mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-04-28 03:49:31 +00:00
51e36d2154
Tracks whether installs came from Reddit, X, or organic by baking a
ref tag into the install command.
Growth bot shares:
curl -fsSL ... | SPAWN_REF=reddit bash
curl -fsSL ... | SPAWN_REF=x bash
install.sh: if SPAWN_REF is set, sanitizes it (alphanumeric + hyphens,
max 32 chars) and writes to ~/.config/spawn/.ref. Only written once —
never overwritten on updates.
index.ts: on startup, reads .ref and sets it as telemetry context via
setTelemetryContext("ref", ref). Every PostHog event (funnel, lifecycle,
errors) now carries ref=reddit or ref=x for attributed installs, or no
ref for organic.
PostHog query: filter any event by ref=reddit to see "how many Reddit-
sourced users made it through the funnel" vs organic.
Bumps 1.0.15 -> 1.0.16.
Co-authored-by: A <258483684+la14-1@users.noreply.github.com>
392 lines
15 KiB
Bash
Executable file
392 lines
15 KiB
Bash
Executable file
#!/bin/bash
|
|
# Installer for the spawn CLI
|
|
#
|
|
# Usage:
|
|
# curl -fsSL --proto '=https' https://openrouter.ai/labs/spawn/cli/install.sh | bash
|
|
#
|
|
# This installs spawn via bun. If bun is not available, it auto-installs it first.
|
|
#
|
|
# Override install directory:
|
|
# SPAWN_INSTALL_DIR=/usr/local/bin curl -fsSL --proto '=https' ... | bash
|
|
|
|
set -eo pipefail
|
|
|
|
SPAWN_REPO="OpenRouterTeam/spawn"
|
|
SPAWN_CDN="https://openrouter.ai/labs/spawn"
|
|
SPAWN_RAW_BASE="https://raw.githubusercontent.com/${SPAWN_REPO}/main"
|
|
MIN_BUN_VERSION="1.2.0"
|
|
BUN_INSTALL_VERSION="1.3.9"
|
|
# SHA-256 of https://bun.sh/install?version=1.3.9 — update when bumping BUN_INSTALL_VERSION
|
|
BUN_INSTALLER_SHA256="bab8acfb046aac8c72407bdcce903957665d655d7acaa3e11c7c4616beae68dd"
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BOLD='\033[1m'
|
|
NC='\033[0m'
|
|
|
|
CYAN='\033[0;36m'
|
|
|
|
log_info() { printf '%b[spawn]%b %s\n' "$GREEN" "$NC" "$1"; }
|
|
log_step() { printf '%b[spawn]%b %s\n' "$CYAN" "$NC" "$1"; }
|
|
log_warn() { printf '%b[spawn]%b %s\n' "$YELLOW" "$NC" "$1"; }
|
|
log_error() { printf '%b[spawn]%b %s\n' "$RED" "$NC" "$1"; }
|
|
|
|
# --- Helper: portable SHA-256 (macOS uses shasum, Linux uses sha256sum) ---
|
|
sha256_file() {
|
|
if command -v sha256sum &>/dev/null; then
|
|
sha256sum "$1" | cut -d' ' -f1
|
|
elif command -v shasum &>/dev/null; then
|
|
shasum -a 256 "$1" | cut -d' ' -f1
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# --- Helper: compare semver strings ---
|
|
# Returns 0 (true) if $1 >= $2
|
|
version_gte() {
|
|
local IFS='.'
|
|
local a=($1) b=($2)
|
|
local i=0
|
|
while [ $i -lt ${#b[@]} ]; do
|
|
local av="${a[$i]:-0}"
|
|
local bv="${b[$i]:-0}"
|
|
if [ "$av" -lt "$bv" ]; then
|
|
return 1
|
|
elif [ "$av" -gt "$bv" ]; then
|
|
return 0
|
|
fi
|
|
i=$((i + 1))
|
|
done
|
|
return 0
|
|
}
|
|
|
|
# --- Helper: ensure bun meets minimum version ---
|
|
ensure_min_bun_version() {
|
|
local current
|
|
current="$(bun --version)"
|
|
if ! version_gte "$current" "$MIN_BUN_VERSION"; then
|
|
log_warn "bun ${current} is below minimum ${MIN_BUN_VERSION}, upgrading..."
