poe-code 3.0.179 → 3.0.181

package/dist/prompts/github-issue-opened.md

@@ -1,9 +1,15 @@
 ---
 label: "GitHub: Issue Handler"
+allow:
+  - OWNER
+  - MEMBER
+  - COLLABORATOR
 ---
 Read {{url}} and leave a visible GitHub response.
 
-- If the issue needs code changes, implement them, open or update a PR, and comment with the result.
+- First assess if the issue is actionable: it must have a title that conveys intent AND a body with enough detail to understand the request. Empty bodies, one-word titles that are not a real product name, and gibberish do not qualify.
+- If the issue is not actionable, post a short comment explaining what's missing (e.g. "Closing: the body is empty and the title alone doesn't describe a reproducible issue. Please reopen with steps to reproduce or a clear feature request.") and close the issue with `gh issue close`. Do not apply labels.
+- If the issue is actionable and needs code changes, implement them, open or update a PR, and comment with the result.
 - If blocked, comment with the blocker and next step.
 - When posting any multiline GitHub comment or PR body, write it with a quoted heredoc and pass it to `gh` with `--body-file` instead of an inline `--body` string.
 

package/dist/prompts/github-pull-request-opened.md

@@ -1,5 +1,9 @@
 ---
 label: "GitHub: Pull Request Handler"
+allow:
+  - OWNER
+  - MEMBER
+  - COLLABORATOR
 ---
 Read {{url}} and review the pull request.
 

package/dist/prompts/github-pull-request-synchronized.md

@@ -1,5 +1,9 @@
 ---
 label: "GitHub: Pull Request Update Handler"
+allow:
+  - OWNER
+  - MEMBER
+  - COLLABORATOR
 ---
 Read {{url}} and re-review the updated pull request.
 

package/dist/variables.yaml

@@ -23,4 +23,49 @@ pull_request_guidelines: |
 code_review_guidelines: |
   - Review every changed file, not just the diff summary.
   - Verify the change follows existing patterns in the codebase. New abstractions need justification.
-  - Don't rubber-stamp. Request changes when there are real issues.
+  - Leave small inline comments on the specific lines that need attention. When you can show the fix directly, use GitHub's `suggestion` code block so the author can apply it with one click.
+  - Keep the summary comment extremely short: either "LGTM" or "Requested changes: <one-line reason>". Details belong in the inline comments.
+  - Err on the side of approving. Only request changes when there is a security issue, a clear correctness bug, or a regression. Style preferences, naming bikesheds, and speculative concerns belong as non-blocking inline comments.
+  - Post the review in a single API call so the inline comments and the summary land together. Use `gh api` with `POST /repos/{owner}/{repo}/pulls/{pr}/reviews` and pass the comments in the body.
+  - Example — approve with a single inline note:
+    ```sh
+    gh api --method POST -H "Accept: application/vnd.github+json" \
+      repos/OWNER/REPO/pulls/PR_NUMBER/reviews \
+      --input - <<'JSON'
+    {
+      "event": "APPROVE",
+      "body": "LGTM",
+      "comments": [
+        { "path": "src/foo.ts", "line": 42, "body": "Nit: consider renaming to `parseX`." }
+      ]
+    }
+    JSON
+    ```
+  - Example — a one-click suggestion on a specific line:
+    ```sh
+    gh api --method POST -H "Accept: application/vnd.github+json" \
+      repos/OWNER/REPO/pulls/PR_NUMBER/reviews \
+      --input - <<'JSON'
+    {
+      "event": "APPROVE",
+      "body": "LGTM",
+      "comments": [
+        { "path": "src/foo.ts", "line": 42, "body": "```suggestion\nreturn parseX(value);\n```" }
+      ]
+    }
+    JSON
+    ```
+  - Example — request changes for a security issue only:
+    ```sh
+    gh api --method POST -H "Accept: application/vnd.github+json" \
+      repos/OWNER/REPO/pulls/PR_NUMBER/reviews \
+      --input - <<'JSON'
+    {
+      "event": "REQUEST_CHANGES",
+      "body": "Requested changes: unsanitized input flows into shell.",
+      "comments": [
+        { "path": "src/run.ts", "line": 17, "body": "Shell injection: pass args as an array to `spawn` instead of concatenating into a string." }
+      ]
+    }
+    JSON
+    ```

package/dist/workflow-templates/fix-vulnerabilities.ejected.yml

@@ -40,6 +40,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare fix-vulnerabilities
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/github-issue-comment-created.ejected.yml

