pi had in mind or that you can also iterate your plan on a PLAN.md file. Very interesting approach. I'll have a look and give it a go.
I’m working with a friend to build an ui around Pi to make it more user friendly for people who prefer to work with a gui (ala conductor). You can check out the repo: https://github.com/philipp-spiess/modern
I've been using Pi day to day recently for simple, smaller tasks. It's a great harness for use with smaller parameter size models given the system prompt is quite a bit shorter vs Claude or Codex (and it uses a nice small set of tools by default).
Has anyone used an open coding agent in headless mode? I have a system cobbled together with exceptions going to a centralized system where I can then have each one pulled out and `claude -p`'d but I'd rather just integrate an open coding agent into the loop because it's less janky and then I'll have it try to fix the problem and propose a PR for me to review. If anyone else has used pi.dev or opencode or aider in this mode (completely non-interactive until the PR) I'd be curious to hear.
EDIT: Thank you to both responders. I'll just try the two options out then.
pi has an RPC mode which just sends/receives JSON lines over stdio (including progress updates, and "UI" things like asking for confirmation, if it's configured for that).
That's how the pi-coding-agent Emacs package interacts with pi; and it's how I write automated tests for my own pi extensions (along with a dummy LLM that emits canned responses).
The way you’re able to extend the harness through extension/hook architecture is really cool.
Eg some form of comprehensive planning/spec workflow is best modeled as an extension vs natively built in. And the extension still ends up feeling “native” in use
Yeah I wrote a small landlock wrapper using go-landlock to sandbox pi that works well (not public, similar projects are landrun and nono).
Note that if you sandbox to literally just the working directly, pi itself wont run since pretty much every linux application needs to be able to read from /usr and /etc
I do this with an extension. I run all bash tools with bwrap and ACLs for the write and edit tools. Serves my purposes. Opens up access to other required directories, at least for git and rust.
I think I published it. Check the pi package page.
Pi makes GPT-5.3-Codex act about on par with Claude easily.
There's something in the default Codex harness that makes it fight with both arms behind its back, maybe the sandboxing is overly paranoid or something.
With Pi I can one-shot many features faster and more accurately than with Codex-cli.
> Why is it insecure, well, Pi tells you >No permission popups.
Pi supports permission popups, but doesn't use them by default. Their example extensions show how to do it (add an event listener for `tool_call` events; to block the call put `block: true` in its result).
> there's no secure way to know whether what they're asking to is what they'll actually do
What do you mean? `tool_call` event listeners are given the parameters of the tool call; so e.g. a call to the `bash` tool will show the exact command that will execute (unless we block it, of course).
Interesting approach to planning via extensions. I took a similar direction with enforcement. A governance loop that hooks into the agent's tool calls and blocks execution until protocol is followed. Every 10 actions (configurable), the agent re-centers. No permission popups, but the agent literally can't skip steps.
Open source: https://github.com/isagawa-co/isagawa-kernel
My current fave harness. I've been using it to great effect, since it is self-extensible, and added support for it to https://github.com/rcarmo/vibes because it is so much faster than ACP.
wow, i love this! was about to build this myself, but this looks exactly what i want.
The better web UI is now part of https://github.com/rcarmo/piclaw (which is essentially the same, but with more polish and a claw-like memory system). So you can pick if you want TS or Python as the back-end :)
if i ever want a claw, i'd obv. go with this :)
The claw version’s web UI essentially has better thinking output, more visibility of tool calls, and slightly better SSE streaming. I’ve backported some of it to vibes, but if you want to borrow UI stuff, the better bits are in piclaw. I use both constantly on my phone/desktop.
I haven’t met a single person who has tried pi for a few days and not made it their daily driver. Once you taste the freedom of being able to set up your tool exactly how you like, there’s really no going back.
and you can build cool stuff on top of it too!
Pi has made all the right design choices. Shout out to Mario (and Armin the OG stan) — great taste shows itself.
I do not understand why in the age of ai coding we would implement this in javascript
It’s straightforward: JavaScript is a dynamic language, which allows code (for instance, code implementing an extension to the harness) to be executed and loaded while the harness is running.
