[AAASM-4153] 🔒 (runtime): Replace claimable .io install host with canonical agent-assembly.com#236
Conversation
…assembly.com The missing-binary INSTALL_HINT told users to fetch a script from the unregistered (NXDOMAIN, claimable) get.agent-assembly.io and pipe it to a shell — a supply-chain RCE vector. Point at the canonical Cloudflare host https://agent-assembly.com/install.sh, byte-matching python-sdk's hint. Completes AAASM-4122 for node-sdk. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01R7vqjjo5nrebYNt8WnCNbz
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
Claude Code review — APPROVE-READY (comment only, no formal approval)Verdict: Approve-ready. Correct, minimal fix for the HIGH-severity supply-chain RCE vector. No blocking findings. 1. CI
2. Scope vs ticket (AAASM-4153)Matches the ticket exactly. 3. Side effectsString-only change to a printed install hint — no code path altered. 4. FEN/A. Local validation (worktree, this branch)
— Claude Code |



Target
Task summary:
Fix a HIGH-severity supply-chain RCE vector in the runtime install hint.
Task tickets:
Effecting Scope
INSTALL_HINTinsrc/runtime.ts)Description
What changed
INSTALL_HINTinsrc/runtime.tsprinted a curl-to-shell command fetching an install script fromget.agent-assembly.io. That host resolves NXDOMAIN (DNS-verified this sweep) — the.ioapex is unregistered and therefore claimable by any third party. Since the hint pipes the fetched script straight into a shell with no checksum/signature, whoever registersagent-assembly.iogains arbitrary code execution on every developer/CI that hits the missing-binary hint. This message is printed on a common first-run path (binary not found → thrownError).The line now points at the canonical Cloudflare-hosted
https://agent-assembly.com/install.sh, byte-matching python-sdk'sruntime.pyhint.brew install ai-agent-assembly/tap/aasmremains the preferred checksum-verified path in the same hint.As-is → To-be
curl -fsSL https://get.agent-assembly.io | shcurl -fsSL https://agent-assembly.com/install.sh | shHow to verify
grep -rn 'agent-assembly.io' srcreturns nothing;pnpm typecheck && pnpm lint && pnpm testall green (359 passed / 2 skipped).Recommendation
The org should defensively register
agent-assembly.io(and theget.subdomain) so the vector cannot be re-introduced from any other surface.Closes AAASM-4153.