@@ -154,6 +154,14 @@ jobs:
         uses: actions/checkout@v4
         with:
           token: ${{ steps.app-token.outputs.token }}
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare github-issue-comment-created
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/github-issue-opened.caller.yml

@@ -17,4 +17,5 @@ jobs:
       ISSUE_NUMBER: ${{ github.event.issue.number }}
       ISSUE_TITLE: ${{ github.event.issue.title }}
       ISSUE_BODY: ${{ github.event.issue.body }}
+      COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.issue.author_association }}
       GITHUB_REPOSITORY: ${{ github.repository }}

package/dist/workflow-templates/github-issue-opened.ejected.yml

@@ -8,7 +8,59 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  guard:
+    runs-on: ubuntu-latest
+    env:
+      OUTPUT_FORMAT: terminal
+    outputs:
+      should_run: ${{ steps.guard_result.outputs.should_run }}
+    permissions:
+      contents: read
+    steps:
+      - name: Preflight
+        env:
+          POE_CODE_AGENT_APP_ID: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          POE_CODE_AGENT_PRIVATE_KEY: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+        run: |
+          missing=()
+          [ -z "$POE_CODE_AGENT_APP_ID" ] && missing+=("POE_CODE_AGENT_APP_ID")
+          [ -z "$POE_CODE_AGENT_PRIVATE_KEY" ] && missing+=("POE_CODE_AGENT_PRIVATE_KEY")
+          [ -z "$POE_API_KEY" ] && missing+=("POE_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            for name in "${missing[@]}"; do
+              echo "::error::Missing required secret: $name — add it in Settings → Secrets and variables → Actions"
+            done
+            exit 1
+          fi
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          private-key: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g poe-code@latest
+      - id: allow_check
+        continue-on-error: true
+        run: poe-code github-workflows require-user-allow github-issue-opened
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.issue.author_association }}
+      - id: guard_result
+        run: |
+          if [ "${{ steps.allow_check.outcome }}" = "success" ]; then
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+          fi
   run:
+    needs: guard
+    if: needs.guard.outputs.should_run == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -43,6 +95,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare github-issue-opened
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/github-pull-request-comment-created.ejected.yml

@@ -148,6 +148,14 @@ jobs:
         uses: actions/checkout@v4
         with:
           token: ${{ steps.app-token.outputs.token }}
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare github-pull-request-comment-created
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/github-pull-request-opened.caller.yml

@@ -16,4 +16,5 @@ jobs:
       PR_NUMBER: ${{ github.event.pull_request.number }}
       PR_TITLE: ${{ github.event.pull_request.title }}
       PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+      COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
       GITHUB_REPOSITORY: ${{ github.repository }}

package/dist/workflow-templates/github-pull-request-opened.ejected.yml

@@ -4,7 +4,59 @@ on:
     types: [opened, ready_for_review]
 
 jobs:
+  guard:
+    runs-on: ubuntu-latest
+    env:
+      OUTPUT_FORMAT: terminal
+    outputs:
+      should_run: ${{ steps.guard_result.outputs.should_run }}
+    permissions:
+      contents: read
+    steps:
+      - name: Preflight
+        env:
+          POE_CODE_AGENT_APP_ID: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          POE_CODE_AGENT_PRIVATE_KEY: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+        run: |
+          missing=()
+          [ -z "$POE_CODE_AGENT_APP_ID" ] && missing+=("POE_CODE_AGENT_APP_ID")
+          [ -z "$POE_CODE_AGENT_PRIVATE_KEY" ] && missing+=("POE_CODE_AGENT_PRIVATE_KEY")
+          [ -z "$POE_API_KEY" ] && missing+=("POE_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            for name in "${missing[@]}"; do
+              echo "::error::Missing required secret: $name — add it in Settings → Secrets and variables → Actions"
+            done
+            exit 1
+          fi
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          private-key: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g poe-code@latest
+      - id: allow_check
+        continue-on-error: true
+        run: poe-code github-workflows require-user-allow github-pull-request-opened
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+      - id: guard_result
+        run: |
+          if [ "${{ steps.allow_check.outcome }}" = "success" ]; then
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+          fi
   run:
+    needs: guard
+    if: needs.guard.outputs.should_run == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -38,6 +90,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare github-pull-request-opened
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/github-pull-request-synchronized.caller.yml

