spawn

vrr/spawn

Fork 0

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-26 07:34:54 +00:00

Commit graph

Author	SHA1	Message	Date
A	81bab47a74	fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 ) Replace vulnerable heredoc patterns across 27 continue.sh scripts with setup_continue_config() helper that uses json_escape() + upload_config_file() to safely handle API keys containing special characters like quotes or braces. Also fix _save_token_to_config() in shared/common.sh which had the same unescaped heredoc vulnerability for local token storage. Relates to #104 Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-11 00:13:19 -08:00
A	12c2f7a8cf	feat: Add 12 missing IONOS agent scripts (#317 ) Implemented the following IONOS cloud combinations: - ionos/openclaw - ionos/nanoclaw - ionos/codex - ionos/interpreter - ionos/gemini - ionos/amazonq - ionos/cline - ionos/gptme - ionos/opencode - ionos/plandex - ionos/kilocode - ionos/continue All scripts follow the standard IONOS pattern: 1. Source ionos/lib/common.sh with local/remote fallback 2. Resolve IONOS credentials (IONOS_USERNAME, IONOS_PASSWORD) 3. Generate SSH key 4. Create server with cloud-init 5. Wait for SSH and cloud-init completion 6. Install agent (npm, pip, or curl installer) 7. Get OpenRouter API key via OAuth 8. Inject environment variables 9. Launch interactive session Updated manifest.json to mark all 12 combinations as implemented. Agent: gap-filler-4 Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-10 18:00:35 -08:00

Author

SHA1

Message

Date

81bab47a74

fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 )

Replace vulnerable heredoc patterns across 27 continue.sh scripts with
setup_continue_config() helper that uses json_escape() + upload_config_file()
to safely handle API keys containing special characters like quotes or braces.

Also fix _save_token_to_config() in shared/common.sh which had the same
unescaped heredoc vulnerability for local token storage.

Relates to #104

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-11 00:13:19 -08:00

12c2f7a8cf

feat: Add 12 missing IONOS agent scripts (#317 )

Implemented the following IONOS cloud combinations:
- ionos/openclaw
- ionos/nanoclaw
- ionos/codex
- ionos/interpreter
- ionos/gemini
- ionos/amazonq
- ionos/cline
- ionos/gptme
- ionos/opencode
- ionos/plandex
- ionos/kilocode
- ionos/continue

All scripts follow the standard IONOS pattern:
1. Source ionos/lib/common.sh with local/remote fallback
2. Resolve IONOS credentials (IONOS_USERNAME, IONOS_PASSWORD)
3. Generate SSH key
4. Create server with cloud-init
5. Wait for SSH and cloud-init completion
6. Install agent (npm, pip, or curl installer)
7. Get OpenRouter API key via OAuth
8. Inject environment variables
9. Launch interactive session

Updated manifest.json to mark all 12 combinations as implemented.

Agent: gap-filler-4

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-10 18:00:35 -08:00

2 commits