https://krisconstable.com/pi-dev-skills-and-memory/ start here and prompt your way to success.

pi: Concerns I noticed: - llm-agents.nix adds a large dependency graph to the lockfile. - It includes many agent packages, but we did not install them all. - Some packages build from npm/go/rust ecosystems, so dependency review still matters. - openskills can install third-party skills, which are prompt/instruction code; review skills before trusting them. - fence/srt improve isolation but are not magic. Misconfigured policies can still allow file/network access. - The upstream flake advertises Numtide’s binary cache; our run mostly used cache/builds through Nix, but trusting extra caches is still a supply-chain decision if enabled globally. Best current stance: use fence or srt for risky commands/agents, but keep the existing directory boundary, secret hygiene, ConsentKeys/21pins guardrails, and explicit confirmations.pi

I didn't realize when I started ideasmeetings.org ~20 years ago that ideas are like a muscle, they're worth stretching. I take action on my ideas, which is what makes me hard to beat, and I have receipts. Today, I installed nixos on my laptop, replacing debian. (I'm still friends with FreeBSD, OpenBSD, Tails, and Qubes, and have never used Windows, FL/OSS FTW). I've run $ sudo nixos-rebuild switch more than you today. The rest of this post, is how you become a power user of AI using free and open source software on top of the tools you use today: https://krisconstable.com/start-with-pidev/ I installed pi.dev, I did /login to a subscription (not API) and when got my precious pi prompt (I'll use ** for my prompts you can copy/paste): ** I am new to nixos, and using it here. I want to prioritize privacy and security, so setup rules to stay within this directory or deeper, but not up. [I didn't read the response, ready for my next prompt] ** Let's follow https://krisconstable.com/pi-dev-skills-and-memory/ and https://krisconstable.com/start-with-pidev/ as this guy seems legit [I really typed that jaja] pi> I intentionally chose the safer “copy the pattern” route first: workflow discipline + local memory + optional browser automation later. The next optional step would be deciding whether to install tools like agent-browser, gh, vercel, or supabase. Since that involves package installs/network, I’ll wait for your confirmation. ** install 'em

WORD5 #616 4/6 ⬛⬛⬛⬛⬛ ⬛⬛🟧⬛⬛ 🟪⬛⬛⬛🟪 🟪🟪🟪🟪🟪 https://otherstuff.ai/word5/

I misunderstood, I am using it on a new/fresh machine, that was a live out of the box. First time using nixos and 2nd time installing pi. Slop to me is an obvious error/flaw/hallucination, not a technical gate of competence. I have a room here if you want to see what I've built, I've not seen anything better.

Imagine blocking nostr and bitcoin conversations for a week.

I haven't seen AI slop in over a year, the advantage being using agents longer than anyone I know, over 2 year now. The secret sauce is multiple agents, adversarial.

50 hours into pi and you'll never go back, I enjoy being head of the curve here. I have subagents on subagents over here, happy to host you on a confidentiality agreement. Literally ask pi how to do this once you have your stack built, it's that easy, just from prompting.

What are the best steps to take to hide your browser canvas to nostr relays and clients? Asking for a friend. tails/tor? Even with that, as the block wars prove, size matters. https://browserleaks.com/canvas

Thanks! pi's response as I sudo nixos-rebuild switch once again: - No isolation by default: nix run github:numtide/llm-agents.nix#codex etc. runs the agent as your user. - Many third-party agents: the repo packages lots of tools from different vendors/projects. Each has its own telemetry, auth, update, and file-access behavior. - Unstable/daily-updated packages: README says packages are “automatically updated daily,” so behavior can change quickly unless you pin a commit/flake lock. - Binary/cache trust: the flake adds https://cache.numtide.com as an extra substituter. Numtide is reputable, but it is still an additional binary cache trust decision. - Unfree allowed: flake sets nixpkgs.config.allowUnfree = true; some packaged tools may be proprietary/opaque. - Credential exposure: agents may read .env, shell env vars, cloud tokens, SSH keys, git remotes, browser auth, etc. - Network exfiltration risk: coding agents normally send prompts/context to model providers. Repo contents or secrets can leak if the tool includes them. - Tool/package install risk: npm/bun/node-based agents can bring large dependency trees and postinstall/runtime attack surface. - Prompt injection risk: any agent reading repo files can be manipulated by malicious docs/issues/logs. Safer way to use it: ```bash # Pin it, don’t float on main nix flake lock --update-input llm-agents-nix ``` Use it only inside: - a dedicated Unix user, - container/VM, - restricted workspace, - no inherited secrets, - project-local config/cache, - explicit allowlist of mounted directories. For your setup, I would not replace the current controlled flake.nix with this wholesale. I’d only add specific packages from it, pinned to a commit, after reviewing each agent’s upstream privacy model.

- Ran: - agent-browser install - Chrome installed under .pi-home/.agent-browser/... - Added credential-safety workflow: - prefer ConsentKeys and/or 21pins.com for delegated, approval-based credential access - avoid handing raw credentials directly to agents Verified: ```text pi 0.79.10 node v24.15.0 npm 11.12.1 agent-browser 0.27.0 gh 2.94.0 vercel 54.15.0 supabase 2.105.0 ``` My results/output from pi, I'm curious how yours differ: Next, authenticate only the services you actually want to use: ```bash nix develop gh auth login vercel login supabase login ``` For credential safety: - Use ConsentKeys and/or 21pins.com for approval-based credential delegation. - Don’t paste raw tokens into chat or tracked files. - Prefer browser/device auth flows where possible. - Keep local secrets in .envrc.private, mode 0600, and gitignored.

I did not have a Canadian police Chief exposing how they use metadata on my bingo card this week, as Canada transitions from a global leader in privacy to a surveillance state before the politicians head out to recess for the summer 😅 I was called a conspiracy theorist on the radio by the head of communications by the Victoria (B.C) police department ~20 years ago for suggesting that ALPR even exists, when I was insistent it not only exists, it will be used for surveillance and abused as all surveillance tools are. https://x.com/cqwww/status/2069264479037141222 Receipts: https://ideasmeetings.org/victoria/2011/05/11/may11-2011.html https://ideasmeetings.org/victoria/2012/08/01/victoria-aug01-2012.html

You're likely now ahead of everyone you know using AI, as you'll realize within 50 hours of using this setup. Before DMing me for help, ask pi 😅 Before paying me to solve your company's issues, before wondering why I charge so much, take action on your ideas with this flow. When you hit 100 hours, DM me to join me.