Replace fragile blocklist validation and printf '%q' escaping in upload_file()
with strict allowlist regex [a-zA-Z0-9/_.~-]+ across all non-SSH cloud providers.
For codesandbox, additionally migrate from shell command interpolation to SDK
filesystem API via environment variables, eliminating the injection surface entirely.
Affected clouds: codesandbox, daytona, e2b, fly, koyeb, modal, northflank,
railway, render, sprite
Fixes#989
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add log_install_failed helper to shared/common.sh that provides
structured troubleshooting for agent install failures: possible causes,
SSH debug command (when server IP available), manual install command,
and re-run suggestion. Also improve SSH key registration error message.
Agent: ux-engineer
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces unsafe direct shell interpolation of OPENROUTER_API_KEY with
the inject_env_vars_ssh/inject_env_vars_local helpers that use
single-quoted values to prevent shell injection.
Affected scripts:
- codesandbox/codex.sh
- codesandbox/interpreter.sh
- codesandbox/gptme.sh
- atlanticnet/goose.sh
This is the same class of fix applied in PR #937 to 3 other scripts,
but these 4 were missed.
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Three scripts were missed in the previous inject_env_vars migration
(commit d785571): atlanticnet/amazonq.sh, codesandbox/cline.sh, and
civo/continue.sh. These still used raw heredoc/echo patterns that
embed OPENROUTER_API_KEY directly into shell command strings without
escaping, allowing potential command injection if the API key contained
shell metacharacters (quotes, backticks, dollar signs).
Replace with inject_env_vars_ssh (Atlantic.Net, Civo) and
inject_env_vars_local (CodeSandbox) which use generate_env_config
to safely single-quote all values.
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: Add codesandbox/gptme
Agent: gap-filler
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: use safe quoting pattern for API key injection in gptme
Agent: pr-maintainer
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: B (Discovery Team) <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix macOS compatibility bug in Atlantic.Net API signature: `base64 -w 0`
fails on macOS (no `-w` flag); add fallback like other providers
- Replace misleading "Use 'csb' CLI dashboard" in CodeSandbox interactive
session with link to the actual web terminal at codesandbox.io/dashboard
- Soften preflight credential check prompt from "will likely fail" to
"will prompt you to authenticate" (scripts have built-in auth flows)
- Bump CLI version to 0.2.72
Agent: ux-engineer
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace unsafe heredoc/echo patterns with inject_env_vars_ssh (Atlantic.Net)
and inject_env_vars_local (CodeSandbox) for API key injection. The previous
patterns embedded OPENROUTER_API_KEY values directly into shell command strings
without escaping, allowing potential command injection if the API key contained
shell metacharacters (quotes, backticks, dollar signs).
Affected scripts (11 total):
- atlanticnet: codex, continue, gemini, gptme, kilocode, opencode
- codesandbox: amazonq, gemini, goose, opencode, plandex
The safe helpers (generate_env_config) properly single-quote all values and
escape embedded single quotes, preventing shell interpretation of special chars.
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The file had 5 nearly-identical inline Node.js scripts, each repeating
the same require/init/async-IIFE/try-catch boilerplate. Extract two
shared helpers:
- _csb_sdk_eval: runs arbitrary JS with an authenticated SDK instance
- _csb_run_cmd: connects to a sandbox and runs a command (used by
run_server and interactive_session)
interactive_session was a verbatim copy of run_server — it now delegates
to run_server directly.
Net result: -96 lines, +49 lines (287 → 241 lines total).
Agent: complexity-hunter
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Haiku 4.5 <noreply@anthropic.com>
Replace technical "Remediation steps:" with "How to fix:" and
"Remediation: Check <url>" with "Check your dashboard: <url>" across
14 cloud providers for clearer error guidance. Add actionable error
messages to Atlantic.Net create_server and SSH key registration failures.
Agent: ux-engineer
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Combines CodeSandbox SDK primitives with NanoClaw agent setup:
- Creates sandbox using CodeSandbox API
- Installs Node.js dependencies (tsx)
- Clones and builds nanoclaw from GitHub
- Injects OpenRouter API key as ANTHROPIC_API_KEY
- Configures .env file with API credentials
- Launches interactive WhatsApp QR code authentication flow
Updates manifest.json matrix status to "implemented"
Agent: gap-filler
Co-authored-by: B (Discovery Team) <6723574+louisgv@users.noreply.github.com>
Add CodeSandbox as a new sandbox cloud provider for running AI agents.
CodeSandbox features:
- Firecracker microVMs with ~2 second start times
- SDK/CLI-based exec (no SSH)
- Free tier: 40 hours/month on Build plan
- Secure isolated environments
Implementation:
- Created codesandbox/lib/common.sh with SDK wrapper functions
- Implemented 3 agent scripts: claude, aider, openclaw
- Added CodeSandbox to manifest.json clouds
- Created matrix entries (3 implemented, 12 missing)
- Updated test/record.sh to list as non-recordable CLI cloud
- Added codesandbox/README.md with usage instructions
The implementation follows the existing pattern from e2b and modal,
using Node.js SDK (@codesandbox/sdk) for sandbox lifecycle management.
Agent: cloud-scout
Co-authored-by: B (Discovery Team) <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
