Add pi-agent sandbox

[luebken]

Add pi-agent sandbox

Adds a community sandbox for pi (https://pi.dev/ / https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent), a minimal terminal-based coding agent.

What is pi?

Pi is an open-source coding agent that runs in the terminal. It provides tools for reading, writing, editing files, and executing shell commands — driven by LLMs from multiple providers (Anthropic, OpenAI, Google, NVIDIA). OpenClaw uses pi as its agent harness.

What's included in the PR

• Dockerfile: Installs pi on top of the community base image
• policy.yaml: Network policy scoped to LLM provider APIs, GitHub (read-only), and npm
• README.md: Build, usage, and configuration docs

Network policy highlights

• LLM APIs: Anthropic, OpenAI, Google, NVIDIA
• GitHub: read-only (git clone/fetch + REST API)
• npm registry: for installing pi extensions
• All other outbound connections blocked

TODOs

• Feedback from the PI community
• Smoke & Conformance tests

[luebken]

I've ran a basic conformance test.

#!/bin/bash
PASS=0; FAIL=0
check() {
  if eval "$2" >/dev/null 2>&1; then res="✅"; ((PASS++))
  else res="❌"; ((FAIL++)); fi
  printf "%-40s %s\n" "$1" "$res"
}
check_fail() {
  if eval "$2" >/dev/null 2>&1; then res="❌ (should have failed)"; ((FAIL++))
  else res="✅ (blocked as expected)"; ((PASS++)); fi
  printf "%-40s %s\n" "$1" "$res"
}
echo "=== OpenShell Pi Agent Sandbox Smoke Test ==="
echo ""
check "Running as 'sandbox' user"        '[ "$(whoami)" = "sandbox" ]'
check "/sandbox exists and is writable"   'echo hi > /sandbox/.test && rm /sandbox/.test'
check_fail "/usr is read-only"            'touch /usr/.test 2>/dev/null'
check_fail "/etc is read-only"            'touch /etc/.test 2>/dev/null'
check "/tmp is writable"                  'echo hi > /tmp/.test && rm /tmp/.test'
check_fail "Outbound to example.com blocked"  'curl -sf --max-time 3 https://example.com'
check_fail "Outbound to random host blocked"  'curl -sf --max-time 3 https://httpbin.org/get'
check "Node.js available"                 'node --version'
check "Pi coding agent available"         'pi --version'
echo ""
echo "Results: $PASS passed, $FAIL failed"

sandbox@pi-agent:~$ bash /sandbox/hello-sandbox.sh
=== OpenShell Pi Agent Sandbox Smoke Test ===

Running as 'sandbox' user                ✅
/sandbox exists and is writable          ✅
/usr is read-only                        ✅ (blocked as expected)
/etc is read-only                        ✅ (blocked as expected)
/tmp is writable                         ✅
Outbound to example.com blocked          ✅ (blocked as expected)
Outbound to random host blocked          ✅ (blocked as expected)
Node.js available                        ✅
Pi coding agent available                ✅

Results: 9 passed, 0 failed