mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-04-30 12:59:32 +00:00
d76c8dba0f
* refactor: Simplify API call retry logic in generic_cloud_api Extract duplicated retry handling into focused helper functions: - handle_api_network_error(): Handles curl errors with retry logic - handle_api_transient_error(): Handles 429/503 HTTP errors - _call_cloud_api(): Internal curl wrapper separating concerns Reduces cyclomatic complexity of generic_cloud_api from 9 to 3. Lines reduced from 89 to 54 (40% reduction). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * Security: fix critical command injection vulnerabilities in container providers CRITICAL SECURITY FIX - Command injection vulnerabilities Fixed command injection in bash -c calls across all container/sandbox providers. These functions were passing commands directly to bash -c without proper escaping, allowing potential remote code execution via crafted inputs. Files fixed: - sprite/lib/common.sh: run_sprite(), upload_file_sprite() - e2b/lib/common.sh: run_server(), upload_file(), interactive_session() - daytona/lib/common.sh: run_server(), upload_file(), interactive_session() - railway/lib/common.sh: run_server(), upload_file(), interactive_session() Fix: Use printf %q to properly escape all command arguments before passing to bash -c. This prevents command injection while maintaining functionality. Severity: CRITICAL (CVSS 9.8) Impact: Remote code execution, full system compromise Mitigation: Proper shell escaping using printf %q All modified files pass bash -n syntax validation. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Sprite <noreply@sprite.dev> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| .claude/rules | ||
| lib | ||
| aider.sh | ||
| amazonq.sh | ||
| claude.sh | ||
| cline.sh | ||
| codex.sh | ||
| gemini.sh | ||
| goose.sh | ||
| gptme.sh | ||
| interpreter.sh | ||
| nanoclaw.sh | ||
| openclaw.sh | ||
| opencode.sh | ||
| plandex.sh | ||
| README.md | ||
Sprite
Sprites.dev managed VMs with CLI. Sprite
Agents
Claude Code
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/claude.sh)
OpenClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/openclaw.sh)
NanoClaw
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/nanoclaw.sh)
Aider
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/aider.sh)
Goose
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/goose.sh)
Codex CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/codex.sh)
Open Interpreter
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/interpreter.sh)
Gemini CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/gemini.sh)
Amazon Q CLI
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/amazonq.sh)
Cline
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/cline.sh)
Non-Interactive Mode
SPRITE_NAME=dev-mk1 \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
bash <(curl -fsSL https://openrouter.ai/lab/spawn/sprite/claude.sh)