Pi.dev coding agent as no sandbox by default.
I love Pi, but minimal mean minimal. I realized it when it rm -f /tmp/somefile.log without asking for permission. There a extension to prevent the most dangerous command. https://github.com/badlogic/pi-mono/blob/main/packages/coding-agent/examples/exte…