spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-05 23:50:48 +00:00

History

A 116305f32c fix: Secure upload_file() against command injection in Railway, Modal, and Koyeb (#221 ) Railway: Missing base64 -w0 caused newline injection; unescaped remote_path in single quotes allowed single-quote breakout command injection. Now uses base64 -w0 with macOS fallback, printf '%q' for path escaping, and routes through run_server instead of direct railway run bash -c. Modal: Remote path was embedded in single quotes without escaping, allowing single-quote breakout. Now uses printf '%q' for safe path escaping. Koyeb: Used fragile deny-list validation for remote_path (rejecting specific characters) and base64 without -w0 flag. Replaced with printf '%q' escaping and added base64 -w0 with macOS fallback. Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-02-10 12:33:15 -08:00
..
lib	fix: Secure upload_file() against command injection in Railway, Modal, and Koyeb (#221 )	2026-02-10 12:33:15 -08:00
aider.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
amazonq.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
claude.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
cline.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
codex.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
gemini.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
goose.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
gptme.sh	refactor: Extract ENV_TEMP pattern to provider-specific inject functions	2026-02-08 04:15:02 +00:00
interpreter.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
kilocode.sh	feat: Add kilocode scripts for e2b, modal, fly, civo, scaleway, daytona (#113 )	2026-02-09 19:45:51 -08:00
nanoclaw.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
openclaw.sh	refactor: Extract ENV_TEMP pattern to inject_env_vars_local (Modal)	2026-02-08 04:04:01 +00:00
opencode.sh	fix: Use robust OpenCode install method across all clouds (#48 )	2026-02-07 23:02:18 -08:00
plandex.sh	Add Plandex coding agent with 14 cloud implementations (#36 )	2026-02-07 21:35:04 -08:00
README.md	fix: Improve CLI error handling, fix bash compat, and update cloud READMEs (#90 )	2026-02-09 09:33:57 -08:00

README.md

Modal sandboxed containers via Python SDK. Modal

No SSH — uses Modal Python SDK for exec. Sub-second cold starts. Requires pip install modal.

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)

OpenClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/openclaw.sh)

NanoClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/nanoclaw.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/aider.sh)

Goose

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/goose.sh)

Codex CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/codex.sh)

Open Interpreter

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/interpreter.sh)

Gemini CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gemini.sh)

Amazon Q CLI

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/amazonq.sh)

Cline

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/cline.sh)

gptme

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/gptme.sh)

OpenCode

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/opencode.sh)

Plandex

bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/plandex.sh)

Non-Interactive Mode

MODAL_SANDBOX_NAME=dev-mk1 \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/lab/spawn/modal/claude.sh)