Remix.run Logo
docheinestages 2 hours ago

I think the developers of Pi made a supply chain mistake by stripping down the core agent and requiring features like subagents to load plugins written by some random person.

stpedgwdgfhgdd an hour ago | parent | next [-]

Pi is meant for people who know what they are doing. If you dont fall into that category use OpenCode, etc. The whole idea is that you customize Pi to your own needs by asking it to modify itself through extensions.

That said, sometimes it is really easy to leverage existing extensions. You run the risk of supply chain attack though. I installed one extension that was useful, modified it to my needs and pinned it.

ljm 31 minutes ago | parent | next [-]

> Pi is meant for people who know what they are doing

How many people genuinely know what they're doing when the value prop of Pi is basically to vibe code it to your taste? The entire point of vibe coding being that you don't actually have to know what you're doing?

mdgld 25 minutes ago | parent | prev [-]

That’s why Mario said “YOLO” is enabled by default from what I remember—something like, I want you to think about what you’re doing.

the_mitsuhiko an hour ago | parent | prev | next [-]

We are going to address this. Not by loading the agent but by finding a way to provide official plugins or blessed plugins. But we’re not yet sure what the right approach is.

raesene9 an hour ago | parent [-]

If you're going to have "blessed" plugins, which seems like a good idea, you'll need a review and possibly hosting process.

- Review to check that the plugin is reasonable quality/isn't malicious.

- hosting (e.g. the plugin is retrieved from a repo. you control) or "known good" checksums so pi will only download the plugin with a version that you've reviewed.

From a security/supply chain aspect, ironically what you're looking to do is deliberately add some friction to the publishing process, which sounds bad, but can be quite effective at mitigating attacks. Most of the recent supply chain attacks get found by automated scanners in < 24 hours, so having a review process for new releases that takes a while will reduce the number that affect users.

I think having this is handy as it'll give security conscious users more confidence in using pi, without the anxiety of pulling a load of additional code from effectively random sources.

colinsane an hour ago | parent | prev [-]

ironically (?) i prefer to improve Pi by connecting MCP servers instead of native extensions in part due to this (process-level sandboxing is trivial; anything more granular -- as would be required for in-process plugins -- is far more intimidating).