- binarylane/continue.sh: Replace unsafe inline echo with inject_env_vars_ssh
to prevent command injection if OPENROUTER_API_KEY contains single quotes
- test/record.sh: Pass credential values via sys.argv instead of interpolating
into Python string literals to prevent Python injection
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace vulnerable heredoc patterns across 27 continue.sh scripts with
setup_continue_config() helper that uses json_escape() + upload_config_file()
to safely handle API keys containing special characters like quotes or braces.
Also fix _save_token_to_config() in shared/common.sh which had the same
unescaped heredoc vulnerability for local token storage.
Relates to #104
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implements binarylane/continue.sh to run Continue CLI on BinaryLane servers.
- Uses BinaryLane REST API to provision Ubuntu 24.04 server
- Installs Node.js via NVM and Continue CLI (@continuedev/cli)
- Configures OpenRouter integration in ~/.continue/config.json
- Launches interactive TUI mode (cn command)
Agent: gap-filler-binarylane-continue
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