|
|
bun upgrade
|
|
current="$(bun --version)"
|
|
if ! version_gte "$current" "$MIN_BUN_VERSION"; then
|
|
log_error "Failed to upgrade bun to >= ${MIN_BUN_VERSION} (got ${current})"
|
|
echo ""
|
|
echo "Please upgrade bun manually:"
|
|
echo " bun upgrade"
|
|
echo ""
|
|
echo "Then re-run:"
|
|
echo " curl -fsSL --proto '=https' ${SPAWN_CDN}/cli/install.sh | bash"
|
|
exit 1
|
|
fi
|
|
log_info "bun upgraded to ${current}"
|
|
fi
|
|
}
|
|
|
|
# --- Helper: check if sudo can authenticate without a password prompt ---
|
|
# Returns 0 if sudo is passwordless (root, NOPASSWD, or macOS Touch ID).
|
|
has_passwordless_sudo() {
|
|
# Already root — no sudo needed
|
|
[ "$(id -u)" = "0" ] && return 0
|
|
# Check if sudo works non-interactively (NOPASSWD or cached credentials)
|
|
sudo -n true 2>/dev/null && return 0
|
|
# macOS: check if Touch ID is configured for sudo (pam_tid.so)
|
|
if [ -f /etc/pam.d/sudo_local ] && grep -q "pam_tid" /etc/pam.d/sudo_local 2>/dev/null; then
|
|
return 0
|
|
fi
|
|
if [ -f /etc/pam.d/sudo ] && grep -q "pam_tid" /etc/pam.d/sudo 2>/dev/null; then
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
# --- Helper: verify symlink target is safe before overwriting ---
|
|
# Returns 0 if the path doesn't exist, is not a symlink, or points to a safe location.
|
|
# Returns 1 if it's a symlink pointing to an unexpected location (potential hijack).
|
|
# Safe prefixes: $HOME/.local, $HOME/.bun, /usr/local, $HOME/.npm-global
|
|
verify_symlink_safe() {
|
|
local target_path="$1"
|
|
# No file at all — safe to create
|
|
if [ ! -e "$target_path" ] && [ ! -L "$target_path" ]; then
|
|
return 0
|
|
fi
|
|
# Not a symlink (regular file or dir) — safe to overwrite with -f
|
|
if [ ! -L "$target_path" ]; then
|
|
return 0
|
|
fi
|
|
# It's a symlink — read where it points (portable: readlink without -f)
|
|
local link_target
|
|
link_target="$(readlink "$target_path" 2>/dev/null || true)"
|
|
if [ -z "$link_target" ]; then
|
|
# Could not read symlink — treat as suspicious
|
|
return 1
|
|
fi
|
|
# Check against safe prefixes
|
|
case "$link_target" in
|
|
"${HOME}/.local/"*|"${HOME}/.bun/"*|"/usr/local/"*|"${HOME}/.npm-global/"*)
|
|
return 0
|
|
;;
|
|
*)
|
|
return 1
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# --- Helper: create symlink only if existing target is safe ---
|
|
# Usage: safe_ln_sf <source> <dest> [sudo]
|
|
# Warns and skips if dest is a symlink pointing to an unexpected location.
|
|
safe_ln_sf() {
|
|
local src="$1"
|
|
local dest="$2"
|
|
local use_sudo="${3:-}"
|
|
local name
|
|
name="$(basename "$dest")"
|
|
if ! verify_symlink_safe "$dest"; then
|
|
local existing
|
|
existing="$(readlink "$dest" 2>/dev/null || true)"
|
|
log_warn "Skipping ${dest}: existing symlink points to unexpected location (${existing})"
|
|
log_warn "Remove it manually if you trust the target: rm ${dest}"
|
|
return 1
|
|
fi
|
|
if [ "$use_sudo" = "sudo" ]; then
|
|
sudo ln -sf "$src" "$dest"
|
|
else
|
|
ln -sf "$src" "$dest"
