PITHOS performs static repository review. The initial production scope does not run target application code, start services, run migrations, execute tests, or apply patches.
Local repositories and cloned GitHub repositories are mounted read-only inside
the Pi agent container at /repo.
PITHOS runs Pi inside a Docker-managed agent image. Docker is required. If a gVisor runtime is configured through the inherited sandbox environment, Docker uses it; otherwise Docker's default runtime is used.
The agent needs outbound access to the selected Pi provider. Firecrawl
credentials are forwarded only when FIRECRAWL_API_KEY or
FIRECRAWL_API_URL is set.
PITHOS redacts GitHub tokens from Git errors and does not write token-bearing
remote URLs to disk. Provider API key environment variables are passed into the
agent container when set. --pi-config-dir mounts only auth.json and
models.json read-only.
Avoid running PITHOS from directories that contain unrelated secrets unless they belong to the repository being reviewed.