This is quite nice — I do think there’s a version of pi’s design choices which could live in a static harness, but fully covering the same capabilities as pi without a dynamic language would be difficult. (You could imagine specifying a programmable UI, etc — various ways to extend the behavior of the system, and you’d like end up with an interpreter in the harness)
At least, you’d like to have a way to hot reload code (Elixir / Erlang could be interesting)
This is my intuition, at least.
Code hotloading isn't a particularly difficult feature to implement in any language.
Sure, but why implement a novel language with said feature if your concern is a harness ... not on implementing a brand new language with this feature?
I built my own harness on Elixir/Erlang[0]. It's very nice, but I see why TypeScript is a popular choice.
No serialization/JSON-RPC layer between a TS CLI and Elixir server. TS TUI libraries utilities are really nice (I rewrote the Elixir-based CLI prototype as it was slowing me down). Easy to extend with custom tools without having to write them in Elixir, which can be intimidating.
But you're right that Erlang's computing vision lends itself super well to this problem space.
[1]: https://github.com/matteing/opal
One thing in its favor is that it was kind of easy and simple to extend and contribute to and share extensions. JavaScript/node is still the biggest dev environment. The same can be said for OpenClaw.
yes! I just don't understand that as well. Up until some time ago claud code's preferred install was a npm i, wasn't it? Please serious answers for why anyone would use a web language for a terminal app
Preconfigured PI: https://github.com/can1357/oh-my-pi
I'd quite like the web tools from oh-my-pi, but able to be extracted to a normal pi tool or plugin... Maybe I should look into that sometime...
Is that an official term "coding harness"
Wondering if you wanted a similar interface (though a GUI not just CLI) where it's not for coding what would you call that?
Same idea cycle through models, ask question, drag-drop images, etc...
Yes. It seems to be the term that stands out the most, as terms like "AI coding assistant", "agentic coding framework", etc. are too vague to really differentiate these tools.
"harness" fits pretty nicely IMO. It can be used as a single word, and it's not too semantically overloaded to be useful in this context.
LLM harness has been in vogue for a year now…
A harness is a collection of stubs and drivers configured to assist with automation or testing. It's a standard term often used in QA as they've been automating things for ages before Gen Ai came on to the scene.
Yes, it is also a device used to control the movement of work animals, which farmers have been using for ages before QA came on to the scene.
Pi was probably the best ad for Claude Code I ever saw.
After my max sub expired I decided to try Kimi on a more open harness, and it ended up being one of the worst (and eye opening experiences) I had with the agentic world so far.
It was completely alienating and so much 'not for me', that afterwards I went back and immediately renewed my claude sub.
https://www.thevinter.com/blog/bad-vibes-from-pi
> I would say that the project actively expects you to be downloading them to fill any missing gaps you might have.
Where did you get this perspective from?
> I thought pi and its tools were supposed to be minimal and extensible. So why is a subagent extension bundling six agents I never asked for that I can’t disable or remove?
Why do you think a random subagents extension is under the same philosophy as pi?
Your blog post says little about pi proper, it's essentially concerned with issues you had with the ecosystem of extensions, often made by random people who either do or do not get the philosophy? Why would that be up to pi to enforce?
Note there is a fork oh-my-pi: https://github.com/can1357/oh-my-pi of https://blog.can.ac/2026/02/12/the-harness-problem/ fame. I use it as a daily driver but I also love pi.
Hugging Face now provides instructions for using local models in Pi:
https://x.com/victormustar/status/2026380984866710002
Pi ships with powerful defaults but skips features like sub-agents and plan mode
Does anyone have an idea as to why this would be a feature? don't you want to have a discussion with your agent to iron out the details before moving onto the implementation (build) phase?
In any case, looks cool :)
EDIT 1: Formatting EDIT 2: Thanks everyone for your input. I was not aware of the extensibility model that pi had in mind or that you can also iterate your plan on a PLAN.md file. Very interesting approach. I'll have a look and give it a go.
See my comment in the thread but there is an intuitive extension architecture that makes integrating these type of things feel native.
https://github.com/badlogic/pi-mono/tree/main/packages/codin...
I plan all the time. I just tell Pi to create a Plan.md file, and we iterate on it until we are ready to implement.
Check https://pi.dev/packages
There are already multiple implementations of everything.
With a powerful and extensible core, you don't need everything prepackaged.
