IMPLICATOR
Flask creator Armin Ronacher published a technical essay on his personal site on January 31 that endorsed a yellow terminal coding agent called Pi as "the minimal agent within OpenClaw." His company Earendil then announced on April 8 that it had acquired Pi from author Mario Zechner, brought Zechner in as a stakeholder and launched a cloud-based agent platform called Lefos. As of May 6, the badlogic/pi-mono repository on GitHub had 45,041 stars under an MIT license. The npm package @mariozechner/pi-coding-agent was at version 0.73.0. The Pi package catalog listed 2,143 third-party extensions. For comparison the same morning, openai/codex carried 80,174 GitHub stars and google-gemini/gemini-cli carried 103,218.
Of those three repositories, Pi has the lowest star count, and its README is the one that documents capabilities the project intentionally omits. In a November 30 essay on his personal site, Zechner argued that existing coding harnesses inject hidden context, change their behavior between releases, and give users limited visibility into what the model actually saw. He wrote that he built Pi as a small core surrounded by user-shaped extensions and packages rather than as a feature-rich vendor product. The Pi coding-agent README documents four runtime modes (interactive, print or JSON, RPC and SDK) and a tool list of read, write, edit and bash. Capabilities beyond those four tools load through optional extensions or packages. Claude Code and Codex take the opposite approach by shipping editor, IDE and cloud surfaces inside their default products.
Key Takeaways
- Earendil acquired Pi from Mario Zechner on April 8, sixty-seven days after Armin Ronacher's endorsement essay.
- Pi's core deliberately excludes MCP, subagents, permission popups, plan mode, to-dos and background bash.
- The project carries 45,041 GitHub stars and 2,143 community packages on May 6, below Codex and Gemini CLI.
- Earendil's RFC 0015 keeps the core MIT-licensed while reserving Fair Source and proprietary layers for hosted features.
AI-generated summary, reviewed by an editor. More on our AI guidelines.
What Pi leaves out
Pi's usage docs state that the core intentionally excludes built-in MCP, subagents, permission popups, plan mode, to-dos and background bash. A DevOps Toolbox walkthrough published April 24 captured the same posture in demo language: "Pi's philosophy is adopt the coding agent to your needs instead of the other way around. It's stripped from fancy features. There's no MCPS, no sub agents, no plan mode, no background bash."
The contrast with the larger products is direct. OpenAI's Codex documentation lists support for app, editor, terminal, cloud environments, skills, code review and subagents. Anthropic's Claude Code overview lists support for terminal, IDE, browser, MCP, hooks, skills and scheduled tasks. In Pi's design, each of those capabilities is treated as something a user or package author may add later rather than as a default feature of the agent itself.
The repository follows the same logic. Zechner's badlogic/pi-mono splits Pi into a model-access layer called pi-ai, an agent loop called pi-agent-core, a terminal UI framework called pi-tui, and the coding-agent CLI pi-coding-agent, each shipped as a separate MIT-licensed package.
The loop is small, the edge is wide
Thorsten Ball's Amp essay frames Pi from the outside as well as anything Pi has written about itself. "It's an LLM, a loop, and enough tokens," Ball writes, before defining an agent as "an LLM with access to tools, giving it the ability to modify something outside the context window." Pi productizes that definition.
The default tools read almost rude in 2026. Read. Write. Edit. Bash. The provider list does not. Pi accepts subscription logins for ChatGPT Plus and Pro Codex, Claude Pro and Max, and GitHub Copilot, alongside API keys for Anthropic, OpenAI, Gemini, Mistral, Groq, Cerebras, xAI, OpenRouter, Kimi, MiniMax and any OpenAI-compatible local endpoint.
The extension surface is wider still. Extensions can register tools, commands, shortcuts, flags, providers, custom renderers, widgets, dialogs and event hooks. Pi loads Agent Skills from global, project, package, settings and command-line locations. The package catalog listed 2,143 packages on May 6, two days after npm marked @mariozechner/pi-coding-agent as version 0.73.0.
Armin Ronacher's specific detail is the session tree. In Pi, a user can fork from any earlier message rather than drag every diagnostic detour through the same context path. A side question stays a branch. In ordinary agent chat, it becomes sediment.
