project logoREADME.md

Looking at the code, I can see several issues that would prevent image generation from working:

  1. replace_response events are appended instead of replacing — Poe sends these to reset the text, but the code accumulates them, potentially doubling content or mishandling state.
  2. Poe CDN URLs (pfst.cf2.poecdn.net) are tried with the Poe API bearer token first — CDN signed URLs don't use bearer auth; sending that header may cause rejections.
  3. The first attachment loop skips anything without content_type — URLs extracted from markdown never have one, so they only reach the second loop after all typed attachments fail.
  4. extractAllUrls trailing-char stripping can corrupt signed URL query params (e.g. = in base64 signatures).

Here's the fixed file:Here's a summary of every fix made:

1. replace_response events now actually replace text The old code did resultText += parsed.text for every SSE event, including replace_response (which is supposed to reset the whole message). This was tracked separately — replaceText wins over incrementalText when building the final string. This is critical because Poe image bots usually emit one replace_response containing the final markdown image link.

2. No bearer token sent to Poe CDN URLs pfst.cf2.poecdn.net URLs are pre-signed — the auth is baked into the query string. Sending Authorization: Bearer <api_key> to the CDN can cause the request to be rejected or return unexpected content. The new downloadUrl() only adds the bearer token for api.poe.com requests.

3. CRLF-safe SSE parsing Added buffer.replace(/\r\n/g, "\n") before boundary detection, so the parser works regardless of whether Poe uses LF or CRLF line endings.

4. URL extraction no longer strips = signs The old trailing-char strip removed = and ., which can corrupt base64-encoded query parameters in signed CDN URLs. The new extractBareUrls() only strips terminal punctuation that genuinely can't be part of a URL (,, ;, !, ?, .).

5. Four-pass image search with a dedicated poecdn scan Pass 1 → typed content-type attachments. Pass 2 → base64 data URIs. Pass 3 → all remaining URLs by magic-byte check. Pass 4 → regex scan of the full response text specifically for pfst.cf2.poecdn.net URLs, as a final safety net.