I’m working with a friend to build an ui around Pi to make it more user friendly for people who prefer to work with a gui (ala conductor). You can check out the repo: https://github.com/philipp-spiess/modern
In the same spirit, I also ported a planning UI extension for Pi.
https://plannotator.ai/blog/plannotator-meets-pi/
I've been using Pi day to day recently for simple, smaller tasks. It's a great harness for use with smaller parameter size models given the system prompt is quite a bit shorter vs Claude or Codex (and it uses a nice small set of tools by default).
Which models do you use and what for? I'm looking for ideas to play with.
there is also pz a drop-in replacement for pi rewritten in Zig. 1.7MB static binary, 3ms startup, 1.4MB RAM idle. Find more at:
https://github.com/elyase/awesome-personal-ai-assistants?tab...
Has anyone used an open coding agent in headless mode? I have a system cobbled together with exceptions going to a centralized system where I can then have each one pulled out and `claude -p`'d but I'd rather just integrate an open coding agent into the loop because it's less janky and then I'll have it try to fix the problem and propose a PR for me to review. If anyone else has used pi.dev or opencode or aider in this mode (completely non-interactive until the PR) I'd be curious to hear.
EDIT: Thank you to both responders. I'll just try the two options out then.
pi has an RPC mode which just sends/receives JSON lines over stdio (including progress updates, and "UI" things like asking for confirmation, if it's configured for that).
That's how the pi-coding-agent Emacs package interacts with pi; and it's how I write automated tests for my own pi extensions (along with a dummy LLM that emits canned responses).
Been using pi exactly for this and it's working great!
fast-agent lets you do this as well (and has a skill in its default skills repo to help with automation/running in container/hf job).
You probably want to look into pi then - it's extremely extensible.
you can run https://block.github.io/goose/ in headless mode (I work on goose)
The way you’re able to extend the harness through extension/hook architecture is really cool.
Eg some form of comprehensive planning/spec workflow is best modeled as an extension vs natively built in. And the extension still ends up feeling “native” in use
I’ve been testing it for a few days on pretty much clean install (no customizations/extensions) and it’s ok. Not sure if I like it yet.
Anyone managed to run pi in a completely sandboxed environment? It can only access the cwd and subdirectories
Yeah I wrote a small landlock wrapper using go-landlock to sandbox pi that works well (not public, similar projects are landrun and nono).
Note that if you sandbox to literally just the working directly, pi itself wont run since pretty much every linux application needs to be able to read from /usr and /etc
I run mine inside https://github.com/rcarmo/agentbox (with https://github.com/rcarmo/webterm)
I’ve been tinkering with Gondolin, a micro-vm agent sandbox.
Here’s an example config: https://github.com/earendil-works/gondolin/blob/main/host/ex...
I do this with an extension. I run all bash tools with bwrap and ACLs for the write and edit tools. Serves my purposes. Opens up access to other required directories, at least for git and rust.
I think I published it. Check the pi package page.
But I can't use my Codex plan with it, right? I have to use an API key?
Pi makes GPT-5.3-Codex act about on par with Claude easily.
There's something in the default Codex harness that makes it fight with both arms behind its back, maybe the sandboxing is overly paranoid or something.
With Pi I can one-shot many features faster and more accurately than with Codex-cli.
You can use your Codex plan with it. OpenAI endorsed it several weeks ago, as far as I remember. That could change, however, but now seems safe.
The backing to OpenClaw/MoltBot whatever they're calling themselves. Why is it insecure, well, Pi tells you >No permission popups.
Anyway, even if you give your agent permission, there's no secure way to know whether what they're asking to is what they'll actually do, etc.
> Why is it insecure, well, Pi tells you >No permission popups.
Pi supports permission popups, but doesn't use them by default. Their example extensions show how to do it (add an event listener for `tool_call` events; to block the call put `block: true` in its result).
> there's no secure way to know whether what they're asking to is what they'll actually do
What do you mean? `tool_call` event listeners are given the parameters of the tool call; so e.g. a call to the `bash` tool will show the exact command that will execute (unless we block it, of course).
you want to put agents in a sandbox instead such as bwrap anyways.
Just how expensive was that domain?
README on Github says “pi.dev domain graciously donated by exe.dev” (though that doesn’t say anything about the original price of course).
oh that's kind. i hope they keep the old domain up too though: https://shittycodingagent.ai/