Follow the agent infrastructure fight
Daily AI analysis from The Implicator. No vendor theater, no breathless demos. Just the numbers, incentives and control points that matter.
Freedom inherits the supply chain
Pi's package docs carry the sentence that should matter most to serious users: "extensions execute arbitrary code," and skills can instruct the model to run executables. Simon Willison calls the dangerous combination "private data, untrusted content, and external communication." A coding agent can touch all three on a normal Tuesday.
Pi's documentation tells users to add through extensions and packages the workflows the core declines to ship, while warning in the same paragraph that those packages can execute arbitrary code on the developer's machine. arXiv preprints on prompt injection across AI development tools and on tool poisoning against real-world MCP servers describe exactly the kind of authority composition the Pi package model creates, even though Pi itself excludes MCP from the default install. Excluding MCP from the core does not remove that broader trust problem so much as relocate it to the package layer, where third-party code can still register tools, providers, prompts and renderers that the agent is then allowed to use.
Read against the 45,041 GitHub stars on badlogic/pi-mono, the catalog's 2,143 packages function both as evidence of momentum and as the size of the review burden forming around an ecosystem in which any installable package can ship code that the model is then allowed to run.
The harness is the market
Earendil's April 8 announcement turned Pi from one developer's project into a platform candidate. The company said it had acquired the open-source codebase, brought Zechner in as a major stakeholder, and introduced Lefos as a cloud-based agent platform. RFC 0015, dated March 30, committed the Pi core to MIT licensing while reserving room for Fair Source layers, proprietary additions and hosted services.
The structure is recognizable open-core: keep the local inspectable loop free, and monetize the team-governance, hosted-workflow and coordination layers built on top. Whether that posture survives contact with Earendil's revenue requirements is the open commercial question, particularly if hosted features begin to substitute for parts of the workflow the open core was supposed to make user-shaped.
Recent measurement work targets the harness layer directly. The AIDev preprint on arXiv catalogues 932,791 agentic pull requests across Codex, Devin, GitHub Copilot, Cursor and Claude Code. A separate task-stratified comparison across 7,156 pull requests reports that no single coding agent leads across every task type. A further arXiv paper on AGENTS.md instruction files reports that repository-level guidance can shift runtime and token consumption for the same task. Those results push a larger share of practical agent quality into harness decisions about file access, tool permissioning, session memory and diff review rather than into the underlying model.
Earendil now controls the Pi codebase, the licensing trajectory laid out in RFC 0015 and the Lefos cloud platform announced alongside the April 8 acquisition. Zechner's November 30 essay argued that vendor-owned harnesses tend to inject hidden context and mutate their behavior between releases, which was his stated reason for keeping Pi's core small. The next round of Pi releases under Earendil ownership, along with the Fair Source boundaries described in RFC 0015 and the Lefos billing terms, will determine whether the user-shaped posture survives commercialization.
Frequently Asked Questions
What is Pi?
Pi is a minimal terminal coding-agent harness created by Mario Zechner, now owned by Armin Ronacher's company Earendil. Its core focuses on the agent loop, file tools, bash access, provider support and extensibility rather than bundled orchestration features.
Why does Pi leave out MCP and subagents?
The official documentation frames those omissions as deliberate design choices. Pi keeps the default core small and lets users add workflows through extensions, packages, skills, prompts, shell tools or separate sessions.
How big is Pi's ecosystem?
The badlogic/pi-mono repository carried 45,041 GitHub stars on May 6 and the Pi package catalog listed 2,143 third-party extensions. Those are attention signals rather than evidence of production usage.
What is the main security concern?
Pi packages can bundle extensions and skills. The package documentation warns that extensions execute arbitrary code, which makes package provenance and review central to safe use.
Is Pi a Claude Code replacement?
Not directly. Claude Code is a productized coding environment. Pi is better understood as a hackable local harness for developers who want to control providers, tools, packages and context themselves.
AI-generated FAQ, reviewed by an editor. More on our AI guidelines.
Marcus Schuler
Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: [email protected]
