vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-08 18:39:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
spawn/railway
History
A f88807ecd6
fix: Prevent shell injection in Railway env var injection and file upload (#222) 
Railway's inject_env_vars passed user-controlled values (e.g. OPENROUTER_API_KEY)
through bash -c without proper escaping, allowing shell injection. Replace with
the safe file-based pattern used by other providers (write to temp file, upload,
append to .bashrc).

Also add remote_path validation to Railway and Modal upload_file functions to
prevent single-quote breakout injection, matching the pattern already used by
Koyeb. Fix gptme.sh reference to non-existent inject_env_vars_railway function.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-10 12:34:13 -08:00
..
lib fix: Prevent shell injection in Railway env var injection and file upload (#222) 2026-02-10 12:34:13 -08:00
aider.sh feat: Add NanoClaw agent to Railway platform (#217) 2026-02-10 12:26:05 -08:00
claude.sh feat: Add NanoClaw agent to Railway platform (#217) 2026-02-10 12:26:05 -08:00
gptme.sh fix: Fix broken Railway gptme script and update provider READMEs (#224) 2026-02-10 12:34:02 -08:00
nanoclaw.sh feat: Add NanoClaw agent to Railway platform (#217) 2026-02-10 12:26:05 -08:00
openclaw.sh feat: Add NanoClaw agent to Railway platform (#217) 2026-02-10 12:26:05 -08:00
README.md fix: Fix broken Railway gptme script and update provider READMEs (#224) 2026-02-10 12:34:02 -08:00

README.md

Railway

Railway serverless container platform via CLI. Railway

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/claude.sh)

OpenClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/openclaw.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/aider.sh)

NanoClaw

bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/nanoclaw.sh)

gptme

bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/gptme.sh)

Non-Interactive Mode

RAILWAY_SERVICE_NAME=dev-mk1 \
RAILWAY_TOKEN=your-token \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/lab/spawn/railway/claude.sh)

Environment Variables

Variable Description Default
RAILWAY_TOKEN Railway API token (CLI auth or prompted)
RAILWAY_SERVICE_NAME Service name (prompted)
RAILWAY_REGION Deployment region us-west1
OPENROUTER_API_KEY OpenRouter API key (OAuth or prompted)

Notes

  • Railway is a developer-focused container platform with per-second billing
  • Fast provisioning times and automatic HTTPS
  • Free tier available (requires credit card for verification)
  • Uses Railway CLI for deployment and shell access
  • Install CLI: npm install -g @railway/cli or curl -fsSL https://railway.app/install.sh | sh