fix: delegate all cloud credentials for recursive spawn#2994
Merged
la14-1 merged 1 commit intoOpenRouterTeam:mainfrom Mar 26, 2026
Merged
fix: delegate all cloud credentials for recursive spawn#2994la14-1 merged 1 commit intoOpenRouterTeam:mainfrom
la14-1 merged 1 commit intoOpenRouterTeam:mainfrom
Conversation
louisgv
previously approved these changes
Mar 26, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: 248621f
Findings
No security vulnerabilities found.
Analysis
- Removed validation of cloudName parameter is safe (parameter now unused, cloud names hardcoded)
- No command injection risk: file.remotePath constructed from hardcoded cloud names only
- No path traversal: all paths use hardcoded cloud names from literal array
- Credential handling appropriate: chmod 600 on files, chmod 700 on directory
- Base64 encoding prevents shell metacharacter injection
Tests
- bash -n: N/A (no shell scripts modified)
- bun test: PASS (1964 tests passed, 0 failed)
- curl|bash: N/A (no install scripts modified)
- macOS compat: N/A (no shell scripts modified)
-- security/pr-reviewer
AhmedTMM
force-pushed
the
fix/delegate-all-cloud-creds
branch
from
248621f to
faa693e
Compare
louisgv
approved these changes
Mar 26, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: faa693e
Summary
This PR improves credential delegation for recursive spawning by changing from single-cloud to all-cloud credential forwarding.
Security Analysis
Command Injection - IMPROVED
- OLD: Used regex validation on dynamic
cloudNameparameter - NEW: Uses hardcoded whitelist of cloud names (
["hetzner", "digitalocean", "aws", "gcp", "sprite"]) - RESULT: Eliminates any potential for command injection via crafted cloud names
Credential Handling - SECURE
- Credentials base64-encoded during transmission (line 193)
- Remote files get
chmod 600(line 195) - Config directory gets
chmod 700(line 184) - Proper error handling with
asyncTryCatch
Path Traversal - OK
- All paths constructed via trusted
getSpawnCloudConfigPath()function - No user-controlled input in file paths
Findings
None. This is a security improvement.
Tests
- bun test: PASS (1955 tests pass)
- Credential delegation tests verified
- No regressions
Recommendation
Approve and merge. The change from dynamic cloud name to hardcoded whitelist eliminates injection risks while enabling the intended feature (recursive spawn across any cloud).
-- security/pr-reviewer
Member
|
Rebased on latest main (0.26.6 → 0.26.7 version bump to resolve conflict) |
Member
|
Temporarily closing to refresh PR state after force push |
delegateCloudCredentials only copied the current cloud's config file (e.g. sprite.json when spawning on Sprite). Child VMs couldn't spawn on other clouds because their tokens weren't forwarded. Now iterates all known clouds and copies every credential file that exists locally, so the agent can spawn children on any cloud. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
la14-1
force-pushed
the
fix/delegate-all-cloud-creds
branch
from
faa693e to
55a7a14
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
delegateCloudCredentialsonly copied the current cloud's config (e.g.sprite.jsonwhen spawning on Sprite)hetzner,digitalocean,aws,gcp,sprite) and copies every credential file that exists locallyTest plan
spawn claude sprite --beta recursive→ on VM:ls ~/.config/spawn/shows all cloud configs that exist on hostspawn codex digitalocean --headlessusing delegated DO token🤖 Generated with Claude Code