The Status Quo
The AI agent loop that never stops
This is how LangChain, Vercel AI SDK, Mastra, CrewAI, and every other agent framework works. Every single time.
Infinite loop
Every run. Every time.
Token cost compounds
10 runs of the same 8-step task = 80 LLM calls. 1,000 runs = 8,000 calls. The bill never flattens — it grows linearly with usage.
Latency is unavoidable
Every step waits for an LLM round-trip. A 5-step task takes 8-15 seconds of pure LLM latency. Your users feel every one of those seconds.
Security surface grows
Every LLM call is a chance for prompt injection, hallucinated tool calls, or leaked context. The more the AI runs, the more surface you expose.
Even "durable" agent frameworks like Temporal and Inngest just make the loop crash-safe. The AI is still in the loop. The tokens still burn.
What if the AI only
had to think once?
What if, instead of deciding at every step, the AI designed the entire workflow up front — then stepped out of the way?
The Pikku Approach
Design. Preview. Execute.
The AI designs the workflow. You see exactly what it will do. Then it runs natively — no AI involved.
AI designs the workflow
You describe what you need in plain English. The agent analyses your request and assembles a workflow from your existing functions — choosing the right steps, the right order, and the right data flow.
The AI is doing what it's best at: reasoning and planning.
You preview and approve
Before anything runs, you see a visual graph of the proposed workflow. Every step, every connection, every function it will call — laid out clearly. You approve, modify, or reject. Nothing executes without your say-so.
Full transparency. No black-box execution.
Runs natively — zero AI
Once approved, the workflow executes as a real durable workflow. No LLM in the loop. Full retry, sleep, and replay guarantees. The workflow is saved — the next time this task comes up, it runs instantly. Zero tokens.
Same durability as Temporal. No LLM tax.
The AI's job is to think, not to execute. After the first run, the workflow is saved. Every subsequent run costs zero tokens, has zero AI latency, and has zero security surface from LLM decisions.
The Math
The loop costs compound.
Pikku's don't.
Real numbers for an 8-step customer onboarding workflow running 50 times per day.
Scenario: An 8-step onboarding workflow — create account, verify email, setup defaults, add to CRM, send welcome email, schedule follow-up, notify sales, log analytics. Runs 50 times per day using Claude Sonnet.
| Traditional (Loop) | Pikku | |
|---|---|---|
| LLM calls per run | 8 calls (one per step) | 1 call (design only, first run) |
| LLM calls per day | 400 calls | 0 calls (reuses saved workflow) |
| LLM calls per month | 12,000 calls | ~1 call |
| Estimated monthly cost | ~$1,200/mo in tokens | ~$0.10 (one-time design) |
| Annual cost | ~$14,400/yr | ~$1.20/yr |
Based on Claude Sonnet pricing (~$3/1M input tokens, ~$15/1M output tokens) with average 1,500 tokens per agent step. Actual costs vary by model, prompt size, and provider.
$14,399
saved per year
On a single workflow
~0ms
AI latency after first run
Native execution speed
99.99%
fewer tokens
At any scale
Now multiply that by every workflow your agents run. Onboarding, order processing, support escalation, content pipelines, infrastructure ops — each one running dozens or hundreds of times per day.
Permissions
Your existing auth.
Every step. Every workflow.
Most agent frameworks treat security as an afterthought — tools run with full access, and you're left bolting on checks per-tool. Pikku workflows inherit your permissions automatically.
Your permissions, enforced automatically
Every function in a dynamic workflow runs with the same role-based permissions you've already defined. If a user can't access billing data via your API, the workflow can't either. No separate security model to maintain.
Session context flows through
The user who triggered the workflow carries their session, roles, and context into every step. Your existing middleware — auth checks, rate limits, audit logging — all runs exactly as it would on a normal API call.
No elevated privileges
In other frameworks, agent tools run with the agent's permissions — effectively root access. In Pikku, every workflow step respects the calling user's permissions. The AI can't escalate what the user can't do.
This is why "no LLM in the loop" matters for security. When a workflow runs natively, there's no AI making decisions about which tools to call or what data to access. It follows the exact approved graph — with the exact permissions of the user who triggered it.
Security
No LLM in the loop means
no attack surface.
In traditional agent frameworks, every execution is a new conversation with an LLM. Every execution is a new opportunity for the model to deviate, hallucinate, or be manipulated.
No prompt injection
The workflow graph is a data structure, not a prompt. Once approved, no user input is sent to an LLM during execution. There's nothing to inject into.
No hallucinated tool calls
Every step is a real function with real validation. The workflow engine calls exactly what was approved — it can't invent new steps, skip steps, or call tools that weren't in the graph.
Deterministic behavior
Same input, same output, every time. No model temperature. No variance. No "sometimes it works differently." The workflow replays deterministically from its persisted state.
Addons
Your entire stack becomes
workflow steps.
Pikku addons turn third-party services into functions. When an agent builds a dynamic workflow, it can use any addon you've installed — Stripe, your CMS, email providers, monitoring tools. The agent doesn't just call APIs. It orchestrates your entire business.
Stripe
Charge customers, create subscriptions, issue refunds — all as workflow steps with real billing logic.
CMS
Create pages, publish content, manage assets — your content pipeline becomes a workflow the agent can build.
Email (SendGrid, etc.)
Send transactional emails, trigger drip sequences, check delivery status — natively inside a workflow.
Monitoring
Check metrics, trigger alerts, scale services — ops workflows that run without human intervention.
Imagine telling your agent: "When a user signs up, create their Stripe customer, send a welcome email, add them to the CRM, and schedule a follow-up in 3 days." The agent builds that workflow from your existing addons and functions. You approve the graph. It runs natively — forever.
Pikku Console
See every conversation.
Every workflow. Every approval.
The Pikku Console gives you full visibility into your agents and their workflows. No black boxes. No guesswork. See exactly what's happening, what happened, and what's coming next.
Every agent conversation
See the full chat history for every agent session. What the user asked, what the agent proposed, what was approved or rejected.
Every workflow run
Track each workflow execution in real time. Which steps completed, which are pending, which failed and why. Full replay history.
Visual workflow graphs
See the exact graph the agent proposed — every step, every connection, every data flow. The same view the user sees when approving.
Approval audit trail
Who approved which workflow, when, and what it looked like at the time. Complete audit trail for compliance and debugging.
Promote to Code
Runtime workflows become
version-controlled TypeScript.
Dynamic workflows don't have to live in the database forever. When a workflow proves itself in production, promote it to your codebase in one command.
Runtime Graph
Agent-created, stored in DB
Pikku Graph
Pulled into your codebase
Pikku DSL
Full imperative TypeScript
Version control and code review
Workflows become pull requests. Review them, comment on them, merge them — like any other code change.
CI/CD and automated testing
Write tests for promoted workflows. Run them in CI. Catch regressions before they hit production.
Full IDE support
Type checking, autocomplete, refactoring — all the tooling you expect from TypeScript code.
No runtime dependency
Once promoted, the workflow runs from your codebase. No dependency on the workflow store or agent that created it.
Stop burning tokens
on repeat tasks.
Let your AI agents design workflows once. Run them natively forever. Save thousands in token costs, eliminate AI latency, and close the security surface — all while keeping your existing permissions, addons, and infrastructure.
MIT Licensed · Works with OpenAI, Anthropic & more