[!CAUTION]
Malicious code was found in this repository and has been removed. A supply-chain worm (a credential stealer) was hidden in core/telemetry/ from August 2025 until 11 June 2026. If you cloned and ran GPT Pilot from source during that window, rotate your credentials and read the security notice below.

🔒 Security notice

What happened. On 2025-08-24, a malicious commit (065ee8eb, message "Revert 'Implemented weekend discount'") was pushed to this repository, disguised as a routine revert. It was publicly reported on 2026-06-08 by an external security researcher, and the malicious files were removed on 2026-06-11.

What it did. The commit added a hidden loader (core/telemetry/_hooks.py) that started automatically whenever the program ran (wired in through core/telemetry/__init__.py). That loader silently downloaded the Bun JavaScript runtime and used it to execute an obfuscated payload (core/telemetry/_runtime.bin). The payload is a Shai-Hulud-class supply-chain worm: it harvests credentials and secrets from the machine (cloud/AWS keys, GitHub and npm tokens, SSH keys, and similar) and can use the stolen access to spread to other projects.

What this means for you. The code only executed if GPT Pilot was actually run — simply having a copy you never ran is not affected. If you cloned and ran GPT Pilot from source between August 2025 and 11 June 2026, assume the payload may have executed on that machine and:

Rotate every credential that was present on the machine — GitHub/npm tokens, cloud/AWS keys, SSH keys, and API keys.
Check for indicators of compromise: the files core/telemetry/_runtime.bin, core/telemetry/_hooks.py, or core/telemetry/.loader.lock; an unexpected bun binary; or temporary folders named rt-*.
Treat the machine as potentially compromised until you have verified it is clean.

This repository is no longer actively maintained, which is why the malicious commit went unnoticed for an extended period. This notice and the file removals are a security cleanup, not a resumption of development.

🧑‍✈️ GPT PILOT 🧑‍✈️

</div>

</div>

GPT Pilot doesn't just generate code, it builds apps!

</div> <div align="center">

This repo is not being maintained anymore.

Visit Pythagora.ai for more info

</div>

(click to open the video in YouTube) (1:04min)

</div>

</div>

GPT Pilot is the core technology for the Pythagora VS Code extension that aims to provide the first real AI developer companion. Not just an autocomplete or a helper for PR messages but rather a real AI developer that can write full features, debug them, talk to you about issues, ask for review, etc.

📫 If you would like to get updates on future releases or just get in touch, join our Discord server or you can add your email here. 📬

🔌 Requirements
🚦How to start using gpt-pilot?
🔎 Examples
🐳 How to start gpt-pilot in docker?
🧑‍💻️ CLI arguments
🏗 How GPT Pilot works?
🕴How's GPT Pilot different from Smol developer and GPT engineer?
🍻 Contributing
🔗 Connect with us
🌟 Star history

GPT Pilot aims to research how much LLMs can be utilized to generate fully working, production-ready apps while the developer oversees the implementation.

The main idea is that AI can write most of the code for an app (maybe 95%), but for the rest, 5%, a developer is and will be needed until we get full AGI.

If you are interested in our learnings during this project, you can check our latest blog posts.

👉 Examples of apps written by GPT Pilot 👈

</div> <br>

🔌 Requirements

Python 3.9+

🚦How to start using gpt-pilot?

👉 If you are using VS Code as your IDE, the easiest way to start is by downloading GPT Pilot VS Code extension. 👈

Otherwise, you can use the CLI tool.