@@ -14,4 +14,5 @@ jobs:
     secrets: inherit
     with:
       PR_NUMBER: ${{ github.event.pull_request.number }}
+      COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
       GITHUB_REPOSITORY: ${{ github.repository }}

package/dist/workflow-templates/github-pull-request-synchronized.ejected.yml

@@ -4,7 +4,59 @@ on:
     types: [synchronize]
 
 jobs:
+  guard:
+    runs-on: ubuntu-latest
+    env:
+      OUTPUT_FORMAT: terminal
+    outputs:
+      should_run: ${{ steps.guard_result.outputs.should_run }}
+    permissions:
+      contents: read
+    steps:
+      - name: Preflight
+        env:
+          POE_CODE_AGENT_APP_ID: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          POE_CODE_AGENT_PRIVATE_KEY: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+          POE_API_KEY: ${{ secrets.POE_API_KEY }}
+        run: |
+          missing=()
+          [ -z "$POE_CODE_AGENT_APP_ID" ] && missing+=("POE_CODE_AGENT_APP_ID")
+          [ -z "$POE_CODE_AGENT_PRIVATE_KEY" ] && missing+=("POE_CODE_AGENT_PRIVATE_KEY")
+          [ -z "$POE_API_KEY" ] && missing+=("POE_API_KEY")
+          if [ ${#missing[@]} -gt 0 ]; then
+            for name in "${missing[@]}"; do
+              echo "::error::Missing required secret: $name — add it in Settings → Secrets and variables → Actions"
+            done
+            exit 1
+          fi
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.POE_CODE_AGENT_APP_ID }}
+          private-key: ${{ secrets.POE_CODE_AGENT_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - run: npm install -g poe-code@latest
+      - id: allow_check
+        continue-on-error: true
+        run: poe-code github-workflows require-user-allow github-pull-request-synchronized
+        env:
+          POE_CODE_STDERR_LOGS: "1"
+          COMMENT_AUTHOR_ASSOCIATION: ${{ github.event.pull_request.author_association }}
+      - id: guard_result
+        run: |
+          if [ "${{ steps.allow_check.outcome }}" = "success" ]; then
+            echo "should_run=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_run=false" >> "$GITHUB_OUTPUT"
+          fi
   run:
+    needs: guard
+    if: needs.guard.outputs.should_run == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -38,6 +90,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare github-pull-request-synchronized
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/update-dependencies.ejected.yml

@@ -39,6 +39,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare update-dependencies
         env:
           POE_CODE_STDERR_LOGS: "1"

package/dist/workflow-templates/update-documentation.ejected.yml

@@ -40,6 +40,14 @@ jobs:
         with:
           node-version: 20
       - run: npm install -g poe-code@latest
+      - name: Configure git identity for GitHub App
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          APP_SLUG: ${{ steps.app-token.outputs.app-slug }}
+        run: |
+          USER_ID=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          git config --global user.name "${APP_SLUG}[bot]"
+          git config --global user.email "${USER_ID}+${APP_SLUG}[bot]@users.noreply.github.com"
       - run: poe-code github-workflows prepare update-documentation
         env:
           POE_CODE_STDERR_LOGS: "1"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "poe-code",
-  "version": "3.0.179",
+  "version": "3.0.181",
   "description": "CLI tool to configure Poe API for developer workflows.",
   "type": "module",
   "main": "./dist/index.js",