Guardrails, Observability and Team Mode - June 2026
June was a guardrails month. Publicly, that meant one long post about
stopping LLMs from drifting inside production codebases, a lot more my-pi work, and a few small updates across the usual tooling pile.
Privately, it was more of the same theme: making AI-assisted work
safer in real systems where a plausible shortcut can quietly become
tomorrow’s architecture.
The bit that actually got me excited was getting agents to talk to each other. Same project, different project, whatever: separate Pi sessions can now discover each other, send messages, form groups, and coordinate work without me pretending one enormous prompt is a team.
The other bit I’m proud of is the harness maker. Instead of planning a
risky task out in a pile of .md files and hoping the agent follows
it, my-pi can now create the actual task harness for the feature:
contract, allowed paths, forbidden commands, validation, status, logs,
and outcome artefacts included.
Production Guardrails
The main post this month was:
That one came directly from client work. I’ve been using AI coding tools every day on large private production codebases, including a finance workflow processing more than $20m a month in capital. When a system has audit trails, permissions, generated documents, calculations, operational handoffs, and real users depending on it, “prompt harder” is not an engineering system.
The useful bit is putting pressure in the repo where the model has to hit it:
- block bad writes before they land
- turn repeated review comments into lint rules
- enforce project boundaries with boring scripts
- make source-of-truth docs searchable and citable
- use skills as narrow playbooks, not motivational posters
- make handoff checks stop fake “done” summaries
The post uses Svelte examples because that is where a lot of my work
is, especially the old favourite of agents reaching for $effect when
what they actually need is derived state, an event handler, an action,
or lifecycle code. But the pattern is not Svelte-specific. Swap $effect for direct database imports, broad cache invalidation,
generated file edits, unsafe server/client boundaries, or whatever
keeps coming back in review.
The line I keep coming back to is this: when a review comment repeats three times, consider making it a rule.
Not every rule needs to block on day one. Some should start as warnings. Some should be advisories. Some will be annoying and need allowlists. That is fine. The point is to stop every new agent session from rediscovering the same boundary by breaking it.
my-pi
my-pi kept absorbing those lessons too. The repo moved a lot this
month, and it is increasingly less “my local wrapper around Pi” and
more “the actual workbench I want to live in”.
The biggest public bits were observability, team coordination, and a new harness runtime.
pi-observability got a proper
web dashboard, then several rounds of refinement. It now gives me a
local view of sessions, timelines, event drawers, payload summaries,
trace details, active sessions, costs, token usage, and enough context
to answer the only question that matters when an agent goes sideways:
what happened, which tool caused it, and how did it recover?
This is one of those features that sounds like a toy until you are halfway through a messy run and need receipts. The terminal scrollback is not a system of record. A local SQLite-backed dashboard is much closer.
Team mode got the update that made me grin the most. The new peer session coordination work lets independently running Pi sessions discover each other, send mailbox messages, form groups, wait on replies, and work across sessions or even across projects. I made a quick video of that here: agents talking to each other in my-pi.
That is the direction I want for local agent orchestration: not one giant prompt pretending to be a team, but separate sessions with identities, tasks, messages, and traceable handoffs.
There is also a new pi-harness runtime. The idea is simple: for
ambiguous or risky work, do not just make a plan in Markdown and hope
for the best. Create the harness for the feature. Give it a
machine-readable contract, validation commands, allowed paths,
forbidden commands, logs, status, and outcome artefacts. The agent can
work inside the harness, update status as it goes, and leave behind
something reviewable instead of just saying “done”.
Very normal behaviour, obviously.
A few other my-pi bits shipped too:
- built-in Umans provider support
- configurable OpenRouter Fusion defaults
- session naming fixes and kebab-case session names
- package/module refactors to remove architecture boundary advisories
- more observability dashboard polish
- better team spawn model selection
- peer coordination identity and database migrations
- image optimisation and README/package preview tidy-up
I also added my-pi to the site portfolio because at this point it is
not just an experiment. It is how I work.
Open Source Bits
A few smaller tools moved as well.
nopeek picked up a run command and shell output mode for child-process secret injection
workflows. The persistence messaging is clearer now too, so it is less
ambiguous when a loaded key is available to later commands and when a
session cannot inject environment variables directly.
That project continues to exist because I do not want secrets in model
context. The model can know $DATABASE_URL exists. It does not need
to know the value. Still the whole pitch.
mcpick got an OpenCode config
serialisation fix so local, remote, environment, and profile writes
match the expected schema. It also had a bit of cleanup around dynamic
imports and the usual version bump conveyor belt.
wiki0 had a smaller public
month after the initial May burst. The useful updates were around
configurable wiki content directories, web production build fixes,
graph checks, and a note about the browser-first web app direction.
Still early, still useful, still very much part of the same
local-first project memory thread.
The skills repo had SvelteKit
updates too, including recent config changes and the remote functions query.live pattern. That is another quiet-but-important bit of the
whole setup: if the skill is stale, the agent is stale. The docs and
playbooks need maintenance just like code.
There was also the usual dependency treadmill across the site and the tooling repos: SvelteKit, Svelte, pnpm, Vitest, Playwright, Tailwind, Node, and friends. Glamorous? No. Necessary? Unfortunately, yes.
Blog Posts
One post this month:
It is long, practical, and probably the clearest summary so far of how I think about AI coding in real codebases: not magic, not doom, just engineering pressure applied in the right places.
Fin
So yeah, June was less launch noise and more infrastructure for the way I actually want to work. Guardrails in production codebases, observability for agent sessions, peer coordination for multiple sessions, and a harness that makes risky work more reviewable.
The theme is pretty obvious: keep the useful speed, remove as much fake confidence as possible.
If you want to poke around, the repos and post are linked above, or come say hi on Bluesky. Thanks for reading!