|
|
fi
|
|
}
|
|
|
|
# --- Helper: ensure spawn works immediately and in future sessions ---
|
|
# Installs to ~/.local/bin. If that's not already in PATH, also symlinks
|
|
# to /usr/local/bin for immediate availability (without prompting for a
|
|
# password — only if writable or passwordless sudo is available).
|
|
# Also patches shell rc files so both ~/.local/bin and ~/.bun/bin are in
|
|
# PATH for future sessions (bun is required by spawn's shebang).
|
|
ensure_in_path() {
|
|
local install_dir="$1"
|
|
local bun_bin_dir="${BUN_INSTALL}/bin"
|
|
|
|
# 1. Check if install_dir and bun are already in the user's real PATH
|
|
local spawn_in_path=false
|
|
local bun_in_path=false
|
|
if echo "${_SPAWN_ORIG_PATH}" | tr ':' '\n' | grep -qxF "${install_dir}"; then
|
|
spawn_in_path=true
|
|
fi
|
|
if echo "${_SPAWN_ORIG_PATH}" | tr ':' '\n' | grep -qxF "${bun_bin_dir}"; then
|
|
bun_in_path=true
|
|
fi
|
|
|
|
# 2. If spawn not in PATH, symlink into /usr/local/bin for immediate availability
|
|
# Try in order: direct write → passwordless sudo → prompt for password
|
|
# Also symlink bun so that spawn's #!/usr/bin/env bun shebang resolves
|
|
local linked=false
|
|
local bun_path
|
|
bun_path="$(command -v bun 2>/dev/null || true)"
|
|
# Validate bun is in an expected directory before symlinking with elevated
|
|
# privileges. If an attacker controls PATH, `command -v bun` could resolve
|
|
# to a malicious binary — symlinking that to /usr/local/bin with sudo would
|
|
# be a privilege escalation vector.
|
|
if [ -n "$bun_path" ]; then
|
|
case "$bun_path" in
|
|
"${HOME}/.bun/bin/bun"|"${HOME}/.local/bin/bun"|/usr/local/bin/bun|"${BUN_INSTALL}/bin/bun")
|
|
# Expected bun installation location — safe to symlink
|
|
;;
|
|
*)
|
|
log_warn "bun found at unexpected location: ${bun_path} — skipping symlink"
|
|
bun_path=""
|
|
;;
|
|
esac
|
|
fi
|
|
if [ "$spawn_in_path" = false ]; then
|
|
if [ -d /usr/local/bin ] && [ -w /usr/local/bin ]; then
|
|
safe_ln_sf "${install_dir}/spawn" /usr/local/bin/spawn && linked=true
|
|
if [ -n "$bun_path" ] && [ ! -x /usr/local/bin/bun ]; then
|
|
safe_ln_sf "$bun_path" /usr/local/bin/bun 2>/dev/null || true
|
|
fi
|
|
elif has_passwordless_sudo; then
|
|
safe_ln_sf "${install_dir}/spawn" /usr/local/bin/spawn sudo 2>/dev/null && linked=true
|
|
if [ -n "$bun_path" ] && [ ! -x /usr/local/bin/bun ]; then
|
|
safe_ln_sf "$bun_path" /usr/local/bin/bun sudo 2>/dev/null || true
|
|
fi
|
|
elif command -v sudo &>/dev/null; then
|
|
# Last resort: ask for password
|
|
log_step "Adding spawn to /usr/local/bin (may require your password)..."
|
|
safe_ln_sf "${install_dir}/spawn" /usr/local/bin/spawn sudo && linked=true || true
|
|
if [ "$linked" = true ] && [ -n "$bun_path" ] && [ ! -x /usr/local/bin/bun ]; then
|
|
safe_ln_sf "$bun_path" /usr/local/bin/bun sudo 2>/dev/null || true
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# 3. Patch shell rc files so both ~/.local/bin and ~/.bun/bin are in PATH
