upvote
Pi is meant for people who know what they are doing. If you dont fall into that category use OpenCode, etc. The whole idea is that you customize Pi to your own needs by asking it to modify itself through extensions.

That said, sometimes it is really easy to leverage existing extensions. You run the risk of supply chain attack though. I installed one extension that was useful, modified it to my needs and pinned it.

reply
> Pi is meant for people who know what they are doing

How many people genuinely know what they're doing when the value prop of Pi is basically to vibe code it to your taste? The entire point of vibe coding being that you don't actually have to know what you're doing?

reply
That’s why Mario said “YOLO” is enabled by default from what I remember—something like, I want you to think about what you’re doing.
reply
We are going to address this. Not by loading the agent but by finding a way to provide official plugins or blessed plugins. But we’re not yet sure what the right approach is.
reply
If you're going to have "blessed" plugins, which seems like a good idea, you'll need a review and possibly hosting process.

- Review to check that the plugin is reasonable quality/isn't malicious.

- hosting (e.g. the plugin is retrieved from a repo. you control) or "known good" checksums so pi will only download the plugin with a version that you've reviewed.

From a security/supply chain aspect, ironically what you're looking to do is deliberately add some friction to the publishing process, which sounds bad, but can be quite effective at mitigating attacks. Most of the recent supply chain attacks get found by automated scanners in < 24 hours, so having a review process for new releases that takes a while will reduce the number that affect users.

I think having this is handy as it'll give security conscious users more confidence in using pi, without the anxiety of pulling a load of additional code from effectively random sources.

reply
ironically (?) i prefer to improve Pi by connecting MCP servers instead of native extensions in part due to this (process-level sandboxing is trivial; anything more granular -- as would be required for in-process plugins -- is far more intimidating).
reply