Blog on Mathias WOLFF

Securing pi from the Inside: Guards, Scanners, and Audit with pi-secured-setup

Thu, 07 May 2026 10:00:00 +0200

A few days ago, I covered Greywall — a kernel-level sandbox that contains pi with a deny-by-default approach. That’s your outer wall. But what about threats inside the boundary? The agent that accidentally writes to the wrong project, the .env file that ends up in the LLM context, the skill whose SKILL.md was silently modified. That’s a different problem, and it needs a different tool.

Today I’m releasing pi-secured-setup — a pi extension that adds Guards, Scanners, and an audit trail directly inside the agent. No kernel modules, no containers, no external dependencies. Just a pi install and you’re protected.

Securing pi, Your AI Coding Agent, with Greywall: A Practical Guide

Sun, 03 May 2026 10:00:00 +0200

AI coding agents like pi have become essential daily companions. But by default, pi runs in YOLO mode: full filesystem access, unrestricted command execution, no permissions. It’s a deliberate design choice by its creator, but this freedom comes with real risks. Today, let’s explore Greywall, a tool that sandboxes pi using a deny-by-default approach at the kernel level.

Why Sandbox an AI Coding Agent?

pi in YOLO mode is convenient but risky. Without restrictions, the agent can:

Howto compile cdr_pg_csv freeswitch module on debian / ubuntu

Thu, 18 Apr 2013 17:42:00 +0000

With the standard Makefile configuration delivered form git, you can’t compile cdr_pg_csv. You need top edit theMakefile file of cdr_pg_csv module. The file si located here : src/mod/event_handlers/mod_cdr_pg_csv/Makefile . Copy and past the following code :

UNAME := $(shell uname -s)
ifeq ($(UNAME),SunOS)
ISA64 := $(shell isainfo -n)
LOCAL_CFLAGS=-I/usr/include/postgresql
ifneq (,$(findstring m64,$(CFLAGS)))
LOCAL_LDFLAGS=-L/usr/pgsql-9.1/lib/$(ISA64) -R/usr/pgsql-9.1/lib/$(ISA64) -lpq -static
else
LOCAL_LDFLAGS=-L/usr/pgsql-9.1/lib -R/usr/pgsql-9.1/lib -lpq -static
endif
else
LOCAL_CFLAGS=-I/usr/include/postgresql
LOCAL_LDFLAGS=-L/usr/pgsql-9.1/lib -lpq -static
endif
include ../../../../build/modmake.rules

Now, we are ready for make, so do :

Install freeswitch compiled with odbc PostgreSQL on debian wheezy

Thu, 18 Apr 2013 17:05:00 +0000

This is my first howto in english. As I will release in some days, my project name pyfreebilling (wholesale voip platefom based on Freeswitch, PostgeSQL and Django), i write the first installation step : howto compile and install freeswitch / odbc and postgresql on debian wheezy.

Prerequisites

You need to install these packages :

apt-get install git-core build-essential autoconf automake libtool libncurses5 libncurses5-dev gawk libjpeg-dev zlib1g-dev pkg-config libssl-dev libpq-dev unixodbc-dev odbc-postgresql postgresql postgresql-client

Configuration

You download freeswitch using git :