poe-code 3.0.148 → 3.0.150

package/dist/prompts/fix-vulnerabilities.md

@@ -4,15 +4,16 @@ source: >-
   gh api repos/{owner}/{repo}/dependabot/alerts --jq '[.[] |
   select(.state=="open")]'
 agent: claude-code
-# Available variables (each sourced Dependabot alert):
-#   {{number}}                                          - alert number
-#   {{dependency.package.name}}                         - vulnerable package name
-#   {{dependency.package.ecosystem}}                    - ecosystem (e.g. npm)
-#   {{dependency.manifest_path}}                        - path to manifest (e.g. package.json)
-#   {{security_advisory.ghsa_id}}                       - advisory ID
-#   {{security_advisory.summary}}                       - short description
-#   {{security_advisory.severity}}                      - low | medium | high | critical
-#   {{security_advisory.description}}                   - full advisory description
-#   {{security_vulnerability.first_patched_version.identifier}} - first safe version
+# Source fields: number, dependency.package.{name,ecosystem}, dependency.manifest_path,
+#   security_advisory.{ghsa_id,summary,severity,description},
+#   security_vulnerability.first_patched_version.identifier (first safe version)
 ---
 Fix {{dependency.package.name}} ({{security_advisory.severity}}): {{security_advisory.summary}}
+
+{{skill_github_cli}}
+
+{{pull_request_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/github-issue-comment-created.md

@@ -8,32 +8,23 @@ prefix:
   - "poe-code"
   - "poe-code-agent"
   - "@poe-code-agent"
-# Available variables:
-#   {{url}}            - full GitHub URL to the issue
-#   {{repo}}           - owner/repo (e.g. acme/my-app)
-#   {{issue.number}}   - issue number
-#   {{issue.title}}    - issue title
-#   {{comment.author}} - login of the comment author
-#   {{comment.body}}   - body text of the triggering comment
 ---
 Read {{url}} and leave a visible GitHub response to the comment from {{comment.author}}: {{comment.body}}
 
 {{#pr.number}}
 - This comment is on pull request #{{pr.number}}.
-- If the comment asks for code changes or follow-up implementation, implement them on the current PR branch, update the existing PR, and comment with the result.
-- Do not open a new PR from a pull request comment unless updating the existing PR is impossible.
+- If the comment asks for code changes, implement them on the current PR branch, update the existing PR, and comment with the result.
+- Do not open a new PR unless updating the existing PR is impossible.
 {{/pr.number}}
 {{^pr.number}}
-- If the comment asks for code changes or follow-up implementation, make the changes, open or update a PR, and comment with the result.
+- If the comment asks for code changes, open or update a PR and comment with the result.
 {{/pr.number}}
-- If the comment only needs guidance or clarification, reply directly and concisely.
-- If you cannot complete the request, comment with the blocker and the next concrete step.
+- If blocked, comment with the blocker and next step.
 
-- Start with a direct answer or decision.
-- Keep it concise.
-- Use short Markdown sections only when they improve clarity.
+{{skill_github_cli}}
 
-Before answering:
+{{pull_request_guidelines}}
 
-- Inspect the checked-out repository
-- Verify every claim against the repo before you post it.
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/github-issue-opened.md

@@ -1,23 +1,15 @@
 ---
 label: "GitHub: Issue Handler"
-# Available variables:
-#   {{url}}          - full GitHub URL to the issue
-#   {{repo}}         - owner/repo (e.g. acme/my-app)
-#   {{issue.number}} - issue number
-#   {{issue.title}}  - issue title
-#   {{issue.body}}   - issue body
 ---
 Read {{url}} and leave a visible GitHub response.
 
 - If the issue needs code changes, implement them, open or update a PR, and comment with the result.
-- If the issue is a question or needs only guidance, post a concise comment that directly answers it. Be practical, give examples.
-- If you cannot complete the request, comment with the blocker and the next concrete step.
+- If blocked, comment with the blocker and next step.
 
-- Start with a direct answer or decision.
-- Keep it concise.
-- Use short Markdown sections only when they improve clarity.
+{{skill_github_cli}}
 
-Before answering:
+{{pull_request_guidelines}}
 
-- Inspect the checked-out repository
-- Verify every claim against the repo before you post it.
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/github-pull-request-comment-created.md

@@ -0,0 +1,25 @@
+---
+label: "GitHub: Pull Request Comment Handler"
+allow:
+  - OWNER
+  - MEMBER
+  - COLLABORATOR
+prefix:
+  - "poe-code"
+  - "poe-code-agent"
+  - "@poe-code-agent"
+---
+Read {{url}} and leave a visible GitHub response to the comment from {{comment.author}}: {{comment.body}}
+
+- This comment is on pull request #{{pr.number}}.
+- Implement changes on the current PR branch, update the existing PR, and comment with the result.
+- Do not open a new PR unless updating the existing PR is impossible.
+- If blocked, comment with the blocker and next step.
+
+{{skill_github_cli}}
+
+{{pull_request_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/github-pull-request-opened.md

