I've been frustrated with LangChain and similar frameworks being impossible to audit, so I built **picoagent** โ an ultra-lightweight AI agent that fits in your head.
**The core idea:** Instead of guessing which tool to call, it uses **Shannon Entropy** (H(X) = -ฮฃpยทlogโ(p)) to decide when it's confident enough to act vs. when to ask you for clarification. This alone cuts false positive tool calls by ~40-60% in my tests.
**What it does:**
- ๐ Zero-trust sandbox with 18+ regex deny patterns (rm -rf, fork bombs, sudo, reverse shells, path traversal โ all blocked by default)
- ๐ง Dual-layer memory: numpy vector embeddings + LLM consolidation to MEMORY.md (no Pinecone, no external DB)
- โก 8 LLM providers (Anthropic, OpenAI, Groq, DeepSeek, Gemini, vLLM, OpenRouter, custom)
- ๐ฌ 5 chat channels: Telegram, Discord, Slack, WhatsApp, Email
- ๐ MCP-native (Model Context Protocol), plugin hooks, hot-reloadable Markdown skills
- โฐ Built-in cron scheduler โ no Celery, no Redis
**The only 2 dependencies:** numpy and websockets. Everything else is Python stdlib.
**Where I need help:**
- Testing the entropy threshold โ does 1.5 bits feel right for your use case or does it ask too often / too rarely?
- Edge cases in the security sandbox โ what dangerous patterns am I missing?
- Real-world multi-agent council testing
- Feedback on the skill/plugin system
Would love brutal feedback. What's broken, what's missing, what's over-engineered?
