pi-auto-reviewer, a new open-source extension for the pi coding agent, brings automatic command review to your development workflow. Think of it as a safety layer that screens every bash command before execution—not by asking you to manually approve each one, but by running commands through an LLM-based classification system. The project draws direct inspiration from Codex Auto-review and Claude Code's auto mode, bringing similar guardrails to the pi ecosystem.

How It Works

The extension implements a three-tier classification system that processes every command the agent wants to run. Tier 1 (Auto-permitted) includes safe commands like ls, cd, grep, git status, npm list, and echo—these execute immediately with zero friction. Tier 2 (Auto-blocked) refuses dangerous operations outright: rm -rf, sudo, chmod 777, git push --force, and shutdown never reach your terminal. Everything else falls into Tier 3 (Needs review), where a secondary reviewer LLM makes the call.

The Reviewer LLM

When a command lands in the review tier—commands like git commit, npm install, curl, mv, sed -i, or cp—a subagent LLM analyzes it with project context before deciding to ALLOW or BLOCK. Users see real-time status messages: "Reviewing: ..." followed by either "Auto-reviewer: ✓ " for approval or "Auto-reviewer: ✗ " for rejection. If the reviewer fails due to timeout or error, the system falls back to interactive prompting so nothing gets silently skipped.

Installation Options

pi-auto-reviewer supports multiple deployment methods. Install globally with a single cp command, distribute via npm using pi install npm:pi-auto-reviewer, or drop it into individual project .pi/extensions/ directories for per-project control. The extension auto-discovers itself when the project is trusted—no manual activation required.

User Experience

The design philosophy prioritizes invisibility once installed. Safe commands run without any visible delay while dangerous ones get blocked immediately with explanations. Tier 3 commands pause briefly for review but users don't have to manually approve each one—the reviewer LLM handles the decision-making based on project context and predefined rules. In non-interactive modes (print or JSON), Tier 3 commands are blocked by default since there's no UI available for fallback prompting.

Customization

The AUTO_PERMITTED and AUTO_BLOCKED arrays in auto-reviewer.ts can be edited to customize which patterns bypass review or get automatically blocked. More advanced users can modify buildReviewPrompt() to change how the reviewer LLM makes its decisions—giving teams fine-grained control over their safety policies without forking the entire project.

Key Takeaways

  • pi-auto-reviewer brings Codex Auto-review-style guardrails to the pi coding agent ecosystem
  • Three-tier system balances safety with convenience by automating routine decisions
  • Non-interactive mode (print/JSON) blocks Tier 3 commands by default since there's no UI fallback