@@ -1,10 +1,12 @@
 ---
 label: "GitHub: Pull Request Handler"
-# Available variables:
-#   {{url}}       - full GitHub URL to the pull request
-#   {{repo}}      - owner/repo (e.g. acme/my-app)
-#   {{pr.number}} - pull request number
-#   {{pr.title}}  - pull request title
-#   {{pr.author}} - login of the PR author
 ---
 Read {{url}} and review the pull request.
+
+{{skill_github_cli}}
+
+{{code_review_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/github-pull-request-synchronized.md

@@ -1,8 +1,12 @@
 ---
 label: "GitHub: Pull Request Update Handler"
-# Available variables:
-#   {{url}}       - full GitHub URL to the pull request
-#   {{repo}}      - owner/repo (e.g. acme/my-app)
-#   {{pr.number}} - pull request number
 ---
 Read {{url}} and re-review the updated pull request.
+
+{{skill_github_cli}}
+
+{{code_review_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/update-dependencies.md

@@ -2,3 +2,11 @@
 label: "Scheduled: Update Dependencies"
 ---
 Update all dependencies to their latest compatible versions and open a pull request.
+
+{{skill_github_cli}}
+
+{{pull_request_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/prompts/update-documentation.md

@@ -1,8 +1,15 @@
 ---
 label: "Scheduled: Update Documentation"
 ---
-Review all commits that landed during the last 24 hours and update the documentation to reflect the full day's changes.
+Review all commits that landed during the last 24 hours and update the documentation to reflect the changes on branch `agent/update-documentation`.
 
-Use the branch `agent/update-documentation` for this automation.
-If there is already an open, unmerged PR for that branch, update that existing PR with the new documentation changes instead of opening a new PR.
-If the documentation is already correct, leave the repository unchanged and do not open or update a PR.
+If there is already an open, unmerged PR for that branch, update that existing PR instead of opening a new one.
+If the documentation is already correct, do not open or update a PR.
+
+{{skill_github_cli}}
+
+{{pull_request_guidelines}}
+
+{{response_style}}
+
+{{verify_before_responding}}

package/dist/variables.yaml

@@ -0,0 +1,23 @@
+# Preview rendered prompt: poe-code github-workflows prompt-preview <name>
+
+response_style: |
+  - Start with a direct answer or decision.
+  - Keep it concise.
+  - Use short Markdown sections only when they improve clarity.
+
+verify_before_responding: |
+  Before responding:
+  - Inspect the checked-out repository.
+  - Verify every claim against the repo before you post it.
+
+skill_github_cli: |
+  Use the `gh` CLI for all GitHub operations (issues, PRs, reviews, checks).
+
+pull_request_guidelines: |
+  - One logical change per PR. Feel free to open multiple PRs.
+  - Follow the repo guidelines
+
+code_review_guidelines: |
+  - Review every changed file, not just the diff summary.
+  - Verify the change follows existing patterns in the codebase. New abstractions need justification.
+  - Don't rubber-stamp. Request changes when there are real issues.

package/dist/workflow-templates/github-pull-request-comment-created.caller.yml

@@ -0,0 +1,25 @@
+name: 'GitHub: Pull Request Comment Created'
+on:
+  issue_comment:
+    types: [created]
+
+# Keep these permissions in sync with the reusable workflow referenced below.
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  run:
+    if: github.event.issue.pull_request != null
+    uses: __UPSTREAM_REPO__/.github/workflows/gh-github-pull-request-comment-created.yml@main
+    secrets: inherit
+    with:
+      ISSUE_NUMBER: ${{ github.event.issue.number }}
+      ISSUE_STATE: ${{ github.event.issue.state }}
+      COMMENT_ID: ${{ github.event.comment.id }}
+      COMMENT_BODY: ${{ github.event.comment.body }}
+      COMMENT_AUTHOR: ${{ github.event.comment.user.login }}
+      COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.comment.author_association }}
+      COMMENT_USER_TYPE: ${{ github.event.comment.user.type }}
+      GITHUB_REPOSITORY: ${{ github.repository }}

