vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-29 20:39:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
spawn/github-codespaces
History
A f39ffd6e24
fix: Prevent shell/Python injection in Codespaces, Render, and FluidStack (#252) 
GitHub Codespaces scripts embedded API keys directly into heredocs sent
over SSH, allowing single-quote breakout for command injection. Fixed by
adding upload_file/run_server/inject_env_vars helpers to Codespaces lib
and using safe temp-file-upload pattern (matching Railway/Render).

Render claude.sh and openclaw.sh built JSON config via unescaped heredocs.
Fixed by using shared setup_claude_code_config/setup_openclaw_config
helpers which properly json_escape values.

FluidStack had triple-quote injection in SSH key registration (pub_key
embedded in Python triple-quotes) and missing single-quote validation in
create_server env var checks. Fixed by reading values via stdin/argv
instead of string interpolation, and added single-quote to validation.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-10 14:14:41 -08:00
..
lib fix: Prevent shell/Python injection in Codespaces, Render, and FluidStack (#252) 2026-02-10 14:14:41 -08:00
aider.sh fix: Prevent shell/Python injection in Codespaces, Render, and FluidStack (#252) 2026-02-10 14:14:41 -08:00
claude.sh fix: Prevent shell/Python injection in Codespaces, Render, and FluidStack (#252) 2026-02-10 14:14:41 -08:00
gptme.sh fix: Prevent shell/Python injection in Codespaces, Render, and FluidStack (#252) 2026-02-10 14:14:41 -08:00
README.md feat: Add GitHub Codespaces cloud provider with claude, aider, gptme (#248) 2026-02-10 12:58:33 -08:00

README.md

GitHub Codespaces

GitHub Codespaces development environments via gh CLI. GitHub Codespaces

Agents

Claude Code

bash <(curl -fsSL https://openrouter.ai/lab/spawn/github-codespaces/claude.sh)

Aider

bash <(curl -fsSL https://openrouter.ai/lab/spawn/github-codespaces/aider.sh)

gptme

bash <(curl -fsSL https://openrouter.ai/lab/spawn/github-codespaces/gptme.sh)

Non-Interactive Mode

GITHUB_REPO=OpenRouterTeam/spawn \
OPENROUTER_API_KEY=sk-or-v1-xxxxx \
  bash <(curl -fsSL https://openrouter.ai/lab/spawn/github-codespaces/claude.sh)

Environment Variables

Variable Description Default
GITHUB_REPO Repository for codespace OpenRouterTeam/spawn
CODESPACE_MACHINE Machine type basicLinux32gb
CODESPACE_IDLE_TIMEOUT Idle timeout 30m
OPENROUTER_API_KEY OpenRouter API key (OAuth or prompted)

Pricing

GitHub Codespaces uses pay-as-you-go pricing:

  • Compute: Starting at $0.18/hr for basicLinux32gb (2 core, 4GB RAM)
  • Storage: $0.07/GB per month
  • Free tier: Available for personal accounts (limited hours/month)

See GitHub Codespaces pricing for details.

Prerequisites

  • GitHub CLI (gh) installed and authenticated
  • Active GitHub account
  • Repository access (default: OpenRouterTeam/spawn)

Machine Types

Machine Cores RAM Price/hr
basicLinux32gb 2 4GB $0.18
standardLinux32gb 4 8GB $0.36
premiumLinux 8 16GB $0.72
largePremiumLinux 16 32GB $1.44

Set via CODESPACE_MACHINE environment variable.