I love Pi, but minimal mean minimal.
I realized it when it rm -f /tmp/somefile.log without asking for permission.
There a extension to prevent the most dangerous command.
Or there actual sandbox : https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent/examples/extensions/sandbox
Might be worth checking all the other Safety one too : https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent/examples/extensions#lifecycle--safety
---EDIT---
I get many of you disagree with their choice, but when i developer say they made something "opinionated", that mean they made choice they know most wont like.
I realise i'm the one who didnt inform myself enough and read the doc and stuff...
Not asking for permission is part of their Philosophy https://pi.dev,
No permission popups. Run in a container, or build your own confirmation flow with extensions inline with your environment and security requirements.
https://mariozechner.at/posts/2025-11-30-pi-coding-agent/#toc_13
But for some reason, i still though it would have been confine to its working directory like most coding agent.
I should have read more, but that why i'm pointing at it now for other like me :)
[link] [comments]