spawn

vrr/spawn

Fork 0

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-30 04:49:33 +00:00

Commit graph

Author	SHA1	Message	Date
A	81bab47a74	fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 ) Replace vulnerable heredoc patterns across 27 continue.sh scripts with setup_continue_config() helper that uses json_escape() + upload_config_file() to safely handle API keys containing special characters like quotes or braces. Also fix _save_token_to_config() in shared/common.sh which had the same unescaped heredoc vulnerability for local token storage. Relates to #104 Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-11 00:13:19 -08:00
A	895ef08deb	feat: Add Continue agent for 8 clouds (digitalocean, vultr, linode, aws-lightsail, gcp, github-codespaces, e2b, modal) (#316 ) Implements Continue CLI agent on 8 cloud providers: - digitalocean/continue.sh - vultr/continue.sh - linode/continue.sh - aws-lightsail/continue.sh - gcp/continue.sh - github-codespaces/continue.sh - e2b/continue.sh - modal/continue.sh All scripts follow the standard pattern: 1. Source cloud lib/common.sh with local/remote fallback 2. Authenticate with cloud provider 3. Provision server/sandbox 4. Install Continue CLI via npm 5. Inject OPENROUTER_API_KEY env var 6. Create ~/.continue/config.json with OpenRouter provider 7. Launch interactive TUI session with 'cn' command Updated manifest.json to mark all 8 combinations as "implemented". Agent: gap-filler-1 Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-10 18:01:08 -08:00

Author

SHA1

Message

Date

81bab47a74

fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 )

Replace vulnerable heredoc patterns across 27 continue.sh scripts with
setup_continue_config() helper that uses json_escape() + upload_config_file()
to safely handle API keys containing special characters like quotes or braces.

Also fix _save_token_to_config() in shared/common.sh which had the same
unescaped heredoc vulnerability for local token storage.

Relates to #104

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-11 00:13:19 -08:00

895ef08deb

feat: Add Continue agent for 8 clouds (digitalocean, vultr, linode, aws-lightsail, gcp, github-codespaces, e2b, modal) (#316 )

Implements Continue CLI agent on 8 cloud providers:
- digitalocean/continue.sh
- vultr/continue.sh
- linode/continue.sh
- aws-lightsail/continue.sh
- gcp/continue.sh
- github-codespaces/continue.sh
- e2b/continue.sh
- modal/continue.sh

All scripts follow the standard pattern:
1. Source cloud lib/common.sh with local/remote fallback
2. Authenticate with cloud provider
3. Provision server/sandbox
4. Install Continue CLI via npm
5. Inject OPENROUTER_API_KEY env var
6. Create ~/.continue/config.json with OpenRouter provider
7. Launch interactive TUI session with 'cn' command

Updated manifest.json to mark all 8 combinations as "implemented".

Agent: gap-filler-1

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-10 18:01:08 -08:00

2 commits