Pi: The Minimal Baseline
What you get with 4 tools and a <1,000-token system prompt. Pi is the reference thin harness — every other deep-dive in the curriculum compares against it.
Pi is the base architecture every course in this curriculum builds on. Course 2A builds security tools FOR it (the sandbox, scope, approval gate it omits). Course 2B ATTACKS it (the OWASP ASI offensive procedures find its trust-the-model posture by default). Course 3 drops fine-tuned models INTO its unchanged loop. Course 4 DEPLOYS it at scale. Understand Pi and you understand the irreducible core every thicker harness varies on.
Pi's thin-harness design is correct for its use case, not a deficiency. The 25/60 rubric score is the expected result for a deliberate thin harness — the rubric scores production-readiness across all dimensions, and Pi is deliberately not that. The score reflects what Pi IS NOT (the deliberate omissions), not a failure of what Pi IS (the irreducible core).
The correct fork adds infrastructure, not cleverness. The three 'minimal production' changes (token budget, per-turn observability, basic compaction) close scored gaps WITHOUT adding model-specific logic (so the future-proof test still passes) and WITHOUT changing the threat model (so thinness is preserved). 'Just add a sandbox' changes the threat model without the supporting layer — the cost without the benefit.