How I run pi.dev safely (and actually get work done)

Most people are still using ChatGPT or Claude in a browser tab.

That is fine, but it is table stakes now.

If you are already using OpenClaw or Hermes, you are ahead of that curve. But if you want the most practical day to day coding harness right now, start with pi.dev.

By the end of this guide, you will have a safe, isolated pi setup with model login, browser automation, and deploy CLIs ready in one session.

5 minute quickstart

# 1) Install pi
npm install -g @mariozechner/pi-coding-agent

# 2) Start pi
pi

# 3) Inside pi, run:
# /login
# /model
# Install agent-browser globally, then run agent-browser install.
# Install gh, vercel, and supabase CLI on this machine. Then run gh auth login, vercel login, and supabase login.

first, a hard safety warning

Do not run pi on your daily personal machine.

A coding agent with terminal and file tools can access or change anything your user account can access: code, SSH keys, screenshots, photos, email exports, local notes, tokens, browser data, and more.

Treat this like giving a very fast junior operator shell access.

Also: do not hand agents raw credentials. Put an approval and delegation layer in between.

In pi, the bottom right of the interface shows which model has full access in the current session. Treat that as a live risk indicator. If you want guardrails around credential delegation, use something like 21pins.com.

Use one of these instead:

1. Container (good for quick experiments)
2. VM (good local isolation)
3. VPS (good remote isolation)
4. Dedicated hardware (best long term)

My recommendation for serious use: a used Mac Studio or Mac mini dedicated to agent work. If you want to keep costs down, check Facebook Marketplace, eBay, and Craigslist for local deals.

why start with pi.dev

pi stays out of your way. You can keep it lean, or build it into your own operator stack.

You can log into frontier models you already pay for, switch models quickly, and add tools as your workflow grows.

install pi (macOS + Linux)

prerequisites

• Node.js 20+ recommended
• npm available

---

macOS

# Optional: install Node with Homebrew
brew install node

# Install pi globally
npm install -g @mariozechner/pi-coding-agent

# Run pi
pi

Linux (Ubuntu/Debian)

# Install Node.js + npm (one common path)
sudo apt update
sudo apt install -y nodejs npm

# Install pi globally
sudo npm install -g @mariozechner/pi-coding-agent

# Run pi
pi

If you use nvm/asdf/mise, install Node that way and run npm install -g @mariozechner/pi-coding-agent without sudo.

log in to your frontier model subscriptions

Inside pi:

/login

Pick the providers you already subscribe to.

Then list and select models:

/model

That gives you immediate leverage from accounts you are already paying for.

add browser automation: vercel-labs/agent-browser

Repo: https://github.com/vercel-labs/agent-browser

You can usually just tell pi directly:

Install agent-browser globally, then run agent-browser install.

On Linux, ask for deps too:

Install agent-browser globally, then run agent-browser install --with-deps.

If you prefer to run it manually, use:

# macOS / Linux
npm install -g agent-browser
agent-browser install

# Linux with system deps
agent-browser install --with-deps

This is where things get real. Your agent can navigate pages, click buttons, fill forms, take snapshots, and capture screenshots.

add core operator CLIs

Do this in pi too. Tell it to install and authenticate each CLI in the same environment where pi runs.

Install gh, vercel, and supabase CLI on this machine.
Then run gh auth login, vercel login, and supabase login.

If you prefer to run commands manually:

GitHub CLI (gh)

macOS

brew install gh
gh auth login

Linux (Ubuntu/Debian)

sudo apt update
sudo apt install -y gh
gh auth login

Vercel CLI (vercel)

npm install -g vercel
vercel login

Supabase CLI (supabase)

macOS

brew install supabase/tap/supabase
supabase login

Linux

npm install -g supabase
supabase login

quick verification checklist

Run these in your agent environment:

pi --version
agent-browser --version
gh --version
vercel --version
supabase --version

Then in pi:

/login
/model

If those commands work, you are ready to run real coding and deployment workflows.

next move: skills first

After verification, explore skills that match your workflow.

Ask pi to review:

• https://skills.sh/
• https://github.com/obra/superpowers

Then ask:

Which of these skills would be useful for my workflow?

Pick a few, install what fits, and ignore the rest.

then evaluate every new tool through pi

When you hear about a new tool (for example OpenClaw or Hermes), paste the GitHub URL into pi and ask:

Is there anything here useful for my workflow?

If the answer is yes, have pi walk you through only the pieces you actually need, and install those.

one real workflow to test

After setup, run this once end to end:

1. Ask pi to open a repo and create a branch.
2. Make a small code change.
3. Run tests.
4. Commit and push.
5. Open a PR.
6. Deploy preview (if applicable).

If that works, your setup is production ready.

final note

Now you can do almost everything you want inside a single pi session.

Always remember: if you would not want something on the public internet forever, switch to Ollama or another private model before you run sensitive tasks. You can confirm which model is active in the bottom right.

publish checklist

• Running in isolated environment (container, VM, VPS, or dedicated hardware)
• /login complete
• /model selected
• agent-browser installed
• gh, vercel, and supabase authenticated
• Private model selected for sensitive work

Happy using pi.