If you're new to GPT Pilot:

After you have Python and (optionally) PostgreSQL installed, follow these steps:

git clone https://github.com/Pythagora-io/gpt-pilot.git (clone the repo)
cd gpt-pilot (go to the repo folder)
python3 -m venv venv (create a virtual environment)
source venv/bin/activate (or on Windows venv\Scripts\activate) (activate the virtual environment)
pip install -r requirements.txt (install the dependencies)
cp example-config.json config.json (create config.json file)
Set your key and other settings in config.json file:
- LLM Provider (openai, anthropic or groq) key and endpoints (leave null for default) (note that Azure and OpenRouter are suppored via the openai setting)
- Your API key (if null, will be read from the environment variables)
- database settings: sqlite is used by default, PostgreSQL should also work
- optionally update fs.ignore_paths and add files or folders which shouldn't be tracked by GPT Pilot in workspace, useful to ignore folders created by compilers
python main.py (start GPT Pilot)

All generated code will be stored in the folder workspace inside the folder named after the app name you enter upon starting the pilot.

🔎 Examples

Click here to see all example apps created with GPT Pilot.

PostgreSQL support

GPT Pilot uses built-in SQLite database by default. If you want to use the PostgreSQL database, you need to additional install asyncpg and psycopg2 packages:

bash
pip install asyncpg psycopg2

Then, you need to update the config.json file to set db.url to postgresql+asyncpg://<user>:<password>@<db-host>/<db-name>.

🧑‍💻️ CLI arguments

List created projects (apps)

bash
python main.py --list

Note: for each project (app), this also lists "branches". Currently we only support having one branch (called "main"), and in the future we plan to add support for multiple project branches.

Load and continue from the latest step in a project (app)

bash
python main.py --project <app_id>

Load and continue from a specific step in a project (app)

bash
python main.py --project <app_id> --step <step>

Warning: this will delete all progress after the specified step!

Delete project (app)

bash
python main.py --delete <app_id>

Delete project with the specified app_id. Warning: this cannot be undone!

Other command-line options

There are several other command-line options that mostly support calling GPT Pilot from our VSCode extension. To see all the available options, use the --help flag:

bash
python main.py --help

🏗 How GPT Pilot works?

Here are the steps GPT Pilot takes to create an app:

You enter the app name and the description.
Product Owner agent like in real life, does nothing. :)
Specification Writer agent asks a couple of questions to understand the requirements better if project description is not good enough.
Architect agent writes up technologies that will be used for the app and checks if all technologies are installed on the machine and installs them if not.
Tech Lead agent writes up development tasks that the Developer must implement.
Developer agent takes each task and writes up what needs to be done to implement it. The description is in human-readable form.
Code Monkey agent takes the Developer's description and the existing file and implements the changes.
Reviewer agent reviews every step of the task and if something is done wrong Reviewer sends it back to Code Monkey.
Troubleshooter agent helps you to give good feedback to GPT Pilot when something is wrong.
Debugger agent hate to see him, but he is your best friend when things go south.
Technical Writer agent writes documentation for the project.

<br>

🕴How's GPT Pilot different from Smol developer and GPT engineer?

GPT Pilot works with the developer to create a fully working production-ready app - I don't think AI can (at least in the near future) create apps without a developer being involved. So, GPT Pilot codes the app step by step just like a developer would in real life. This way, it can debug issues as they arise throughout the development process. If it gets stuck, you, the developer in charge, can review the code and fix the issue. Other similar tools give you the entire codebase at once - this way, bugs are much harder to fix for AI and for you as a developer.
<br><br>
Works at scale - GPT Pilot isn't meant to create simple apps but rather so it can work at any scale. It has mechanisms that filter out the code, so in each LLM conversation, it doesn't need to store the entire codebase in context, but it shows the LLM only the relevant code for the current task it's working on. Once an app is finished, you can continue working on it by writing instructions on what feature you want to add.

🍻 Contributing

If you are interested in contributing to GPT Pilot, join our Discord server, check out open GitHub issues, and see if anything interests you. We would be happy to get help in resolving any of those. The best place to start is by reviewing blog posts mentioned above to understand how the architecture works before diving into the codebase.

🖥 Development

Other than the research, GPT Pilot needs to be debugged to work in different scenarios. For example, we realized that the quality of the code generated is very sensitive to the size of the development task. When the task is too broad, the code has too many bugs that are hard to fix, but when the development task is too narrow, GPT also seems to struggle in getting the task implemented into the existing code.