Ever tempted to use or try out the infamous pi-coding-agent but got put off by its lack of out-of-the-box sandbox?
Some people use and/or develop guardrails extensions or poor-man sandboxing solutions; others just deploy it to their VPS so that any potential damage is contained.
But the virtue is somewhere in the middle:
- No need to go to the extreme of complicated cloud deploys to just try out some clanking business.
- No need to setup potentially-unsafe tweaks or plugins that may give you a false sense of security, or too many permissions issues for your clanker to be productive.
Why not just use the unix model? Give Pi a user in your system, a $HOME where to place its git repositories and you're off to the races.
This repository is just a quick npx tool that helps you set up this ideal approach: run it with a simple npx skynot and it will guide you through the process and ask you for sudo permissions in each step that it requires, informing you of what it is doing at all times.
(This repo is of course opensource too so that you can check that what it says it does is what it really does.)
- Check if wget is present; if not: abort suggesting user to install it or use
--npmflag. - Create a user named
aidev, if missing. - Create a group named
aiteam, if missing. - Assign both
aidevuser and current user to groupaiteam. - Create sudoers file so that current user can impersonate
aidevwithout needing a (sudo) password. - Setup 007 umask and ACLs for
aidevand current user to share files without issues. - Download & install Pi under
aidevuser's home:~aidev/pi/. - Install the recommended extensions and/or authentication files if user used flags for them.
- Configure git to be able to share repositores in
~aidev/dir. - Add the agent's binary directory to the
aidevuser's$PATHenv var. - Create a launcher script at
$HOME/bin/spifor the current user. - Create a proper work dir inside
~aidevnamedWork, owned byaidev:aiteam.
- Check that current directory is inside
~aidev/Workor exit with error msg. - Check that all directories of users are NOT readable or writable by
aidevuser. - If any of the user directories are readable or writable, prompt to shield them.
- Launch Pi with the
aidevuser.
npx skynot [options]The following command‑line flags are available:
| Flag | Alias | Description |
|---|---|---|
--help |
-h |
Show the help message with all available options. |
--auth |
-a |
Ask about auth details (provider name and API key) to cook an auth.json file. |
--extensions |
-e |
DEPRECATED: Use spi install <extension> instead, after install. |
--git ["id"] |
-g[i] |
Set git user.name/user.email for aidev. No arg: copies from current user. |
With arg (e.g. "Name Surname <user@example.com>"): uses that instead. |
||
--npm |
-n |
Install Pi using npm instead of tarball (likely to be slower though). |
--paranoid |
-p |
Refrain from caching the sudo password; ask for it every time it is needed. |
--ssh |
-s |
Copy SSH keys to the aidev user for git+ssh (& add GitHub to known_hosts). |
--update |
-u |
Wipe any previous existing install of Pi and reinstall, to get the latest version. |
--verbose |
-v |
Show more output from install commands (useful for debugging/low-bandwidth). |
--version |
-V |
Output the version number. |
--destroy |
--BURN |
Delete the aidev user, all its data (in $HOME), and the aiteam group. |
Please note, -u would technically not wipe or reinstall extensions, as they normally live in a different place (.pi subdir under aidev user's $HOME, and/or $NPM_CONFIG_PREFIX dir).
- The script runs many operations as the
aidevuser viasudo. It setsnpm_config_prefixto$HOME/.npm-globalto avoid permission errors when installing extensions from NPM. - To test locally (directly from sources instead of using
npx), usenpm run exec -- [options](e.g.npm run exec -- -e).
- Linux or macOS
- NodeJS v22.x
- NPM's
npx(install withbrew install npmorapt install npm) - git v2.46 or newer (required for wildcard support in
git config --global safe.directory) setfaclcommand in Linux (to setup ACLs; in Ubuntu this command is provided by theaclAPT package)