Module DD-01 — Pi: The Minimal Baseline

Pi: The Minimal Baseline

What you get with 4 tools and a <1,000-token system prompt. Pi is the reference thin harness — every other deep-dive in the curriculum compares against it.

45
minutes
8
artifacts
3
sub-sections
Pi is not a toy — it is a deliberate architectural statement: do as little as possible in the harness; let the model do the work. The model is the 1.6%; Pi is the 98.4% shrunk as small as it can go before it stops being a harness at all. ~80-line loop, 4 tools, <1k prompt, trust-the-model. The thinness IS the design, and every absent component is a conscious tradeoff for legibility and co-evolution. Pi is the base architecture every course in this curriculum builds on: Course 2A builds security tools for it, Course 2B attacks it, Course 3 drops fine-tuned models into it, Course 4 deploys it at scale.
Key Claims
Load-Bearing Claims

Pi is the base architecture every course in this curriculum builds on. Course 2A builds security tools FOR it (the sandbox, scope, approval gate it omits). Course 2B ATTACKS it (the OWASP ASI offensive procedures find its trust-the-model posture by default). Course 3 drops fine-tuned models INTO its unchanged loop (the future-proof test makes the swap seamless). Course 4 DEPLOYS it at scale. Understand Pi and you understand the irreducible core every thicker harness varies on.

Pi's thin-harness design is correct for its use case, not a deficiency. The 25/60 rubric score is the expected result for a deliberate thin harness — the rubric scores production-readiness across all dimensions, and Pi is deliberately not that. The score reflects what Pi IS NOT (the deliberate omissions: sandbox, memory, state, verification), not a failure of what Pi IS (the irreducible core: loop, tools, thin prompt, co-evolution).

The three decisions Pi makes are the baseline every thicker harness should justify deviating from: the 4-tool set, the dumb-loop philosophy, and the ultra-thin prompt. The 4-tool set is the minimum capable set and the lowest-noise set (the Vercel finding). The dumb-loop co-evolves with model upgrades (the future-proof test). The <1k prompt delegates to the model and does not fight capability growth.

The correct fork adds infrastructure, not cleverness. The three 'minimal production' changes (token budget, per-turn observability, basic compaction) close scored gaps WITHOUT adding model-specific lookahead/planning/reflection (so the future-proof test still passes) and WITHOUT changing the threat model (so thinness is preserved). Contrast: 'just add a sandbox' changes the threat model without the supporting layer — the cost without the benefit.

After This Module
01
Apply the 6-phase deep-dive methodology (Module 0.3) to Pi and produce a scored analysis card with file:line evidence.
02
Defend Pi's thin-harness design as correct for its use case, not as a deficiency — the load-bearing distinction the rest of the curriculum depends on.
03
Score Pi on the 12-module rubric (/60) with evidence, and explain why a low absolute score is the expected result for a deliberate thin harness, not a failure.
04
Write the Architect's Verdict and MLSecOps Relevance note for Pi in the canonical template.
05
Use Pi as the benchmark for every subsequent deep-dive — every other harness is measured against Pi's minimalism: 'how much thickness does X add, and why?'
06
Articulate the three decisions Pi makes that every thicker harness should justify deviating from (the 4-tool set, the dumb-loop philosophy, the ultra-thin prompt).
Artifacts
01
Teaching Document
~2,800 words; the full 6-phase analysis (first contact, architecture map, 12-module audit, security audit, benchmark, score & synthesis) plus the curriculum-threading note (Pi as the base architecture for C2A/C2B/C3/C4), anti-patterns, key terms, references
READ
02
Diagrams
5 Mermaid diagrams — Pi's architecture (the three jobs minimal), Pi's position on the thickness spectrum, the ReAct loop control flow, the 12-module rubric score (Pi vs reference), how the curriculum threads through Pi (hub-and-spoke)
READ
03
Slide Deck
12 slides — reveal.js, dark theme, design-system teal; covers the thesis (Pi as base architecture), the three-jobs architecture, the 12-module audit table, three agreed decisions, three different decisions, the security audit, the curriculum threading, anti-patterns, the lab
READ
04
Teaching Script
Verbatim teaching transcript with [SLIDE N] cues, ~2,800 words spoken at ~140 wpm across 10 slide cues
READ
05
Flashcards
20 flashcards (TSV) — mix of recall, application, and analysis; covers the 4-tool philosophy, trust-the-model, the 25/60 score principle, the future-proof test, the security audit, the curriculum threading, the fork boundary
TEST
06
Exam
15 questions, 20/40/40 Bloom distribution (3 recall / 6 application / 6 analysis), 70% pass; validated JSON with rationale per question
TEST
07
Lab Spec
Re-Score Pi and Trace the Minimal Loop — runnable simulation (Python 3.10+, type hints, no GPU, no external deps): re-score Pi against the 12-module rubric (25/60), trace read_file through the 7-step dispatch (+ 3 gap annotations), model the three 'minimal production' changes (31/60 forked total), justify the fork boundary (~30-45 min)
DO
08
Module Web Page
Single-file HTML hub
HERE