|
|
# for future sessions. ~/.bun/bin is required by spawn's #!/usr/bin/env bun shebang.
|
|
local rc_file=""
|
|
case "${SHELL:-/bin/bash}" in
|
|
*/zsh) rc_file="${HOME}/.zshrc" ;;
|
|
*/fish) rc_file="" ;;
|
|
*) rc_file="${HOME}/.bashrc" ;;
|
|
esac
|
|
|
|
# Marker comments — keep in sync with packages/cli/src/shared/paths.ts
|
|
local marker_start="# >>> spawn >>>"
|
|
local marker_end="# <<< spawn <<<"
|
|
|
|
# Helper: add a dir to rc files if not already present
|
|
_patch_rc() {
|
|
local dir="$1"
|
|
local line="export PATH=\"${dir}:\$PATH\""
|
|
if [ -n "$rc_file" ]; then
|
|
if ! grep -qF "${dir}" "$rc_file" 2>/dev/null; then
|
|
printf '\n%s\n%s\n%s\n' "$marker_start" "$line" "$marker_end" >> "$rc_file"
|
|
fi
|
|
case "${SHELL:-/bin/bash}" in */bash)
|
|
for profile in "${HOME}/.profile" "${HOME}/.bash_profile"; do
|
|
if [ -f "$profile" ] && ! grep -qF "${dir}" "$profile" 2>/dev/null; then
|
|
printf '\n%s\n%s\n%s\n' "$marker_start" "$line" "$marker_end" >> "$profile"
|
|
fi
|
|
done
|
|
;; esac
|
|
else
|
|
case "${SHELL:-}" in */fish)
|
|
fish -c "fish_add_path \"${dir}\"" 2>/dev/null || true
|
|
;; esac
|
|
fi
|
|
}
|
|
|
|
if [ "$spawn_in_path" = false ]; then
|
|
_patch_rc "${install_dir}"
|
|
fi
|
|
if [ "$bun_in_path" = false ]; then
|
|
_patch_rc "${bun_bin_dir}"
|
|
fi
|
|
|
|
# 4. Show version and success message
|
|
echo ""
|
|
SPAWN_NO_UPDATE_CHECK=1 PATH="${install_dir}:${PATH}" "${install_dir}/spawn" version
|
|
echo ""
|
|
local all_ready=true
|
|
if [ "$spawn_in_path" = false ] && [ "$linked" = false ]; then
|
|
all_ready=false
|
|
fi
|
|
if [ "$bun_in_path" = false ] && [ ! -x /usr/local/bin/bun ]; then
|
|
all_ready=false
|
|
fi
|
|
if [ "$all_ready" = true ]; then
|
|
printf '%b[spawn]%b Run %bspawn%b to get started\n' "$GREEN" "$NC" "$BOLD" "$NC"
|
|
else
|
|
printf '%b[spawn]%b To start using spawn, run:\n' "$GREEN" "$NC"
|
|
echo ""
|
|
echo " exec \$SHELL"
|
|
echo ""
|
|
fi
|
|
}
|
|
|
|
# --- Helper: build and install the CLI using bun ---
|
|
build_and_install() {
|
|
tmpdir=$(mktemp -d)
|
|
[ -n "$tmpdir" ] || { log_error "mktemp failed to produce a directory path"; exit 1; }
|
|
trap '[ -n "${tmpdir}" ] && [ -d "${tmpdir}" ] && rm -rf "${tmpdir}"' EXIT
|
|
|
|
log_step "Downloading pre-built CLI binary..."
|
|
curl -fsSL --proto '=https' "https://github.com/${SPAWN_REPO}/releases/download/cli-latest/cli.js" -o "${tmpdir}/cli.js"
|
|
if [ ! -s "${tmpdir}/cli.js" ]; then
|
|
log_error "Failed to download pre-built binary"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -n "${SPAWN_INSTALL_DIR:-}" ]; then
|
|
case "${SPAWN_INSTALL_DIR}" in
|
|
/*) ;; # absolute path OK
|
|
*) log_error "SPAWN_INSTALL_DIR must be an absolute path"; exit 1 ;;
|
|
esac
|
|
case "${SPAWN_INSTALL_DIR}" in
|
|
*..*) log_error "SPAWN_INSTALL_DIR must not contain .. path components"; exit 1 ;;
|
|
esac
|
|
fi
|
|
INSTALL_DIR="${SPAWN_INSTALL_DIR:-${HOME}/.local/bin}"
|
|
mkdir -p "${INSTALL_DIR}"
|
|
cp "${tmpdir}/cli.js" "${INSTALL_DIR}/spawn"
|
|
chmod +x "${INSTALL_DIR}/spawn"
|
|
|
|
log_info "Installed spawn to ${INSTALL_DIR}/spawn"
|
|
ensure_in_path "${INSTALL_DIR}"
