
thepopebot
Open-source autonomous coding agent that runs on GitHub Actions, does work in Docker, commits changes, and notifies you on Telegram.
🛡️ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for thepopebot, derived from its capabilities.
Overview
thepopebot is an open-source template for deploying a 24/7 autonomous AI agent using GitHub Actions as the execution environment. You interact with the agent via Telegram (or a webhook). An event handler creates a job branch, GitHub Actions spins up a Docker container that runs the “Pi” coding agent, and the agent completes the task by committing changes and opening a pull request. Optional auto-merge workflows can merge results automatically. The project emphasizes security by filtering secrets at the process level so the agent cannot access them directly, and it treats the git repository history as the agent’s auditable, reversible memory.
Key features
- github actions
- docker execution
- telegram bot
- webhooks
- pull requests
- auto-merge
- git-based audit trail
- secret filtering
- pi coding agent
Use cases
- Running autonomous coding tasks on free GitHub Actions compute using job branches and Docker.
- Getting auditable, reversible agent work where every action is captured as git commits and PRs.
- Triggering agent jobs from Telegram or webhooks for research, code changes, and automation workflows.
- Hardening agent security by preventing direct access to secrets via process-level filtering.