mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-17 12:41:11 +00:00
070be392f5
* fix(ssh): verify pub/priv keypair before registering with cloud providers When a local SSH .pub file doesn't actually pair with the corresponding .priv (e.g. .pub copied from another machine, regenerated mid-flow, or edited by hand), spawn would still register the .pub with the cloud provider's key store. The registration check passes by fingerprint, the droplet boots with that key in authorized_keys, and SSH then fails with "Permission denied (publickey)" because the local .priv can't prove ownership of the registered .pub. This produced the silent failure mode where users saw "SSH key 'id_ed25519' already registered with DigitalOcean" immediately followed by 33 "Permission denied" retries. Adds verifyKeyPair() which derives the public key from the private key via `ssh-keygen -y -P "" -f priv` and compares it (key type + base64, ignoring the comment field) to the .pub file. discoverSshKeys() now filters out mismatched pairs with a clear warning naming the offending file, and silently skips passphrase-protected or otherwise unverifiable keys (BatchMode SSH can't use them anyway). Bumps CLI to 1.0.37. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(ssh): auto-repair stale .pub instead of skipping mismatched pair When the local .pub doesn't derive from the matching .priv (stale copy from another machine, etc.), the priv is still authoritative — any .pub that doesn't derive from it is wrong by definition. Previously spawn printed a warning and skipped the pair; now it backs up the stale .pub as .pub.spawn-backup-<timestamp> and rewrites the .pub from the derived key. The next launch uses the correct pub end-to-end, so the droplet boots with a public key that actually pairs with the local priv and SSH handshake succeeds instead of failing 33 times with "Permission denied (publickey)". Passphrase-protected keys (ssh-keygen -y cannot derive without the passphrase) are still skipped silently — nothing to repair with. Bumps CLI to 1.0.38. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: SPA <spa@openrouter.ai>
27 lines
696 B
JSON
27 lines
696 B
JSON
{
|
|
"name": "@openrouter/spawn",
|
|
"version": "1.0.38",
|
|
"type": "module",
|
|
"bin": {
|
|
"spawn": "cli.js"
|
|
},
|
|
"scripts": {
|
|
"dev": "bun run src/index.ts",
|
|
"build": "bun build src/index.ts --outfile cli.js --target bun --minify --packages bundle",
|
|
"compile": "bun build src/index.ts --compile --outfile spawn",
|
|
"lint": "biome lint src/",
|
|
"test": "bun test",
|
|
"test:watch": "bun test --watch"
|
|
},
|
|
"dependencies": {
|
|
"@clack/prompts": "1.0.0",
|
|
"@daytonaio/sdk": "0.160.0",
|
|
"@openrouter/spawn-shared": "workspace:*",
|
|
"picocolors": "1.1.1",
|
|
"valibot": "1.2.0"
|
|
},
|
|
"devDependencies": {
|
|
"@biomejs/biome": "2.4.3",
|
|
"@types/bun": "1.3.8"
|
|
}
|
|
}
|