|
|
}
|
|
|
|
# --- Locate or install bun ---
|
|
# Save original PATH before modifications so ensure_in_path() can check
|
|
# whether the install dir is already in the user's real PATH.
|
|
_SPAWN_ORIG_PATH="${PATH}"
|
|
# When running via `curl | bash`, subshells may not inherit PATH updates,
|
|
# so we always prepend the standard bun install locations explicitly.
|
|
export BUN_INSTALL="${BUN_INSTALL:-${HOME}/.bun}"
|
|
export PATH="${BUN_INSTALL}/bin:${HOME}/.local/bin:${PATH}"
|
|
|
|
# Check that bun exists AND actually works. Some platforms (e.g. Sprite)
|
|
# have a bun shim that delegates to $HOME/.bun/bin/bun — if that binary
|
|
# doesn't exist, `command -v bun` returns 0 but `bun --version` fails.
|
|
if ! bun --version &>/dev/null; then
|
|
log_step "bun not found or not working. Installing bun..."
|
|
|
|
# Download the bun installer to a temp file and verify its SHA-256 hash
|
|
# before executing. This defends against a compromised bun.sh CDN or
|
|
# DNS hijack serving a tampered install script.
|
|
_bun_installer=$(mktemp)
|
|
curl -fsSL --proto '=https' "https://bun.sh/install?version=${BUN_INSTALL_VERSION}" -o "$_bun_installer"
|
|
_bun_hash="$(sha256_file "$_bun_installer" 2>/dev/null || true)"
|
|
if [ -z "$_bun_hash" ]; then
|
|
log_warn "Cannot verify bun installer (no sha256sum/shasum available), executing unverified"
|
|
elif [ "$_bun_hash" != "$BUN_INSTALLER_SHA256" ]; then
|
|
rm -f "$_bun_installer"
|
|
log_error "bun installer hash mismatch — possible supply chain attack"
|
|
log_error "Expected: ${BUN_INSTALLER_SHA256}"
|
|
log_error "Got: ${_bun_hash}"
|
|
echo ""
|
|
echo "The bun installer from bun.sh does not match the expected hash."
|
|
echo "This could indicate a compromised CDN or DNS hijack."
|
|
echo ""
|
|
echo "If bun has released a new installer, please report this at:"
|
|
echo " https://github.com/${SPAWN_REPO}/issues"
|
|
exit 1
|
|
fi
|
|
bash "$_bun_installer"
|
|
rm -f "$_bun_installer"
|
|
|
|
# Re-export so bun is available in this session immediately.
|
|
# Use hard-coded paths alongside BUN_INSTALL — the bun installer may
|
|
# have placed the binary in $HOME/.bun/bin even if BUN_INSTALL differs.
|
|
export PATH="$HOME/.bun/bin:${BUN_INSTALL}/bin:$HOME/.local/bin:${PATH}"
|
|
|
|
if ! command -v bun &>/dev/null; then
|
|
log_error "Failed to install bun automatically"
|
|
echo ""
|
|
echo "Please install bun manually:"
|
|
echo " curl -fsSL --proto '=https' https://bun.sh/install?version=${BUN_INSTALL_VERSION} | bash"
|
|
echo ""
|
|
echo "Then reopen your terminal and re-run:"
|
|
echo " curl -fsSL --proto '=https' ${SPAWN_CDN}/cli/install.sh | bash"
|
|
exit 1
|
|
fi
|
|
|
|
log_info "bun installed successfully"
|
|
fi
|
|
|
|
ensure_min_bun_version
|
|
|
|
log_step "Installing spawn via bun..."
|
|
build_and_install
|
|
|
|
# Persist install referrer (e.g. SPAWN_REF=reddit) so the CLI can report
|
|
# attribution on first run. Only written once — never overwritten on updates.
|
|
if [ -n "${SPAWN_REF:-}" ]; then
|
|
_ref_dir="${HOME}/.config/spawn"
|
|
_ref_file="${_ref_dir}/.ref"
|
|
if [ ! -f "${_ref_file}" ]; then
|
|
mkdir -p "${_ref_dir}"
|
|
# Sanitize: allow only alphanumeric, hyphens, underscores (no injection)
|
|
_clean_ref=$(printf '%s' "${SPAWN_REF}" | tr -cd 'a-zA-Z0-9_-' | head -c 32)
|
|
if [ -n "${_clean_ref}" ]; then
|
|
printf '%s' "${_clean_ref}" > "${_ref_file}"
|
|
log_info "Install referrer: ${_clean_ref}"
|
|
fi
|
|
fi
|
|
fi
|