package/dist/workflow-templates/github-pull-request-comment-created.ejected.yml

@@ -0,0 +1,179 @@
+name: 'GitHub: Pull Request Comment Created'
+on:
+  issue_comment:
+    types: [created]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.issue.number }}
+  cancel-in-progress: true
+
+jobs:
+  guard:
+    if: github.event.issue.pull_request != null && github.event.issue.state == 'open' && github.event.comment.user.type != 'Bot'
+    runs-on: ubuntu-latest
+    env:
+      OUTPUT_FORMAT: terminal
+    outputs:
+      should_run: ${{ steps.guard_result.outputs.should_run }}
+    permissions:
+      contents: read
+    steps:
+      - name: Preflight
+        env:
+          POE_CODE_AGENT_APP_ID: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          POE_CODE_AGENT_PRIVATE_KEY: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+        run: |
+          missing=()
+          [ -z "$POE_CODE_AGENT_APP_ID" ] && missing+=("POE_CODE_AGENT_APP_ID")
+          [ -z "$POE_CODE_AGENT_PRIVATE_KEY" ] && missing+=("POE_CODE_AGENT_PRIVATE_KEY")
+          [ -z "$POE_API_KEY" ] && missing+=("POE_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            for name in "${missing[@]}"; do
+              echo "::error::Missing required secret: $name — add it in Settings → Secrets and variables → Actions"
+            done
+            exit 1
+          fi
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          private-key: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g poe-code@latest
+      - id: allow_check
+        continue-on-error: true
+        run: poe-code github-workflows require-user-allow github-pull-request-comment-created
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.comment.author_association }}
+      - id: prefix_check
+        continue-on-error: true
+        run: poe-code github-workflows require-comment-prefix github-pull-request-comment-created
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          COMMENT_BODY: ${{ github.event.comment.body }}
+      - id: guard_result
+        run: |
+          if [ "${{ steps.allow_check.outcome }}" = "success" ] && [ "${{ steps.prefix_check.outcome }}" = "success" ]; then
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+          fi
+
+  run:
+    needs: guard
+    if: needs.guard.outputs.should_run == 'true'
+    runs-on: ubuntu-latest
+    env:
+      OUTPUT_FORMAT: terminal
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Preflight
+        env:
+          POE_CODE_AGENT_APP_ID: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          POE_CODE_AGENT_PRIVATE_KEY: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+        run: |
+          missing=()
+          [ -z "$POE_CODE_AGENT_APP_ID" ] && missing+=("POE_CODE_AGENT_APP_ID")
+          [ -z "$POE_CODE_AGENT_PRIVATE_KEY" ] && missing+=("POE_CODE_AGENT_PRIVATE_KEY")
+          [ -z "$POE_API_KEY" ] && missing+=("POE_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            for name in "${missing[@]}"; do
+              echo "::error::Missing required secret: $name — add it in Settings → Secrets and variables → Actions"
+            done
+            exit 1
+          fi
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          private-key: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g poe-code@latest
+      - id: pr_context
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const response = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: Number("${{ github.event.issue.number }}")
+            });
+
+            const headRepo = response.data.head.repo?.full_name ?? "";
+            const currentRepo = `${context.repo.owner}/${context.repo.repo}`;
+            const isSameRepo = headRepo === currentRepo;
+
+            core.setOutput("pr_number", String(response.data.number ?? ""));
+            core.setOutput("pr_title", response.data.title ?? "");
+            core.setOutput("pr_author", response.data.user?.login ?? "");
+            core.setOutput("head_ref", isSameRepo ? (response.data.head.ref ?? "") : "");
+      - id: add_in_progress_reaction
+        continue-on-error: true
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const response = await github.rest.reactions.createForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: Number("${{ github.event.comment.id }}"),
+              content: "eyes"
+            });
+            core.setOutput("reaction_id", String(response.data.id ?? ""));
+      - if: steps.pr_context.outputs.head_ref != ''
+        id: checkout_pr_branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.pr_context.outputs.head_ref }}
+          token: ${{ steps.app-token.outputs.token }}
+      - if: steps.pr_context.outputs.head_ref == ''
+        id: checkout_default_branch
+        uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - run: poe-code github-workflows prepare github-pull-request-comment-created
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+      - run: poe-code github-workflows github-pull-request-comment-created --yes
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          ISSUE_NUMBER: ${{ github.event.issue.number }}
+          PR_NUMBER: ${{ steps.pr_context.outputs.pr_number }}
+          PR_TITLE: ${{ steps.pr_context.outputs.pr_title }}
+          PR_AUTHOR: ${{ steps.pr_context.outputs.pr_author }}
+          COMMENT_BODY: ${{ github.event.comment.body }}
+          COMMENT_AUTHOR: ${{ github.event.comment.user.login }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+      - id: remove_in_progress_reaction
+        if: always() && steps.add_in_progress_reaction.outputs.reaction_id != ''
+        continue-on-error: true
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            await github.rest.reactions.deleteForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: Number("${{ github.event.comment.id }}"),
+              reaction_id: Number("${{ steps.add_in_progress_reaction.outputs.reaction_id }}")
+            });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "poe-code",
-  "version": "3.0.148",
+  "version": "3.0.150",
   "description": "CLI tool to configure Poe API for developer workflows.",
   "type": "module",
   "main": "./dist/index.js",