npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@zilchfp/pi-agent-stack

v0.1.4

Published

Public-safe base Pi agent stack: pinned package settings, bootstrap helpers, and environment checks.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

zilchfpzilchfp

Keywords

pi-packagepicoding-agentbootstrap

Readme

pi-agent-stack-zilchfp

Public-safe base Pi agent stack for keeping Pi consistent across devboxes.

Default mode is global. It writes:

~/.pi/agent/settings.json

Use project mode only when a specific repo needs its own .pi/settings.json override.

Quick start

After package is published to npm:

npm install -g --ignore-scripts @zilchfp/[email protected] && pi-stack-bootstrap --install

Then authenticate Copilot once per devbox:

pi
/login -> GitHub Copilot

Done. Now pi in any repo uses the pinned global stack.

One-shot without installing stack CLI globally

After publish, this also works:

npx -y @zilchfp/[email protected] --install

This bootstraps global Pi settings, but does not leave pi-stack-check / piz commands installed globally. Prefer the Quick start command for normal devboxes.

What bootstrap does

pi-stack-bootstrap --install:

  1. writes ~/.pi/agent/settings.json,
  2. pins the stack package: npm:@zilchfp/[email protected],
  3. pins extra public Pi packages from stack/packages.json,
  4. installs missing helper binaries fd and ripgrep so Pi does not try GitHub downloads on first startup,
  5. installs rtk via Cargo when Cargo is available, so pi-rtk-optimizer can rewrite commands,
  6. installs/upgrades Pi CLI to stack/versions.json,
  7. runs pi update --extensions,
  8. keeps Copilot auth local; no token copied.

Skip helper binary install if you want to manage tools yourself:

pi-stack-bootstrap --install --skip-tools

Skip only rtk:

pi-stack-bootstrap --install --skip-rtk

Daily commands

Check global Pi stack:

pi-stack-check

Install/check helper binaries separately:

pi-stack-ensure-tools

Start Pi with gate:

piz

Update global settings after a new stack release:

pi-stack-bootstrap --stack-package npm:@zilchfp/[email protected] --install

Optional project mode

Only use this when a repo should commit its own Pi config:

pi-stack-bootstrap --project Q:/path/to/repo --install

Project mode writes:

<repo>/.pi/settings.json
<repo>/.gitignore

Project settings override global settings when Pi runs inside that repo.

Before npm publish

If the npm package is not published yet, install from git source instead:

npm install -g --ignore-scripts git+ssh://[email protected]/zilchfp/pi-agent-stack-zilchfp.git#<commit-or-tag> && pi-stack-bootstrap --stack-package git:[email protected]:zilchfp/pi-agent-stack-zilchfp.git@<commit-or-tag> --install

Use HTTPS instead of SSH if preferred:

npm install -g --ignore-scripts git+https://github.com/zilchfp/pi-agent-stack-zilchfp.git#<commit-or-tag> && pi-stack-bootstrap --stack-package https://github.com/zilchfp/pi-agent-stack-zilchfp@<commit-or-tag> --install

Public base vs private overlay

This package is public-safe. Do not put business-private prompts, URLs, MCP config, model config, or internal extensions here.

Private/business behavior belongs in a separate private overlay package, e.g. target/global settings can include:

{
  "packages": [
    "npm:@zilchfp/[email protected]",
    "npm:@org/[email protected]"
  ]
}

Included extensions

See docs/extensions.md.

Publish notes

First publish may require npm 2FA:

npm run check
npm pack --dry-run
npm publish --access public --otp <6-digit-code>

After first publish, configure npm Trusted Publisher:

Provider: GitHub Actions
Organization/user: zilchfp
Repository: pi-agent-stack-zilchfp
Workflow filename: publish.yml
Allowed actions: npm publish

Then release by tag:

npm version patch
git push origin main --tags

Security

Pi packages/extensions run with full system permissions. Review source before bumping packages.

Secrets never belong in this package or .pi/settings.json: API keys, OAuth/session tokens, cookies, GitHub/npm tokens, SSH private keys, cloud credentials, kubeconfig, database URLs, webhook secrets.