New issues and PRs from new contributors are auto-closed by default. Maintainers review auto-closed issues daily. See CONTRIBUTING.md.
Pix is a self-extensible coding agent harness with a terminal coding agent, agent runtime, unified LLM API, and TUI package.
- @chengshiliu16/pix-coding-agent: Interactive coding agent CLI
- @chengshiliu16/pix-agent-core: Agent runtime with tool calling and state management
- @chengshiliu16/pix-ai: Unified multi-provider LLM API (OpenAI, Anthropic, Google, …)
Documentation lives in packages/coding-agent/docs.
| Package | Description |
|---|---|
| @chengshiliu16/pix-ai | Unified multi-provider LLM API (OpenAI, Anthropic, Google, etc.) |
| @chengshiliu16/pix-agent-core | Agent runtime with tool calling and state management |
| @chengshiliu16/pix-coding-agent | Interactive coding agent CLI |
| @chengshiliu16/pix-tui | Terminal UI library with differential rendering |
For Slack/chat automation and workflows see ChengShiLiu16/pix.
Pix does not include a built-in permission system for restricting filesystem, process, network, or credential access. By default, it runs with the permissions of the user and process that launched it.
If you need stronger boundaries, containerize or sandbox Pix. See packages/coding-agent/docs/containerization.md for three patterns:
- OpenShell: run the whole
pixprocess in a policy-controlled sandbox. - Gondolin extension: keep
pixand provider auth on the host while routing built-in tools and!commands into a local Linux micro-VM. - Plain Docker: run the whole
pixprocess in a local container for simple isolation.
See CONTRIBUTING.md for contribution guidelines and AGENTS.md for project-specific rules (for both humans and agents).
npm install --ignore-scripts # Install all dependencies without running lifecycle scripts
npm run build # Build all packages
npm run check # Lint, format, and type check
./test.sh # Run tests (skips LLM-dependent tests without API keys)
./pix-test.sh # Run pix from sources (can be run from any directory)We treat npm dependency changes as reviewed code changes.
- Direct external dependencies are pinned to exact versions. Internal workspace packages remain version-ranged.
.npmrcsetssave-exact=trueandmin-release-age=2to avoid same-day dependency releases during npm resolution.package-lock.jsonis the dependency ground truth. Pre-commit blocks accidental lockfile commits unlessPIX_ALLOW_LOCKFILE_CHANGE=1is set.npm run checkverifies pinned direct deps, native TypeScript import compatibility, and the generated coding-agent shrinkwrap.- The published CLI package includes
packages/coding-agent/npm-shrinkwrap.json, generated from the root lockfile, to pin transitive deps for npm users. - Release smoke tests use
npm run release:localto build, pack, and create isolated npm and Bun installs outside the repo before tagging a release. - Local release installs, documented npm installs, and
pix update --selfuse--ignore-scriptswhere supported. - CI installs with
npm ci --ignore-scripts, and a scheduled GitHub workflow runsnpm audit --omit=devplusnpm audit signatures --omit=dev. - Shrinkwrap generation has an explicit allowlist for dependency lifecycle scripts; new lifecycle-script deps fail checks until reviewed.
MIT