# ThePopeBot: git-native autonomous AI agent scaffolding > Open-source scaffolding for 24/7 autonomous AI coding agents via GitHub Actions and Docker. Each task branches, runs isolated, opens a PR, and auto-merges. Published: 2026-04-13 URL: https://daniliants.com/insights/github-stephengpope-thepopebot-the-pope-bot-is-an-autonomous/ Tags: autonomous-agents, github-actions, docker, claude-code, self-hosting, llm, ci-cd, telegram-bots --- ## Summary thepopebot is an open-source scaffolding for autonomous AI coding agents that run 24/7 via GitHub Actions + Docker. Each agent task creates a branch, runs in an isolated Docker container, commits code, opens a PR, and auto-merges, giving full audit trail via git. Supports 9 LLM providers and can route agent jobs through a Claude Pro/Max subscription instead of paying per API call. ## Key Insight - **Architecture is git-native.** Every agent action is a commit on an `agent-job/*` branch. You review, approve, or undo via PRs, no bespoke audit log needed. This is one of the cleanest patterns for autonomous agents: leverage existing GitHub tooling instead of building parallel state. - **Split chat LLM vs agent LLM.** Chat side uses a fast/cheap model for real-time interaction; agent side uses a capable model for coding tasks. Setup wizard lets you pick different providers per side. - **Claude subscription routing.** If you have Claude Pro ($20/mo) or Max ($100+/mo), you can point agent jobs at your subscription via `claude setup-token` (generates `sk-ant-oat01-*` token). Usage counts against Claude.ai limits but avoids API billing. Chat side still needs a separate API key. - **Trigger surface is wide**: web chat UI, Telegram bot, webhook POST to `/api/create-agent-job`, and cron jobs defined in `agent-job/CRONS.json`. So you can kick off tasks from anywhere. - **Clusters**, agents can coordinate as teams. Not detailed in main README but docs/CLUSTERS.md is referenced. - **Local dev requires ngrok tunnel** (free plan rotates URL every restart, `npx thepopebot set-var APP_URL` re-syncs). VPS deploys skip ngrok. - **Security caveats are honest.** README explicitly warns: local tunnel deployments expose dev server endpoints publicly with no rate limiting, no TLS on the local hop. Auto-merge has path restrictions to limit blast radius. Still "provided as-is." - **9 built-in providers**: Anthropic, OpenAI, Google, DeepSeek, MiniMax, Mistral, xAI, Kimi, OpenRouter, plus any OpenAI-compatible endpoint. - **Upgrade story is clean.** `npx thepopebot upgrade` pulls latest, rebuilds, pushes, restarts Docker, triggers `rebuild-event-handler.yml` on server. No manual `docker compose` dance.