← Back to directory

pi-subagent

A lightweight subagent extension for the pi coding agent

AgentsVerified with notes★ 36MIT

Safety notes

Verified with notes
Lightweight subagent delegation with spawn/fork context modes.

Static scan findings

This is a first-pass static screen, not a formal audit. It flags patterns worth reading before install.

MEDIUM · token_access
types.ts
  • /** Aggregated token usage from a subagent run. */
  • contextTokens: number;
  • return { input: 0, output: 0, cacheRead: 0, cacheWrite: 0, cost: 0, contextTokens: 0, turns: 0 };
MEDIUM · token_access
index.ts
  • "Context mode for delegated runs. 'spawn' (default) sends only the task prompt (best for isolated, reproducible runs with lower token/cost and less context leakage). 'fork' adds a
  • - 'spawn' (default): child receives only the provided task prompt. Best for isolated, reproducible tasks with lower token/cost and less context leakage.
  • - 'fork': child receives a forked snapshot of current session context plus the task prompt. Best for follow-up tasks that rely on prior context; usually higher token/cost and may i
MEDIUM · token_access
runner-events.js
  • result.usage.contextTokens = usage.totalTokens || 0;
MEDIUM · token_access
render.ts
  • function formatTokens(count: number): string {
  • if (usage.input) parts.push(`↑${formatTokens(usage.input)}`);
  • if (usage.output) parts.push(`↓${formatTokens(usage.output)}`);
MEDIUM · token_access
README.md
  • - `spawn` (default) — Child receives only the task string (`Task: ...`). Best for isolated, reproducible work; typically lower token/cost and less context leakage.
  • - `fork` — Child receives a forked snapshot of the current session context **plus** the task string. Best for follow-up work that depends on prior context; typically higher token/c
  • | Token usage / cost | ❌ No | ✅ Yes |
MEDIUM · token_access
runner-cli.js
  • const nextToken = argv[i + 1];
  • const nextIsValue = nextToken !== undefined && !nextToken.startsWith("-");
  • if (nextIsValue) return [nextToken, 2];
MEDIUM · spawn_shell
runner.ts
  • import { spawn } from "node:child_process";
  • function resolvePiSpawn(): { command: string; prefixArgs: string[] } {
  • const { command, prefixArgs } = resolvePiSpawn();
MEDIUM · spawn_shell
test/agents.test.mjs
  • import { execFileSync } from "node:child_process";
MEDIUM · token_access
test/runner-events.test.mjs
  • contextTokens: 0,
  • totalTokens: 3,
MEDIUM · token_access
test/runner.test.mjs
  • contextTokens: 0,

Package scripts captured

package.json
{
  "test": "node --test"
}