Skip to content

[AAASM-4153] 🔒 (runtime): Replace claimable .io install host with canonical agent-assembly.com#236

Merged
Chisanan232 merged 1 commit into
masterfrom
v0.0.1/AAASM-4153/canonical_install_host
Jul 5, 2026
Merged

[AAASM-4153] 🔒 (runtime): Replace claimable .io install host with canonical agent-assembly.com#236
Chisanan232 merged 1 commit into
masterfrom
v0.0.1/AAASM-4153/canonical_install_host

Conversation

@Chisanan232

Copy link
Copy Markdown
Contributor

Target

  • Task summary:

    Fix a HIGH-severity supply-chain RCE vector in the runtime install hint.

  • Task tickets:

    • Task ID: AAASM-4153
    • Relative task IDs:
      • Completes AAASM-4122 for node-sdk (4122 fixed python-sdk + examples but missed node + go).

Effecting Scope

  • Action Types:
    • 🔧 Fixing bug
    • 🍀 Improving something (security)
  • Scopes:
    • 🧩 SDK public API (INSTALL_HINT in src/runtime.ts)

Description

What changed

INSTALL_HINT in src/runtime.ts printed a curl-to-shell command fetching an install script from get.agent-assembly.io. That host resolves NXDOMAIN (DNS-verified this sweep) — the .io apex is unregistered and therefore claimable by any third party. Since the hint pipes the fetched script straight into a shell with no checksum/signature, whoever registers agent-assembly.io gains arbitrary code execution on every developer/CI that hits the missing-binary hint. This message is printed on a common first-run path (binary not found → thrown Error).

The line now points at the canonical Cloudflare-hosted https://agent-assembly.com/install.sh, byte-matching python-sdk's runtime.py hint. brew install ai-agent-assembly/tap/aasm remains the preferred checksum-verified path in the same hint.

As-is → To-be

  • as-is: curl -fsSL https://get.agent-assembly.io | sh
  • to-be: curl -fsSL https://agent-assembly.com/install.sh | sh

How to verify

grep -rn 'agent-assembly.io' src returns nothing; pnpm typecheck && pnpm lint && pnpm test all green (359 passed / 2 skipped).

Recommendation

The org should defensively register agent-assembly.io (and the get. subdomain) so the vector cannot be re-introduced from any other surface.

Closes AAASM-4153.

…assembly.com

The missing-binary INSTALL_HINT told users to fetch a script from the
unregistered (NXDOMAIN, claimable) get.agent-assembly.io and pipe it to a
shell — a supply-chain RCE vector. Point at the canonical Cloudflare host
https://agent-assembly.com/install.sh, byte-matching python-sdk's hint.
Completes AAASM-4122 for node-sdk.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
@codecov

codecov Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

@Chisanan232

Copy link
Copy Markdown
Contributor Author

Claude Code review — APPROVE-READY (comment only, no formal approval)

Verdict: Approve-ready. Correct, minimal fix for the HIGH-severity supply-chain RCE vector. No blocking findings.

1. CI

gh pr checks 236: 25 passed / 0 failed. Codecov + SonarCloud quality gate passed. Packaging tests (the known serialize-on-lock flake) passed clean on local re-run — no flake this time.

2. Scope vs ticket (AAASM-4153)

Matches the ticket exactly. INSTALL_HINT in src/runtime.ts was the claimable get.agent-assembly.io fetch-and-shell vector (NXDOMAIN, .io apex unregistered → third-party-claimable → arbitrary code execution on the missing-binary first-run path). Now points at canonical https://agent-assembly.com/install.sh, byte-matching python-sdk runtime.py. brew install ai-agent-assembly/tap/aasm remains the preferred checksum-verified path. No scope creep — single-line string swap.

3. Side effects

String-only change to a printed install hint — no code path altered. grep -rn 'agent-assembly.io' src returns nothing. Replacement URL matches the python canonical form.

4. FE

N/A.

Local validation (worktree, this branch)

  • pnpm typecheck → 0 errors
  • pnpm lint → ESLint: No issues found
  • pnpm test359 passed / 2 skipped (52 files passed, 1 skipped)
  • grep for agent-assembly.io in src → clean

— Claude Code

@Chisanan232 Chisanan232 merged commit 9864876 into master Jul 5, 2026
25 checks passed
@Chisanan232 Chisanan232 deleted the v0.0.1/AAASM-4153/canonical_install_host branch July 5, 2026 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant